atwx / silverstripe-gate-manager
A Silverstripe module to allow you to log into any of your Silverstripe sites from one place.
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Type:silverstripe-vendormodule
pkg:composer/atwx/silverstripe-gate-manager
Requires
- ext-openssl: *
- firebase/php-jwt: ^6.11
- lekoala/silverstripe-cms-actions: ^2.0
- silverstripe/admin: ^3.0
- silverstripe/framework: ^6.0
Requires (Dev)
- phpstan/extension-installer: ^1.3
- phpunit/phpunit: ^11.3
- silverstripe/standards: ^1
- squizlabs/php_codesniffer: ^3.7
README
A Silverstripe CMS module that allows you to manage and log into multiple Silverstripe sites from a central location using secure JWT-based authentication.
Overview
Silverstripe Gate Manager provides a centralized dashboard for managing multiple Silverstripe installations. It generates RSA key pairs for each managed site and creates secure JWT tokens that enable seamless, passwordless login to any of your registered sites.
To log into another Silverstripe site, you should install and configure the Silverstripe Gate Client module on it.
Installation
Install via Composer:
composer require atwx/silverstripe-gate-manager
After installation, run:
vendor/bin/sake dev/build flush=all
Configuration
Manager Site (This Module)
No additional configuration required. The module automatically:
- Generates RSA key pairs for each managed site
- Creates JWT tokens with configurable expiration
- Provides secure login URLs
Optional Configuration
You can customize cryptography settings:
Atwx\SilverGateManager\Services\CryptographyService: # JWT configuration jwt_algorithm: 'RS256' # Supported: RS256, RS384, RS512 jwt_expiration_seconds: 60 # Token validity period
Client Sites
On each site you want to manage, install the SilverGate Client module:
composer require atwx/silverstripe-gate-client
Then configure it with the public key from the manager:
- In the SilverGate Manager admin, navigate to "SilverGate Manager"
- Create or edit a managed site
- Go to the "Help" tab
- Copy the provided YAML configuration
- Add it to your client site's
app/_config/config.yml
Example client configuration:
Atwx\SilverGateClient\Services\TokenService: public_key: | -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... -----END PUBLIC KEY-----
Usage
Adding a Managed Site
- Log into your Silverstripe admin
- Navigate to "SilverGate Manager" in the admin menu
- Click "Add Managed Site"
- Enter the domain name (e.g.,
example.com) - Save - a key pair is automatically generated
- Copy the configuration from the "Help" tab to your client site
Logging Into a Managed Site
From the Admin Interface:
- Navigate to "SilverGate Manager"
- Find the site you want to access
- Click the "Login" button next to the site
From the Edit Form:
- Open the managed site record
- Click the "Login" button in the actions area
The system will redirect you to the client site with a secure JWT token, automatically logging you in.
Regenerating Key Pairs
If a key pair is compromised or needs to be rotated:
- Open the managed site record
- Click "Regenerate Key Pair" in the actions area
- Confirm the action
- Update the public key configuration on the client site
⚠️ Warning: Regenerating a key pair will invalidate the previous keys. Update the client site configuration immediately.
Permissions
The module provides three permission levels:
| Permission | Description | Grants Access To |
|---|---|---|
SILVERGATE_VIEW_SITES |
View managed sites | Read-only access to site list |
SILVERGATE_EDIT_SITES |
Create/Edit sites | Create, edit, delete sites; regenerate keys |
SILVERGATE_LOGIN |
Login to sites | Use login functionality to access managed sites |
Assign permissions in Security > Groups to control user access.