Jump to content
Jennifer Stock

authenticating PW pages with pubcookie

Recommended Posts

Greetings. I would like to restrict access to certain sections of my organization's ProcessWire site using pubcookie. We are rolling out Shibboleth authentication later this year but for now, it seems I can only make use of our institution's single sign-on routine by utilizing rules in an .htaccess file. 

I am wondering if there is a way to ask PW to apply these rules to certain pages in the site, whether via template type or location in the page tree:

AuthType UWNetID
PubcookieAppID "MyApplication"
require type staff faculty

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Spiria
      I am writing here instead of the ProCache forum because I have the impression that several nginx experts could solve this. In its new version, Procache proposes new .htaccess rules that are difficult to translate into nginx rules. We currently have a problem with the trailing slash of URLs which gives us a bad score in SEO analysis tools such as semrush.com. 
      Indeed, a canonical URL is either without or with "/", but cannot be served by both options. Although ProcessWire without ProCache respects this rule, ProCache has no difficulty serving both, which is considered an SEO optimisation fault. I believe that ProCache version 2 solves this problem with these new rules, but I can't understand the following. Does anyone have any idea how to translate this into a nginx rule?
      Attached also the whole proposed .htaccess for ProcessWire.
      # PROCACHE v2/31885be14d6cfb4b2b0d3e533260bded -------------------------------------------------- RewriteCond %{REQUEST_METHOD} !=POST RewriteCond %{QUERY_STRING} !.*=.* RewriteRule ^.*/$ - [E=pwpcstep:pour,E=pwpcname:index] RewriteCond %{ENV:pwpcstep} "=pour" RewriteCond %{HTTP_COOKIE} !^.*(wire_challenge|wires_challenge).*$ RewriteRule ^.*/$ - [E=pwpcstep:stir,E=pwpcpath:%{DOCUMENT_ROOT}/site/assets/ProCache-00478359c5e65dbada1075bfbd4] RewriteCond %{ENV:pwpcstep} "=stir" RewriteCond %{ENV:pwpcpath}/$0/%{ENV:pwpcname}.html -f RewriteRule ^.*$ - [E=pwpcstep:drink,E=pwpcfile:$0/%{ENV:pwpcname}.html] RewriteCond %{ENV:pwpcstep} "=drink" RewriteRule ^(.*) %{ENV:pwpcpath}/%{ENV:pwpcfile} [L] <ifModule mod_headers.c> Header set X-PWPC "ProCache" env=pwpcstep Header set X-Powered-By "ProcessWire CMS, ProCache" env=pwpcstep </ifModule> RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$" # /PROCACHE -------------------------------------------------------------------------------------  
      .htaccess-procache
    • By nuel
      Dear PW Community
      Let me shout out my question here, I really don't know where to start and hope someone can give me a hint or tell me to resign and go home and cry.
      I want to create a subpage that is only accessible to people with unique access codes. It's gonna be an online concert streaming page (thanks Corona!). People who buy tickets through a local ticketing service should be able to access and stream the show with their individual access code. These codes should work only for this person and show. If someone in the «audience» closes and reopens the page, they should get in again, but not their friends who were given the code of course, basically just like in a club with a ticket and a stamp on the wrist.
      Now, is there a possibility to achieve that with more or less basic Processwire skills? In my imagination I have a field where I list the given access codes, another two to add start and ending date/time of the show, maybe one for a unique ID/title of the show.
      Is there an existing module for something like that? Should I get into the module development field and create that? How?? Haha. Any comments are welcome here.
      Thanks,
      Nuél
       
    • By theoretic
      Hi guys and ladies! And thanks for Processwire!
      It appears i've got an interesting issue concerning the template-settings-based PW redirects dealing with access control. Any PW template has some access control options i.e. "Login redirect URL or page ID to render". If this option is used for a page having a template with this option filled, a redirect will occur if user is not logged in and/or has insufficient access rights.
      I like to hook PW events. In one of my current projects i decided to write an addHookBefore('Session::redirect', ...) which should store the page we are being redirected from. With "regular" redirects like $session->redirect('/somewhere/') this hook works like a charm. But it was strange to see that it doesn't work with the template-settings-based redirect.
      I'm too dumb to dive deep inside PW and to examine the whole PW session mechanism. But it could be rather logical if ANY redirect ( no matter template-settings-based or using $session->redirect() ) could be hooked in the same manner.
      Okay okay i can forget about template-settings-based redirect and write my own. Just a couple of lines of code, and it works. But it's less elegant than hooking the template-settings-based redirects.
      So am i missing something? It this behavior a bug, or is it intended by PW team? Thanks in advance for any comment!
    • By Peter Knight
      Can anyone tell me which .htaccess directive might be blocking a site import feature from scanning my public_html folder and listing all files and folders.
      These would be both PW files/folders but also some non PW folders which my PW site references for media.
      Latest .htaccess file on Github
      I can see various options from Section 15 onwards (# 15. Access Restrictions (v301)) but nothing that would block both SSH and FTP scans my VPS site import file uses.
      When I point the same site import tool at a non PW site on the same directory it works.
      I could disable htaccess temporarily but it's a busy and active site.
      Thanks
      P

       
       
    • By daniel_puehringer
      Hi Community,

      Sadly I cannot intall ProcessWire on my webserver (Hosted at https://www.world4you.com/de/startseite.html, a small hosting provider in Austria)
      Here is the Problem: 
      1. I downloaded the current masterbranch as a .zip file (After a few tries I also downloaded the code via the git clone command, that led to the same error), unzipped it and transferred it to my server. Since there is already a wordpress site installed on the root directory, I transferred the processwire files into /relaunch and created a subdomain.
      2. I tried to install the language starter kit. As soon as I navigate to that folder Screenshot1 (see attached file 'processWireBug1') is shown. Everything looks nice, except the red text referring to the 'mod_rewrite' rule. The webserver provides the 'apache mod_rewrite' rule.
      3. As soon as I want to press 'Check again' or 'Continue to next step' an error Page with 500 error (see Screenshot 'processWireBug2') occurs.
      4. You can find my .htaccess file attached to this post..htaccess

      How could I solve this issue?

      Some additional information:
      1) the webserver provides the apache mod_rewrite (I checked that several times) and has php version 7.3. installed.
      2) since there is a wordpress site installed on the root directory, there is also a .htaccess file on the root directory. Could this .htaccess file have an impact on the .htaccess file for my processwire website?

      Thanks for your help and greetings from Austria,
      Daniel


×
×
  • Create New...