michelangelo Posted January 26, 2021 Posted January 26, 2021 Hello guys, there are many topics on authentication of the superuser or APIs, but I couldn't find what I need: Can a visitor of the website be asked to authenticate? Just to see the website, without any permissions or back-end access? Is this possible with SAML?
BillH Posted January 26, 2021 Posted January 26, 2021 You'll find nearly the same question (if I understand you correctly) and useful answers to get you started (I've just added one!) here: For SAML, you might want to start with this module: https://processwire.com/modules/saml-auth/. And there's a post about it: 1
michelangelo Posted January 26, 2021 Author Posted January 26, 2021 Hello @BillH, thank you for your comments and directions! I must have missed it by not searching for the right terms... I will just describe my thought process so you can tell me if I am correct: 0. Setup Page Protector and SAML Authentication Modules 1. Setup the Page Protector to stop the visitor from accessing any content 2. Redirect the user to an IDP where they will log in 3. ProcessWire recognises that and it opens the website...
BillH Posted January 26, 2021 Posted January 26, 2021 I've never used the SAML module (or SAML), and I don't know exactly what you're trying to achieve (the level of security you need and so on), so I can't say whether your proposed method is suitable. However, do you really need to use SAML for some reason? If not, it's likely that it will be easier if you use PW's user authentication. It's not difficult to work with and is properly secure.
michelangelo Posted January 26, 2021 Author Posted January 26, 2021 I am building a project where students will be able to access a website only if they authenticate with their student accounts. That's why we opted for this option.
BillH Posted January 26, 2021 Posted January 26, 2021 The Page Protector module makes setting up access to front-end pages easy, and it allows editors (rather than developers) to control access to particular pages – although my guess is this is a feature you won't need. However, the module is not necessary for controlling access, and preventing access to pages for users who aren't logged in is quite straightforward without it (see the links in the post I suggested earlier). I don't know if there'd be any issues integrating the module with SAML. So, it'd be worth considering whether your project would be easier either using or not using Page Protector.
michelangelo Posted February 12, 2021 Author Posted February 12, 2021 I managed to set up the SAML module until a certain point and now I get an error from the IDP: AADSTS750161: Allowed SAML authentication request's NameIDPolicy formats are: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified,urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,urn:oasis:names:tc:SAML:2.0:nameid-format:transient. Just wondering if anybody has a tip of how to fix it? I am not sure in the module settings where I can change these formats... EDIT: It was an actual attribute in settings.php... I just missed it...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now