Jump to content

Recommended Posts

Posted

Hello guys,
there are many topics on authentication of the superuser or APIs, but I couldn't find what I need:

Can a visitor of the website be asked to authenticate? Just to see the website, without any permissions or back-end access? Is this possible with SAML?

Posted

Hello @BillH, thank you for your comments and directions! I must have missed it by not searching for the right terms...
I will just describe my thought process so you can tell me if I am correct:

0. Setup Page Protector and SAML Authentication Modules
1. Setup the Page Protector to stop the visitor from accessing any content

2. Redirect the user to an IDP where they will log in
3. ProcessWire recognises that and it opens the website...

Posted

I've never used the SAML module (or SAML), and I don't know exactly what you're trying to achieve (the level of security you need and so on), so I can't say whether your proposed method is suitable.

However, do you really need to use SAML for some reason? If not, it's likely that it will be easier if you use PW's user authentication. It's not difficult to work with and is properly secure.

 

Posted

I am building a project where students will be able to access a website only if they authenticate with their student accounts. That's why we opted for this option.

Posted

The Page Protector module makes setting up access to front-end pages easy, and it allows editors (rather than developers) to control access to particular pages – although my guess is this is a feature you won't need.

However, the module is not necessary for controlling access, and preventing access to pages for users who aren't logged in is quite straightforward without it (see the links in the post I suggested earlier).

I don't know if there'd be any issues integrating the module with SAML.

So, it'd be worth considering whether your project would be easier either using or not using Page Protector.

 

 

  • 3 weeks later...
Posted

I managed to set up the SAML module until a certain point and now I get an error from the IDP:

AADSTS750161: Allowed SAML authentication request's NameIDPolicy formats are: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified,urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

Just wondering if anybody has a tip of how to fix it? I am not sure in the module settings where I can change these formats...

EDIT: It was an actual attribute in settings.php... I just missed it...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...