Jump to content

Processwire Visitor Authentication


michelangelo
 Share

Recommended Posts

Hello guys,
there are many topics on authentication of the superuser or APIs, but I couldn't find what I need:

Can a visitor of the website be asked to authenticate? Just to see the website, without any permissions or back-end access? Is this possible with SAML?

Link to comment
Share on other sites

Hello @BillH, thank you for your comments and directions! I must have missed it by not searching for the right terms...
I will just describe my thought process so you can tell me if I am correct:

0. Setup Page Protector and SAML Authentication Modules
1. Setup the Page Protector to stop the visitor from accessing any content

2. Redirect the user to an IDP where they will log in
3. ProcessWire recognises that and it opens the website...

Link to comment
Share on other sites

I've never used the SAML module (or SAML), and I don't know exactly what you're trying to achieve (the level of security you need and so on), so I can't say whether your proposed method is suitable.

However, do you really need to use SAML for some reason? If not, it's likely that it will be easier if you use PW's user authentication. It's not difficult to work with and is properly secure.

 

Link to comment
Share on other sites

The Page Protector module makes setting up access to front-end pages easy, and it allows editors (rather than developers) to control access to particular pages – although my guess is this is a feature you won't need.

However, the module is not necessary for controlling access, and preventing access to pages for users who aren't logged in is quite straightforward without it (see the links in the post I suggested earlier).

I don't know if there'd be any issues integrating the module with SAML.

So, it'd be worth considering whether your project would be easier either using or not using Page Protector.

 

 

Link to comment
Share on other sites

  • 3 weeks later...

I managed to set up the SAML module until a certain point and now I get an error from the IDP:

AADSTS750161: Allowed SAML authentication request's NameIDPolicy formats are: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified,urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

Just wondering if anybody has a tip of how to fix it? I am not sure in the module settings where I can change these formats...

EDIT: It was an actual attribute in settings.php... I just missed it...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...