Jump to content
michelangelo

Processwire Visitor Authentication

Recommended Posts

Hello guys,
there are many topics on authentication of the superuser or APIs, but I couldn't find what I need:

Can a visitor of the website be asked to authenticate? Just to see the website, without any permissions or back-end access? Is this possible with SAML?

Share this post


Link to post
Share on other sites

You'll find nearly the same question (if I understand you correctly) and useful answers to get you started (I've just added one!) here:

For SAML, you might want to start with this module: https://processwire.com/modules/saml-auth/. And there's a post about it:

 

  • Like 1

Share this post


Link to post
Share on other sites

Hello @BillH, thank you for your comments and directions! I must have missed it by not searching for the right terms...
I will just describe my thought process so you can tell me if I am correct:

0. Setup Page Protector and SAML Authentication Modules
1. Setup the Page Protector to stop the visitor from accessing any content

2. Redirect the user to an IDP where they will log in
3. ProcessWire recognises that and it opens the website...

Share this post


Link to post
Share on other sites

I've never used the SAML module (or SAML), and I don't know exactly what you're trying to achieve (the level of security you need and so on), so I can't say whether your proposed method is suitable.

However, do you really need to use SAML for some reason? If not, it's likely that it will be easier if you use PW's user authentication. It's not difficult to work with and is properly secure.

 

Share this post


Link to post
Share on other sites

I am building a project where students will be able to access a website only if they authenticate with their student accounts. That's why we opted for this option.

Share this post


Link to post
Share on other sites

The Page Protector module makes setting up access to front-end pages easy, and it allows editors (rather than developers) to control access to particular pages – although my guess is this is a feature you won't need.

However, the module is not necessary for controlling access, and preventing access to pages for users who aren't logged in is quite straightforward without it (see the links in the post I suggested earlier).

I don't know if there'd be any issues integrating the module with SAML.

So, it'd be worth considering whether your project would be easier either using or not using Page Protector.

 

 

Share this post


Link to post
Share on other sites

I managed to set up the SAML module until a certain point and now I get an error from the IDP:

AADSTS750161: Allowed SAML authentication request's NameIDPolicy formats are: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress,urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified,urn:oasis:names:tc:SAML:2.0:nameid-format:persistent,urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

Just wondering if anybody has a tip of how to fix it? I am not sure in the module settings where I can change these formats...

EDIT: It was an actual attribute in settings.php... I just missed it...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...