Score:0

Oauth/Saml for particular pages

pl flag

I see several modules that allow oauth2/oicd/saml login to the Drupal website (my id provider allows any of the above). I am looking for different setup, I would like to configure the site so that only specific routes are protected by the oauth2/oicd/saml, not using it for general authentication, but specific paths and routes. How can I set this up in Drupal 9? Is there a module that supports this functionality?

Desired Scenario Faculty member wants to access a particular form on the website, they go to /secure/webformXYZ and are directed to authenticate with the campus security system and then returned to the page, NO ACCOUNT IS CREATED FOR THE PERSON, but they have access to that page because the returned attributes indicate that are a faculty member (and optionally, the values returned from the authentication are used to prefill the form). People who access anywhere else on the site are not encumbered by needing to login, nor is our system crowded with unneeded accounts from the faculty who did access one of those many forms.

id flag
I’ve thought about this since you posted it. We use SAML 2 extensively and a Drupal site can actually authenticate against its internal database concurrently. So, are you asking if you can restrict some content to people who authenticated with federated login, or, do you want to authenticate people to a certain system based on the initial content they are trying to access? Or both?
pl flag
Thank you for your response, see my updated question for more info.
Score:0
pl flag

For anyone facing a similar situation, I was unable to find a way to make this work without writing a custom module, I was however able to use Apache's mod_auth_openidc to secure the paths in question.

Score:0
id flag

Use the SimpleSAMLphp Auth module. In its settings select "Allow authentication with local Drupal accounts" and in the "Automatic role population from simpleSAMLphp attributes" configuration use any of the attributes sent by the identity provider to assign a role or roles to the authenticated users.

Now that the users have distinguishing roles use a role-based access control on the content, like Content Access.

pl flag
See updated question, we don't want to have these people get access to the entire website, nor to have accounts created for them, we just want them verified before they access particular forms and/or pages.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.