Contrib.social

Allow one-time login links created by `drush uli` (or other means) to work when "Allow authentication with local drupal accounts" is unchecked

Open on Drupal.org →
Created on 31 January 2018, over 6 years ago
Updated 18 January 2024, 5 months ago

We want to use the convenience and enforcement of restricting all logins logins to SAML, EXCEPT for when using one-time login links for Drupal user #1 provided by `drush uli`. Limiting drupal user #1's login to only those with access to run `drush uli` against each environment, provides stronger security control and separation of duties. Plus there is no need to share or even ever record user #1's password for a site.

If it doesn't make sense to pair this with the "Allow authentication with local drupal accounts" setting, could another setting be added?

✨ Feature request
Status

Needs work

Version

3.0

Component

Code

Created by

🇺🇸United States timwood Rockville, Maryland

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment about 1 year ago →
    🇸🇮Slovenia nkoporec Slovenia

    Patch re-roll, this is still a temporary solution but it does work. Our use-case is also that we don't want users to access /user/login pages but we still want to login via Drush.

  • Comment 5 months ago →
    🇨🇦Canada robbdavis

    This is still an issue. We want all users landing at /user to be redirected to saml login. But we also want drush uli to work for local environments or test environments where saml is not hooked up.

    The patch in #13 does work and seems fine for us given that we won't enable 'allow default login'. But it it's certainly a hack. It would nice to just have a configuration option to make drush uli work.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024