Contrib.social

Deny access to users without mappings from groups.

Open on Drupal.org →
Created on 26 February 2025, 2 months ago

Hi !
I’m migrating from Ldap to Keycloak and I’m trying to find the equivalent of : « Deny access to users without mappings from groups. »
I have a big Keycloak with multiple realms and groups with hundreds user, but only a few dozen should have access.
People without mappings are connected without Drupal role but I would like the connection to be simply refused.

Is this possible with this module? Is it possible to add this functionality?

Feature request
Status

Active

Version

2.2

Component

Miscellaneous

Created by

g.libotte

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @g.libotte
  • Comment 2 months ago
    🇧🇪Belgium BramDriesen Belgium 🇧🇪

    People without mappings are connected without Drupal role but I would like the connection to be simply refused

    I believe that's how it's supposed to work, by design.

    If a user would ever get a group mapped, and they try to login again, their role assignment will get updated. There is no harm I think in having a user account being created without roles. Unless you've configured a lot of permissions to the "authenticated" role which is "elevated" over "anonymous".

    I would assume it's possible to build a event subscriber to the login event to check if a user has groups, and then refuse access there. But I have not build that yet for a project. But maybe it's something you can look into. If it's a setting it could I presume be part of this module.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024