I have enabled Keycloak authentication in a website built with Drupal. As soon as I launch the website I want to redirect to Keycloak's login page if the user is not signed in.
Is there any way to achieve this as soon as I open the website
I tried making the default front page of Drupal website as localhost:8080 (which is where Keycloak's login page is present) but was unable to do it.
If you are experienced with writing custom modules, you can write your own implementation of event subscriber. Here is a good example of it:
https://drupal.stackexchange.com/a/223109/5644
If not, then I recommend the module https://www.drupal.org/project/redirect - I am not 100 per cent sure if it lets you to specify redirect only for anonymous but it is definitely worth trying.
I am assuming that the integration with the Keycloak service is working and out of scope of this question.
Related
I seem to be only able to access the wordpress json api when I am logged in in wordpress (no matter which endpoint, even on GET mypage.com/wp-json/). When I remove all cookies or logout and call the endpoint I get redirected to the login-screen.
Is this the desired behavior when I do not use nonces?
This happens on our staging environment, on our live-page everything works, I get results from the JSON API even if I am not logged in.
We created the staging site with the plugin from https://wp-staging.com/
So maybe there is a setting missing which has not been copied over? Or can I turn off checking for authentication / nonces on the API somewhere in the wordpress settings?
It turns out that the WP Staging Plugin has an option to limit access to the staging page which is set to "Administrators" by default. Turned it to "Allow access from all" and now it works.
On a WP website that I was asked to work on - it took me a lot of hours on debugging my own code (initially), then to start investigating the theme and finally deeper in other plugins and wp-core...
After all that, I found that the plugin members has functionality to restrict the rest_api access only to logged-in users.
There is a setting for this in the settings page of the plugin.
REST API -> Require authentication for access to the REST API.
So, I am posting this here, in case it could help someone else to avoid the same headache I encountered with this.
I’m getting a very strange error. When I try to log in to the back-end of WordPress at the address mysite.com/wp-admin, to access the back-end, I am automatically being redirected to mysite.com/login.php... as if I were trying to log into an account as a regular user or a customer.
I’m a novice with WordPress, and I can’t seem to figure this out. Please help.
I have a website which allows some of the users to post available jobs around the block and others apply through it.
Thank You
I'm not using any plugin to implement the front-end at all.
I tried to login using the regular admin credentials and it didn't work.
A way to login the back-end so i can customize the site
It sounds like you have a theme redirect. Try logging into your site using the login page it should function the exact same way. If not try seeing if the theme has any documentation about its redirect. and if you are able to get to the admin section i personally like having ithemes installed which lets me set my own url for the backend. You can also try /wp-login.php as well.
I've set up af headless WP with a ReactJS frontend. My idea is to use the WP backend to store and manage content that users create. I want people to be able to sign up and login to my site, and create their own content. But my problem is, that I need a guide/tutorial how to do is. Should I use the JWT authentication plugin and how do I create users (does not have to be WP users)?
Any ideas?
Thanks Kasper
First you must create WordPress users as the WordPress code checks the capabilities of the current user to allow write access to its data. WordPress supports a REST API that allows front end JavaScript to access its data. It by default uses cookie authentication to control access. However, there are actions/filters so you can implement your own authentication. If you use the default cookie authentication then you can use the WordPress login facilities to handle authentication. The supported JavaScript client is a Backbone client. I don't know if that will work well with ReactJS (I don't know ReactJS) so you may need to some work with the front-end client side.
Incidentally, the WordPress Calypso project uses a ReactJS frontend to access the WordPress backend. I don't know this project so I don't have an opinion. My feeling is that WordPress decided on Backbone before ReactJS became well known but ReactJS is actually much better so they have the Calypso project. You can read that code to get ideas.
I am currently building a mobile app that will use an existing vBulletin install as a login system. I've run into an issue where if a user is already signed on somewhere else, they cannot sign back on using the application. On the vBulletin site, if this happens, you are presented with a "Force Logout" button that will end all existing login sessions and allow you to login again.
Is there a way to implement such a feature use just the API? I cannot query the database, unfortunately, and my only means of accessing the vBulletin system is through api.php methods. The vBulletin API documentation is woefully incomplete, so I am hoping someone else would have an answer for this.
If it helps at all, I am using Flex and AS3 to build the application and have successful login and logout, but the logout only works if you pass an appropriate sessionHash to the API.
This was an issue with our specific vBulletin config. We had to write a custom script that would allow us to access the forcelogout.php page/script and force a logout.
I want 'only' my Login page to be SSL enabled. When the user logsin using https://mysite.login.aspx, after the login the user should be taken to an http://mysite.default.aspx
Please tell me step by step how to do it.
Here's a Step by Step Guide for you!
Try out this guide for Self-Signed SLL Certs. Using IIS 7
In addition to the advice from Filip, you may also be interested in a free http module that will allow you to require that certain pages or folders be secure. So if the user tries to access your login page without SSL they will be automatically redirected to the secure version. The module is easy to configure which might come in handy if you find that other pages should require security as well.
See the details and download the source/binary at CodeProject