Closed jwtue closed 4 months ago
cdaecke
commented
4 months ago Hi,
thanks for your input.
From my point of view this is not necessary, since you can configure the ADFS server, which users can access the SSO config there.
Since you need to have two configurations in the ADFS server, one for the backend login and one for the frontend login, you can configure different users there.
Does this answer your question?
jwtue
commented
4 months ago Yes, you are right, this can be solved on the authentication server side. I'm not using ADFS, but my authentication server (SimpleSAMLphp) supports this as well.
My initial thought was that the authentication server was only supposed to supply the user's identity, and access control should be handled within Typo3. I see now that it doesn't have to be this way necessarily.
Hi, great work so far.
I was wondering if you could add a feature to filter users when authenticating, especially for backend.
Like, only users having a certain group in their SSO-provided group list may login into backend.
(In my use case, all users should be able to log into frontent, but only some are allowed into backend.)
Thank you!