SSO / autologin.
Movim is SSO ready upstream thanks to edhelas.
However it's not easy because Movim has private and public pages.
SSO enables auto-login and protection but we need to allow full access to everyone to the public content.
Method 1 : block everything, whitelist elements
Default behavior is to protect everything. If the visitor is not logged, SSO will redirect him/her to Yunohost portal. If he/she is logged, SSO will inject the credentials in Movim login page.
Blogs are accessible with url /movim/?blog/ so we have to add a regexp to allow "blog". We also want to allow static content as .jpg, .css, .js...
skipped_regex: blog,.css,.js,.png,.jpg,.woff,.ttf
It's not perfect because what if someone wants to post a .doc file ? I cannot add everything in the whitelist.
Methode 2 : Allow auto-login but don't block
I think this is better. If the visitor is logged, SSO will inject its credentials in Movim. If he/she is not logged, SSO wont block and will allow access, so public content can be displayed.
unprotected_uris: /
The visitor is able to enter its credential in the Movim login page, so we need to declare xmpp domains in Movim whitelist to deny access to external visitors.
src386
commented
8 years ago
Enchancement
SSO / autologin. Movim is SSO ready upstream thanks to edhelas. However it's not easy because Movim has private and public pages. SSO enables auto-login and protection but we need to allow full access to everyone to the public content.
Method 1 : block everything, whitelist elements
Default behavior is to protect everything. If the visitor is not logged, SSO will redirect him/her to Yunohost portal. If he/she is logged, SSO will inject the credentials in Movim login page.
Blogs are accessible with url /movim/?blog/ so we have to add a regexp to allow "blog". We also want to allow static content as .jpg, .css, .js...
It's not perfect because what if someone wants to post a .doc file ? I cannot add everything in the whitelist.
Methode 2 : Allow auto-login but don't block
I think this is better. If the visitor is logged, SSO will inject its credentials in Movim. If he/she is not logged, SSO wont block and will allow access, so public content can be displayed.
The visitor is able to enter its credential in the Movim login page, so we need to declare xmpp domains in Movim whitelist to deny access to external visitors.