ubc-web-services / ubc_saml_auth10
UBC SAML Auth configuration for protected paths
Installs: 925
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Type:drupal-module
Requires
- drupal/simplesamlphp_auth: >=3.3
This package is auto-updated.
Last update: 2024-12-06 00:08:48 UTC
README
For setting protected paths, in Drupal ^9.2 || ^10, PHP 8
Protecting Private File Media
This module can be used in conjunction with other modules to provide protections for private file media types.
- Download r4032login module
- Download private file download permission module
- Navigate to
/admin/people/permissions
and find the setting forBypass Private files download permission
. Check the "Authenticated User" box and hit Save. - Navigate to
/admin/config/system/r4032login/settings
and selectAllow redirect for listed pages
, add in the private file system path the site uses, appended with a*
wildcard. For example:/system/files/media-uploads/files/*
and hit Save. - Navigate to the "Anonymous Behaviour" Tab and change the redirect path to
/saml_login
and hit Save.
This should ensure that private files are not accessible by unauthenticated users, if a private file is accessed via a direct link this will be blocked by the private file download permission module which will cause a 403, the 4032login module will cause this 403 to redirect to a CWL login. Upon successful CWL login the user will be redirected back to the original file they were attempting to access. Upon unsuccessful login the access will be denied. This provides extra protection for private files and allows for the protection of private files as a media type rather than needing to attach them to a node and protect that node.
For reference see https://isc.ubc.ca/admin/config/system/r4032login/settings