Hello,
I'm building a q2a site which will be protected by a security filter that will require users to be authenticated via SAML 2.0/SSO. An unauthenticated user attempting to access the site will be intercepted by the filter, redirected to a login portal and then redirected back to the original site. Attributes sent back from the login portal are extracted and added as keys which can be retrieved with this php
foreach($_SERVER as $key=>$value) {
if(substr($key, 0, 7) == 'MELLON_') {
echo($key . '=' . $value . "\r\n");
}
}
Note: MELLON is just the prefix the security filter adds to attributes passed from the login portal. Some of the attributes I'll get back are name, email, userid etc. Ideally, what I'd like to do is create a user if they don't exist using the attributes or if they do exist go on and log them in. I'm pretty sure I'll be using the qa_create_new_user function. But what other functions would be useful?
My question is what is am I on the right track? What is the best way to implement this (perhaps a plugin but what to override and how) I'd want to disable the login/register links since this would be done automatically in my use case. How can this be done?
I don't believe the out of box q2a SSO solution will work because it seems more focused on user databases than an external authentication provider.