Access rules for realms
sanduhrs - September 29, 2008 - 11:00
| Project: | OpenID Provider |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs work |
Jump to:
Description
Add black-, whitelist functionality, e.g. as on ?q=admin/user/rules, or a simple textarea with new line seperated items.
See the specs for REALM [1].
Desired behaviour:
- Allow all, deny all setting
- Add exceptions
- Return error on deny [2]
[1] http://openid.net/specs/openid-authentication-2_0.html#rfc.section.9.2
[2] http://openid.net/specs/openid-authentication-2_0.html#rfc.section.5.2.3
#1
Some work regarding this feature has been done in #396508: Improve user/x/openid_sites, mainly the ability to deny access to sites already visited.
It should be fairly trivial to add to that patch to some discretionary "deny" items. Now the default policy is "ask" (defined in
openid_provider_authentication_responseand_openid_provider_rp_save), maybe that should be made a per user setting?So I guess this feature should focus on the per-user (or system-wide!) policy settings feature.