Is it possible to prevent new WordPress users from being created?

  • mpemburn

    (@mpemburn)


    1 year ago

    We just created a new site whose primary purpose is to provide links to other services via SSO. People in our school log in via ADFS, and Authorizer manages WordPress login via CAS. The problem is that each login creates a WordPress user, and we’d don’t prefer this. Is there a setting that just grants access without creating WP users?

    Thanks!

    Mark Pemburn
    Web Application Administrator
    Clark University

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author pkarjala

    (@pkarjala)

    Authorizer is specifically geared towards allowing third party authentication options for a WordPress user account; in the end it is a layer for logging into WordPress user accounts. If we allow logins to WordPress through the external authentication provided via Authorizer but then there is no user associated with the login after Authorizer verifies the credentials, it creates issues with regards to permissions and access levels because WordPress needs a user account to manage anything beyond a non-logged-in user.

    In the workflow you’ve described, what is the purpose of having Authorizer managing WordPress logins? Do your users need to actually use any service in WordPress, or are you just using Authorizer to verify they should have access to specific content within WordPress (the link page you’ve mentioned)? If you can describe your use case in more detail, it would help us to guide you in the right direction or see if there is a hook in Authorizer that may suit your purposes.

    Thread Starter mpemburn

    (@mpemburn)

    Thanks @pkarjala

    The reason we use Authorizer is to allow anyone with a Clark University email address to log in and link to these services. We also have a proprietary plugin that serves content related to the individual user. The plugin pulls the user name from the cookie, but it would be preferable to get this info from a more reliable source—such as a hook in Authorize. Is there one that could supply the user’s email address?

    Mark

    Plugin Author pkarjala

    (@pkarjala)

    Authorizer will by default synchronize the incoming user’s CAS email address with their account info in WordPress. You can test this on a fresh WordPress install configured with Authorizer.

    This is assuming that you have configured your CAS settings in Authorizer on the External Service tab in the CAS attribute containing email address field, and the CAS users linked by username option is NOT checked.

    So if you have a user that has logged in via Authorizer, their email address should be present in the WordPress user that is created or already present. You can then pull this email address directly from the currently logged in WordPress user through the WP_User object.

    This post may be useful for getting CAS attributes such as email address directly from Authorizer: https://www.ads-software.com/support/topic/cas-login-filter/

    I’m also taking a look through the codebase to verify if we have any hooks for this purpose, though my recollection is that we do not at this time, so it would require some custom changes to the Authorizer plugin.

    Thread Starter mpemburn

    (@mpemburn)

    Thanks, @pkarjal—I’ll check it out!

    Plugin Author pkarjala

    (@pkarjala)

    FYI I did finish a look through the Authorizer codebase and there is not a hook currently for getting this type of information.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is it possible to prevent new WordPress users from being created?’ is closed to new replies.

Tags