The feature request is quite simple: I would like to be able to login using SSO while maintenance mode is enabled.

I am not really sure of the implementation direction:

Option 1: Default Drupal core login method is always available while maintenance mode is enabled so it looks decent to assume the same for SSO login method. If that is the direction, it is simply about adding the _maintenance_access option to TRUE for samlauth.saml_controller_login, samlauth.saml_controller_logout and samlauth.saml_controller_acs in samlauth.routing.yml. (I added logout to the route list to be consistent with user.routing.yml). I will provide a patch for this option.

Option 2: If we say that it should be an option but not the default behavior, we then need to alter routes if the option is set. I have not worked on making it configurable but the route subscriber would look like:

namespace Drupal\samlauth\Routing;

use Drupal\Core\Routing\RouteSubscriberBase;
use Symfony\Component\Routing\RouteCollection;

/**
 * Listens to the dynamic route events.
 */
class RouteSubscriber extends RouteSubscriberBase {

  /**
   * {@inheritdoc}
   */
  protected function alterRoutes(RouteCollection $collection) {
    $route_names = [
      'samlauth.saml_controller_login',
      'samlauth.saml_controller_acs',
      'samlauth.saml_controller_logout',
    ];

    foreach ($route_names as $route_name) {
      if ($route = $collection->get($route_name)) {
        $route->setOption('_maintenance_access', TRUE);
      }
    }
  }

}

Comments

vbouchet created an issue. See original summary.

vbouchet’s picture

StatusFileSize
new770 bytes

Here is the patch for option 1.

  • roderik committed d81324b on 8.x-3.x authored by vbouchet
    Issue #3125549 by vbouchet: Allow SSO authentication while maintenance...
roderik’s picture

Status: Active » Fixed

Thank you. I agree that this should be standard functionality.

It also doesn't need configuration; IMHO we should do Whatever Core Does by default.

Tested: people who are not allowed to do use the site in maintenance mode, go through the full login process (all events are fired, user_login_finalize() is called), are redirected to the user account page... and... somehow end up on the front page instead, being not logged-in, seeing the Maintenance Mode page. I don't know how that works exactly, but it's the same as the normal login screen.

(I was considering adding a note in the README about needing to take care that your 'user link/sync' event handlers are not doing anything that should not be done in maintenance mode. But... Core also fires all its hooks in this case. Same diff. *shrugs*)

petycomp’s picture

StatusFileSize
new247.98 KB
petycomp’s picture

StatusFileSize
new120.14 KB
roderik’s picture

(So... there was a sudden "drupal.org page editing emergency / UI WTF". So this random issue with few followers I quickly found, is now a dumping ground for images that can be uploaded to drupal.org, to be included in the body of other pages like https://www.drupal.org/cheppers... which are lacking upload facility.

Sorry, vbouchet plus one other follower :) )

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.