Registration & Login Now Available #admin

Update, Thursday 1 August 2019:

Logins and new user registration are available only through the Keycloak SSO interface. Clicking a WordPress “login” link will redirect you to the Keycloak interface. New users should find the “register” link beneath the login form. For the time being, a valid email account is required as part of the initial registration and two-factor authentication (via Google Authenticator, Authy, etc.) is required for subsequent logins. As we experiment with adding services, expect those requirements to be reduced.

Previously:

This website is present for information and for a bit of experimentation. Information comes first, of course, and while we were tweaking it a bit, we locked out the ability to register and to login, which in turn blocked the ability to comment and so forth.

Yesterday, I turned on the registration in two ways:

  1. Basic, WordPress-native user registration and subsequent logins are enabled.
  2. Login and registration via a Keycloak single sign on (SSO) package is also enabled.

If you register first with the “Sanctuary IdP” SSO server, the WordPress account will be created from your SSO data. If you register first with WordPress and follow up with the SSO, you’ll be prompted to link the two accounts. At this time, both logins require you to verify your email account. The second login to the SSO account will require you to set-up 2FA TOTP (Google Authenticator or Authy, for example).

In essence, it should give an experience similar to “Sign in with Google / Facebook / Twitter / …”: If you’re good with them (i.e., you’re logged in with them), you’re good with us.

Here is the “experimentation” part, though: Over time, I want that SSO registration to create an internal email account that users can use rather than verifying one of your own. That will be part of rolling out related test services. The WordPress website will consider enrollment in the SSO as sufficient to authenticate you — something less than a “WordPress verified email.”

It’s a start! In the meantime, feel free to create accounts and comment. 🙂

Leave a Reply