Separate login page for privileged users and developers in developer portal

balakumarm
Participant I

Currently we have these restrictions for privileged users (eg: admins) access,

1. 2FA for login

2. IP restrictions for EVERY admin page.

But in addition, security team is requesting us to separate the login page for privileged users and developers in developer portal

Is it possible to have separate login page for privileged users and normal developers in developer portal?

1. If yes, can you share some references. How this will impact future developer portal apigee upgrade?

2. If no, can you share rationale and recommendations.

@Anil Sagar @ Google

1 4 235
4 REPLIES 4

ElangoD
Participant III

Hi , @Balakumar Manickam Yes possible to create different login page for different users Install Drupal role_login_page module

Goto Drupal root directory

Run Drush command to install module or install manually

a. drush dl role_login_page

b. drush en role_login_page -y

2. Create Different role for privileged users and developers

goto admin/people/permissions/roles create new role based on the requirement

3. Assign users to the respective role created above

goto admin/people add required role to the respective users.

Hint: these role can be also auto assignable based on the mail domain, which users used to login

4. Creating separate login page for different users based on role

goto admin/config/login/role_login_settings/list add New Login Page

5. You can create separate "tpl.php" in custom theme in sites/all/theme/theme-name/templates/ for both page to change the look

Tried this, however this does not exactly solve the whole problem.

This module creates a new login page which we restricted it for admins only, which works perfectly. However, we couldn't find a way the restrict the original login page to authenticated users only (admins not allowed).

We tried creating 2 separate login pages instead and set the roles for each as admins only and authenticated users only, yet admins are still able to login thru the authenticated user link. Even if this could work, it potentially need a lot more customisation work in changing default login routes and could have problems if we use other login modules, like 'bootstrap form modal', ga login, etc, so we didn't test this further when the original purpose wasn't fulfilled.

For security reasons, we want to let admins login using the admin link, and no where else. Is there a way we can restrict the default login to only authenticated users?

@Jin Chan

In order to restrict access only to users, you need to perform custom validation in your module.

Create custom login page for admin login

Custom Validation could be like this:

 function moduleName_custom_validation($form, &$form_state) {
 if(isset($form_state['input']['name of custom admin login form] == 'admin_login') {
	$user = user_load($form_state['uid']);
	
	$checkAccess =  in_array('adminstrator' $user->roles);
	if(checkAccess}{
	 return TRUE'
	 }
	 else{
		form_set_error(t('<error message>');
	 }
 else{
		$user = user_load($form_state['uid']);
			
	$checkAccess =  in_array('<Other Role>' $user->roles);
	if(checkAccess}{
	 return TRUE'
	 }
	 else{
		form_set_error(t('<error message>');
	 }
 }

Can we do this for the current default login form, and allow only logins by specific role only (users)? Or else, how do we replace the default login form with a custom form, and will it break other modules?