- Adapt the Microgateway configuration to restrict access to the Admin page
- Connect to the website:
- Open the URL in your browser: https://<MINIKUBE_IP>/
- Click Admin in the menu
- The following should be noticed:
- Access is not restricted. The login form from the back-end is displayed.
- Restrict access as follow:
- Only users with the role wp-admin should be allowed to access
/wordpress/wp-admin/
(Admin page).
- Edit Microgateway's configuration file.
Edit the file config/config.yaml
and configure the following settings:
- Configure the following settings:
auth.access[].path
auth.access[].roles
A session store is required to store the roles after authentication. For this exercise, a session store is already pre-configured.
- Re-create the Microgateway resources with the new configuration.
Delete all Microgateway resources:
Create all Microgateway resources:
A running Microgateway does not automatically reload the new configmap. The existing Microgatway pod must be killed. This way a new pod is deployed with the adapted configuration.
- Check the status of the Microgateway pod.
- Connect to the website:
- Open the URL in your browser: https://<MINIKUBE_IP>/
- The following should be noticed:
- Access to the Admin page is restricted to the role wp-admin.
- Access to the Blog page is not restricted.
- Access is restricted to authenticated users as desired.
- Adapt the Microgateway configuration to restrict access to the Blog page
- Connect to the website:
- Open the URL in your browser: https://<MINIKUBE_IP>/
- Click Blog in the menu
- The following should be noticed:
- Access is not restricted.
- Restrict access as follow:
- Users with the role wp-user should be allowed to access everything under
/wordpress/
(except Admin page). - Users with the role wp-user should not be allowed to access
/wordpress/wp-admin/
(Admin page).
- Edit Microgateway's configuration file.
- Configure the following settings:
auth.access[].path
auth.access[].roles
A session store is required to store the roles after authentication. For this exercise, a session store is already pre-configured.
- Re-create the Microgateway resources with the new configuration.
Delete all Microgateway resources:
Create all Microgateway resources:
A running Microgateway does not automatically reload the new configmap. The existing Microgatway pod must be killed. This way a new pod is deployed with the adapted configuration.
- Check the status of the Microgateway pod.
- Connect to the website:
- Open the URL in your browser: https://<MINIKUBE_IP>/
- The following should be noticed:
- Access to the Admin page is restricted to the role wp-admin.
- Access to the Blog page is restricted to the role of wp-user.
- Users with the role wp-user are not allowed to access
/wordpress/wp-admin/
- Access is restricted to authenticated users as desired.