This documents the changes made to TU Delft's version of greenlight to allow openID users to be directly authenticated without administrative intervention, while restricting access for non-TU Delft users.
## Enabling restricted access
To enable restricted access, it has to be enabled in the interface. The path to the setting is:
```
Organization -> Site Settings -> Settings -> Registration Method
```
There, in the pull-down menu, `Approve/Decline` has to be selected. No additional saving of the setting is required. In addition, the same configuration can be done in the docker container's .env file, but the configuration in the database takes precedence.
## Changes to greenlight (codebase)
To enable this change, i.e., to exclude TU Delft users from the approval mechanic, the following change was applied to greenlight:
To enable this change, i.e., to exclude TU Delft users from the approval mechanic, the following change was applied to greenlight in the `openid-changes` branch:
@@ -31,3 +24,11 @@ index 0ae2f8da..fe182e13 100644
end
```
This excludes all users authenticating via `openid_connect` (SURFconext) from the pending state.
## Deploy
At the moment, the change in `openid-changes` is merged into `custom-v21002` but has only been deployed to dev.; To execute the change, it must first be deployed to production.
Thereafter, to enable restricted access, it has to be enabled in the administrative interface. The path to the setting is:
```
Organization -> Site Settings -> Settings -> Registration Method
```
There, in the pull-down menu, `Approve/Decline` has to be selected. No additional saving of the setting is required. In addition, the same configuration can be done in the docker container's .env file, but the configuration in the database takes precedence.