Hi,
I have a mediawiki installation configured with SimpleSamlPhp and Pluggable Auth, allowing users with ad accounts to log in.
In the pluggable Auth there's also a group mapping, making users in a specific group admins in the mediawiki.
The wiki itself is open to read, but not to edit. Now I'm wondering if there's a way to deny login for users that are not in the AD groups for admin/edit access, to not have unnecessary logins from users, that doesn't change anything from just viewing without login.
Is this possible? Basically have "require X group from AD" to createaccount? Or does this only work with workarrounds where you strip any rights from normal users except for read and you have to live with them being able to log in? Or would this have to be done on ADFS side?
Kind regards