Currently not a problem, but some thoughts are in #53726:Basic idea could be:
- Block a user on typo3.org
- During SSO login transfer the information if the user is blocked to the wiki (exactly as is already done with the user groups)
- If the user is blocked, do one or two API calls and he is blocked in the wiki as well. It only needs to transfer the information, whether the user is blocked on t3o; blocking in the wiki itself can then happen automatically and would not cause any work.
- Another idea would be: Transfer the information if the user is blocked and if so, just do not log him in. As simple as that; with our current setup that will also prevent him from writing stuff in the wiki.
- The easiest solution would probably be not to prevent this problem in the wiki, but already one step before that, on typo3.org. The user should just be blocked there and before any login would be triggered. This has the advantage that code for that is only needed at one place, that is on typo3.org and not in every single site, which is connected. That way blocked users will also be unable to use SSO in order to log in to the connected sites/to all connected sites.