Bypass authentification when Plugin Enforced

derricksmith / phpsaml

GLPI Plugin - SAML integration using the Onelogin SAML Library

MIT License

32 stars 24 forks source link

Bypass authentification when Plugin Enforced #96

Open rducloie opened 2 years ago

rducloie commented 2 years ago

Hello,

When the "Plugin Enforced" option is activated, is there a hidden link allowing to bypass the SAML authentication and connect via the GLPI interface?

Thank you very much

DonutsNL commented 2 years ago

Hi rducloie,

No currently the plugin will check if either SSO=1 or the enforced configuration option is set.

If either one is the case it will perform the ssoRequest. The only way around it at the moment is to update the database manually and set enforce to 0 using the following sql statement;

mysql> update glpi_plugin_phpsaml_configs set enforced='0';

DonutsNL commented 2 years ago

@derricksmith this might be a nice to have feature allowing an admin to login when there is a problem with the idp or when a configuration mistake is made. Easy enough to implement.

derricksmith commented 2 years ago

@derricksmith this might be a nice to have feature allowing an admin to login when there is a problem with the idp or when a configuration mistake is made. Easy enough to implement.

Agree, this can be implemented in next release.