Closed Sae126V closed 7 months ago
Hi, I think the behaviour is already like that, isn't it? See https://github.com/indigo-iam/iam/blob/develop/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp#L76.
Say, When Admin has set loginPageMode to Hidden (Might Happen edge case: Users who know the route link will still be able to access the login form even though admin doesn't want users to enter credentials to login). Does that make sense?
Hi, I think the behaviour is already like that, isn't it? See https://github.com/indigo-iam/iam/blob/develop/iam-login-service/src/main/webapp/WEB-INF/views/iam/login.jsp#L76.
Say, When Admin has set loginPageMode to Hidden (Might Happen edge case: Users who know the route link will still be able to access the login form even though admin doesn't want users to enter credentials to login). Does that make sense?
Ok, clear now. Yes, it makes sense to me.
No worries. I thought the DISABLED Case is same as HIDDEN. If it is make no sense. I am happy to close this PR :)
Prevents access to the login form.
Need to prevent access to the login form when admin has decided to disable(Set to false) both
localAuthenticationVisible
andshowLinkToLocalAuthn
.
My only comment is that I'd change the "title" of this PR/fix. We're not preventing access, we're changing (in a correct way) the logic that hides a form. The login endpoint still login you if you present your right credentials (through a curl e.g.). Then, I'll update the PR title in order to be more clear about this. Something like "Update login form display strategy" e.g.
Kudos, SonarCloud Quality Gate passed!
LGTM
Issues
0 New issues
Measures
0 Security Hotspots
No data about Coverage
No data about Duplication
Hi @Sae126V,
we were reviewing your PR that is fine. Currently, by setting the following properties:
IAM_LOCAL_AUTHN_LOGIN_PAGE_VISIBILITY = hidden
IAM_LOCAL_AUTHN_ENABLED_FOR = none
The local authentication is still shown by adding sll=y
parameter, but the functionality is disabled (see the attached screenshot).
Let's decide together which behavior is preferred.
Prevents access to the login form.
Need to prevent access to the login form when admin has decided to disable(Set to false) both
localAuthenticationVisible
andshowLinkToLocalAuthn
.