PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) solution. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, powerful BYOD management options, 802.1X support, layer-2 isolation of problematic devices; PacketFence can be used to effectively secure networks small to very large heterogeneous networks.
Describe the bug
If you configure SSO with SAML for Admin login with a AD Source as source, the user can login and get full admin rights even if the source won't match.
The same user is not able to login with username and password directly.
For example:
This rule match for the LDAP user and the user can login.
If I disable the rule, login via LDAP (Username + PW) is not possible anymore, but login via SSO is still possible.
You can delete the user tob70778 from PF, but he can still login via SSO (and is not recreated)
Describe the bug If you configure SSO with SAML for Admin login with a AD Source as source, the user can login and get full admin rights even if the source won't match. The same user is not able to login with username and password directly.
For example:
This rule match for the LDAP user and the user can login. If I disable the rule, login via LDAP (Username + PW) is not possible anymore, but login via SSO is still possible. You can delete the user tob70778 from PF, but he can still login via SSO (and is not recreated)