Hide register page

[phls]

Hi,

First of all, great software!

On my instance, I'm using OIDC Login with GitLab.

Would be possible hide the register page to allow login only with OIDC?

Best regards,

[lukevella]

Currently no but it's a sensible request and I will do my best to cater for it. It's just not a priority at the moment so no ETA yet.

[icsy7867]

Instead of making a new request, I thought I would add to this. I have OIDC working with ADFS now.

While I support hiding the register button AND hiding the email login portion of the login page, perhaps there is an easier solution?

Looking at the code:

              {hasOIDCProvider ? (
                <Button
                  icon={LogInIcon}
                  size="lg"
                  onClick={() => signIn("oidc")}
                >

Instead of making this an "OnClick", why not just automatically use the OIDC login? Since our organization forces OIDC/SSO/SAML, having a user click a "Login using SSO" button is superfluous. Instead of listening for the "OnClick" event, simply initiate signIn("oidc") immediately, forcing login with SSO

[lukevella]

Instead of making this an "OnClick", why not just automatically use the OIDC login? Since our organization forces OIDC/SSO/SAML, having a user click a "Login using SSO" button is superfluous. Instead of listening for the "OnClick" event, simply initiate signIn("oidc") immediately, forcing login with SSO

Maybe down the road. SSO is still a relatively new feature and it's not ready to be the only way to login. Remember #986? 😅

[icsy7867]

Fair enough. I was just excited to have it all working now. I appreciate your hard work and quick replies.

Also, I wouldnt recommend forcing OIDC/SSO by default, but having a config/environment variable for OIDC_FORCE_AUTH=True

or something like that. But I will defer to your design of course. Thank you for getting OIDC working. My organization requires 2-factor, and this really helps check that box.

[port19x]

Just chiming in, I'm trying to host rally behind a reverse proxy and don't want or need any authentication. Is it possible to run rally that way and handle any potential future auth on the proxy layer?

[lukevella]

Just chiming in, I'm trying to host rally behind a reverse proxy and don't want or need any authentication. Is it possible to run rally that way and handle any potential future auth on the proxy layer?

No, I don't think that's likely to happen.

[EduNetEurope]

We would like to restrict new user registration to a domain.

[lukevella]

We would like to restrict new user registration to a domain.

Should be possible using ALLOWED_EMAILS

https://support.rallly.co/self-hosting/configuration-options

[trmendes]

Some self-hosted apps have an ENVIRONMENT variable to disable the creation of new users.

That is useful in case the host admin wants to be the only one to use its own server to create new polls and share the links for friends and others to participate.

Is there a way to block the creation of new users using the ALLOWED_EMAILS?

[icsy7867]

Some self-hosted apps have an ENVIRONMENT variable to disable the creation of new users.

That is useful in case the host admin wants to be the only one to use its own server to create new polls and share the links for friends and others to participate.

Is there a way to block the creation of new users using the ALLOWED_EMAILS?

Can't you just set the allowed_emails to something that can never be true? I.e *@thisisnotpossible.org

[juergenroesch]

that doesn't work - mails of the SSO User are validated against that list. if you set that to youwillneverhavethataddress.org then nobody could login anyhow