Closed abias closed 5 months ago
Hi,
quick thoughts on this issue:
option one (document re-enabling via standard cli/cfg) is really the obivous solution, that keeps any future maintenance away.
is there a real use case for option two? mabye this would come in handy if you are setting up sso and really want this phase as close to later production? but this would also apply to option three, as you can easily switch back and forth?
Any opinions appreciated here...
Thanks @abias for splitting this up to a new issue. Yes the first option may be the one with the least hassle. But I think option 2 or 3 maybe the more versatile solution. For us, we are using some local accounts for testing, documentation and administration purposes (not testing in the sense of developing) where we don't want to use our personal SSO accounts. So I would prefer option 2, because a special login page could also be more easily protected (by allowing access only from inside the campus network or special IP addresses) via the webserver/reverse proxy.
I would prefer option 2, because a special login page could also be more easily protected (by allowing access only from inside the campus network or special IP addresses) via the webserver/reverse proxy.
Good idea!
In #490 where hiding the manual login form was implemented, @slaudel commented:
@slaudel is right in this point. SSO interfaces can break and if this happens, the login into Moodle is broken completely. But to fix a broken SSO, the admin needs to log in. Since the Moodle login requires the login token (see https://docs.moodle.org/dev/Login_token), an approach where Moodle composes the login form itself is needed, the admin can't just create and submit an ad-hoc login form anywhere.
If we agree that this manual login is only necessary for expert users like admins in emergency cases, there are three obvious solutions:
php admin/cli/cfg.php --name=loginlocalloginenable --component=theme_boost_union --set=yes
loginlocalloginenable
setting./login/index.php?locallogin=1
to the normal login page which will show the local login form regardless of theloginlocalloginenable
setting.