Closed inoue-net closed 6 months ago
Hi @inoue-net
Not sure if I understand your issue here.
AUTHENTICATION_ENABLE_SELF_SIGNUP=false will allow or disallow option to create a new user for application
"Sign in with SAML SSO" button is to allow existing user to login to application. Are you expecting to block singin process for AUTHENTICATION_ENABLE_SELF_SIGNUP=false
?
@inoue-net don't have sufficient details on what to do here. Please provide on what your expectation of this config is and whats not working for you.
@chirag-madlani @harshach I can't speak for the OP but I think I have a similar problem. To provide some context:
When authentication is set to LDAP via JumpCloud, users can sign in easily even if accounts didn't exist for them in OMD. And this sign-in prompt isn't seen. When authentication is set to SAML, also via JumpCloud, two changes happen:
Ideally, I'd think (1) shouldn't happen and that accounts are created automatically just like it happens for LDAP, and for (2), admins should have the option to disable that sign-up form and just head straight to completion of account creation with whatever information is provided by the IDP. I think this is also the case in https://github.com/open-metadata/OpenMetadata/issues/15755
@chirag-madlani can you take a look above ^
Hello @inoue-net , enable self-singup applies for basic authentication only and you should be able to restrict the application access for groups of users directly from SSO side.
Affected module UI and backend?
Describe the bug It seems that even though you have set up SELF_SIGNUP, the expected behavior is not occurring. When a user authenticated through SAML is not found in OpenMetadata, the "Sign in with SAML SSO" button leads to the SIGNUP screen being displayed, despite having ENABLE_SELF_SIGNUP set to false.
To Reproduce
To verify, set SELF_SIGNUP to FALSE in OpenMetadata running on Docker.
Expected behavior If SELF_SIGNUP is set to false, the SIGNUP screen should not be displayed.
Version: