pencil
commented
8 years ago What is the use case of an SSO that does not allow any services? Or is it to mitigate an accidental deletion of all service rules that would lead to accepting all services?
Closed joelvh closed 8 years ago
pencil
commented
8 years ago What is the use case of an SSO that does not allow any services? Or is it to mitigate an accidental deletion of all service rules that would lead to accepting all services?
joelvh
commented
8 years ago hi @pencil - exactly: it's to mitigate against accidentally accepting all services.
luxflux
commented
8 years ago @pencil IMHO i think this would even be sane default, no?
pencil
commented
8 years ago Setting this as default would probably cause a massive influx of bug reports.
We don't want to allow authentication from any service if no rules have been setup. The default is to allow this, but the new option makes sure that a rule is matched -- otherwise, login is disallowed.