Closed joelvh closed 8 years ago
What is the use case of an SSO that does not allow any services? Or is it to mitigate an accidental deletion of all service rules that would lead to accepting all services?
hi @pencil - exactly: it's to mitigate against accidentally accepting all services.
@pencil IMHO i think this would even be sane default, no?
Setting this as default would probably cause a massive influx of bug reports.
We don't want to allow authentication from any service if no rules have been setup. The default is to allow this, but the new option makes sure that a rule is matched -- otherwise, login is disallowed.