Replies: 1 comment
-
Sounds good. I have in mind to add some additional lessons as well. I'll start a thread to get your thoughts on the idea when I'm ready to implement it. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I have added a capability to login through GitHub. By default this is disabled and when disabled the login screen does not show that option. To enable this you need a WebGoat and WebWolf application registration in GitHub.
I can add some documentation to do this, but it is straightforward.
One option would be to create those applications in an OWASP account. We could enable Single Sign On only for the default localhost and localhost callback and then possibly out the clientid and client secrets as defaults in the code base. Which would only grant all localhost based applications to use this integration. Would that be an option and who would be able to create those for the webgoat github account or another OWASP account. As it would be a bit strange to link it to one of our accounts.
Also can we think of some extra use cases for doing some lesson on SSO ? perhaps misconfiguration or stuff like that?
And there is still a minor bug that I need to fix in the flow after login. it should go to login-oauth but ends up somewhere else. Entering this uri after login brings you to the right place
Beta Was this translation helpful? Give feedback.
All reactions