If SSO Authentication is enabled, many authenticated features still requires a password. #619
Comments
|
This is normal behavior depending on the directory and configuration. I'm assuming you mean AD which is one of the few LDAP directories that allow changing the password via a proxy user (aka 3rd party change) without consequences. Can you confirm this is for AD or are you having this issue with another LDAP directory. |
|
The behavior changed after version 1.7. With version 1.7, we were able to let the user change his password without requiring him to provide a password. |
|
We managed to create a chai provider if the proxy account is defined (we just used existing code, wired up on the authentication section) as per the attached pull request |
If SSO is enabled, many authenticated modules still asks for the user's password. In particular the change password module and the update profile module requires a password because they the user's credential to connect to the LDAP system. This happens even if a proxy user has been configured for the target system.
Steps to reproduce:
The system will redirect the user to the login page asking for a password, but the user has already been authenticated (maybe even with stronger factors) by the external identity provider.
The text was updated successfully, but these errors were encountered: