On previous versions, a landing page was shown on which the “login” button appeared. Clicking this buttons showed the saml login page. Personally, I really liked this behavior. With the current version 2.4.2 this isn’t possible any more as the saml login page is shown immediately. Is it configurab…

[immagine] sbernhard: “security” (I know, its not really a big blocker). Cheap hacking scripts on the main URL (without the landing page) would fail hopefully as its required to press the login button first. The automatic redirect should not introduce any security vulnerabilities. If you are …

I am not following, you mean we showed a modal that had a single button “Login with SAML” ?

No. in a previous version (I guess it was 2.3.6) it was like this: [login] After clicking on « Anmelden » the SAML login window appeared. If I enable « local logins » the landing page with the login button appears again but I don’t want to have local login and therefore I need to disable it.

Can someone help me? maybe @eviltrout ?

I certainly didn’t change this on purpose. If you could help us track down when it changed that would be helpful as we could look into the context. It’s possible it changed for security reasons.

This was a long requested improvement to make omniauth behave like real SSO, when the number of omniauth login methods is only one. [immagine] SSO vs Oauth2 difference? sso This is now implemented: https://github.com/discourse/discourse/commit/0a14b9b42a2f597f5df26be9729…

How can I help? one hint: if you enable “local login”, the “Landing page together with the login button” is shown.

If you really want the confirmation page, you can link the user to /login (rather than the homepage). That will not trigger the login automatically. But note this is not really supported, it is just a quirk of the implementation and may change at any time.

New behavior is better and consistent with SSO login. If a message is needed before login it can be implemented in the Identity Provider.

ah, good to know. I know of 2 reasons: show a very nice landing page with some basic information instead of that “boring” login window “security” (I know, its not really a big blocker). Cheap hacking scripts on the main URL (without the landing page) would fail hopefully as its required to press…

[immagine] sbernhard: Is it possible to configure this behavior? You are going to need to hire a dev here to build a plugin to change this. As it stands this is the first complaint I have heard about the new system in months.

Landing page per l'accesso SAML

Supporto

Falco (Falco) 29 Aprile 2020, 9:36pm 6

Questa è un miglioramento richiesto da lungo tempo per far sì che omniauth si comporti come un vero SSO, quando è presente un solo metodo di accesso tramite omniauth.

Argomento		Risposte	Visualizzazioni
Change login button action Support	6	1441	Luglio 14, 2020
Simple plugin to create landing page for SSO not working anymore Development	0	393	Maggio 31, 2022
Disable local login with SAML Support	16	1066	Agosto 5, 2022
Is there any way to bypass the login prompt entirely when using SAML? SSO	0	695	Agosto 2, 2021
Prevent redirecting to SSO login and open discourse login SSO	5	589	Settembre 13, 2024

Landing page per l'accesso SAML

Argomenti correlati