Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #13500 Disable password change UI when using OpenID Unique Authentication Source
    Actions
    Infos
    #13500
    Gerke Max Preussner (gmpreussner)
    2021-01-04 13:34
    2019-06-18 08:32
    14608
    Details
    Disable password change UI when using OpenID Unique Authentication Source
    The "Change Password" option in the user settings is available even though an OpenId identity provider is configured and set as "Unique Authentication Source". Unless some sort of endpoint configuration is implemented in the OpenID plugin settings that forwards password change request to (proprietary) APIs in the IdP, this option should probably be disabled as it will have no effect on authentication and only confuse users.
    Empty
    11.2
    EL7 (CentOS|RHEL)
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2021-01-04
    Attachments
    Artifact links
    Empty
    Empty
    References
    Display settings

    Follow-ups

    User avatar
    Thomas Gerbet (tgerbet)2019-06-19 15:56
    Hi,

    In fact when an OpenID Connect provider is used as the only authentication source the notion of password should completely disappear.

    Unfortunately, this option has been explicitly added (story #9658) because some services can not use anything else than a user password. Until we have close the feature gap and that every services can use some sort of key the user can generate (like it's the case for the REST API and the SVN accesses) I'm afraid we might have to keep it.
    • Status changed from New to Acknowledged