•  
      request #13500 Disable password change UI when using OpenID Unique Authentication Source
    Infos
    #13500
    Gerke Max Preussner (gmpreussner)
    2019-06-24 02:07
    2019-06-18 08:32
    13709
    Details
    Disable password change UI when using OpenID Unique Authentication Source
    The "Change Password" option in the user settings is available even though an OpenId identity provider is configured and set as "Unique Authentication Source". Unless some sort of endpoint configuration is implemented in the OpenID plugin settings that forwards password change request to (proprietary) APIs in the IdP, this option should probably be disabled as it will have no effect on authentication and only confuse users.
    Empty
    Empty
    11.2
    CentOS 7
    Empty
    Stage
    Empty
    Acknowledged
    Empty
    Attachments
    Empty
    References

    List of items referenced by or referencing this item.

    Artifact Tracker v5

    Follow-ups

    • User avatar
      Understood, thank you!
    • User avatar
      Hi,

      In fact when an OpenID Connect provider is used as the only authentication source the notion of password should completely disappear.

      Unfortunately, this option has been explicitly added (story #9658) because some services can not use anything else than a user password. Until we have close the feature gap and that every services can use some sort of key the user can generate (like it's the case for the REST API and the SVN accesses) I'm afraid we might have to keep it.

      • Status changed from New to Acknowledged