Actions
Feature #3140
closed
Add permission which will allow login to IdM directly even if CAS auth is enabled
Status:
Closed
Priority:
Normal
Assignee:
Roman Kučera
Category:
Authentication / Authorization
Target version:
Start date:
06/23/2022
Due date:
% Done:
100%
Estimated time:
Owner:
Description
Right now you can log in directly to IdM if CAS is enabled only if you are superadmin.
There are use cases, when you want to enable this to some other users to. (migration, 3rd party apps)
LoginController::login is now checking this. So create some new permission and implement the logic there.
hasAnyAuthority is already called during this check so checking for multiple permissions instead only one should be OK from performance perspective.
Updated by Roman Kučera over 2 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 80
Updated by Roman Kučera over 2 years ago
- Status changed from In Progress to Needs feedback
Updated by Roman Kučera over 2 years ago
- Assignee changed from Roman Kučera to Tomáš Doischer
@doischert can you make a review please?
Updated by Tomáš Doischer over 2 years ago
- Status changed from Needs feedback to In Progress
- Assignee changed from Tomáš Doischer to Roman Kučera
Looks good but please update the documentation. I think this is the right place: https://wiki.czechidm.com/devel/documentation/security/dev/authorization
Updated by Roman Kučera over 2 years ago
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
Documentation was added into already existing "note bubble"
Updated by Tomáš Doischer almost 2 years ago
- Status changed from Resolved to Closed
Actions