Cornelius Kölbel
Cornelius Kölbel
Can we do a 405 as a short term solution and work on other aspects in the future?
What happens if users go through a proxy?
@kkalev Are you using nginx or apache?
Let's try to do this with an exclusion for /validate/check, to avoid the special case of the client param.
Evaluate if this is easily possible with ldap3.
We need to note, that there are other tokentypes, that would also use a username login. See https://community.privacyidea.org/t/supporting-discoverable-credentials/2855 like the German "DUO".
Some interesting resources: https://fidoalliance.org/implement-passkeys-overview/ https://passkeys.dev/docs/reference/specs/
> However, in the medium term usernameless login is also something we want to support. This proposal would make usernameless login possible as far was I understand. The challenge is,...
This is s.th. we should look at in the pre-authentication concept.
The description requirement is an enrollment policy not a generic policy that defines, how a description should look like. So it actually works like intended. It a user has the...