phpsaml icon indicating copy to clipboard operation
phpsaml copied to clipboard
verified publisher icon derricksmith

Bypass authentification when Plugin Enforced

Open rducloie opened this issue 3 years ago • 3 comments

Hello,

When the "Plugin Enforced" option is activated, is there a hidden link allowing to bypass the SAML authentication and connect via the GLPI interface?

Thank you very much

rducloie avatar Jul 25 '22 11:07 rducloie

Hi rducloie,

No currently the plugin will check if either SSO=1 or the enforced configuration option is set.

If either one is the case it will perform the ssoRequest. The only way around it at the moment is to update the database manually and set enforce to 0 using the following sql statement;

mysql> update glpi_plugin_phpsaml_configs set enforced='0';

DonutsNL avatar Jul 25 '22 14:07 DonutsNL

@derricksmith this might be a nice to have feature allowing an admin to login when there is a problem with the idp or when a configuration mistake is made. Easy enough to implement.

DonutsNL avatar Aug 09 '22 07:08 DonutsNL

@derricksmith this might be a nice to have feature allowing an admin to login when there is a problem with the idp or when a configuration mistake is made. Easy enough to implement.

Agree, this can be implemented in next release.

derricksmith avatar Aug 09 '22 19:08 derricksmith