Wiki: Default Authentication strategy on Login page

Created on 14 Nov 2019  路  7Comments  路  Source: Requarks/wiki

Describe the bug
"...the default Local strategy cannot be disabled as it is required for root administrator login" which results in a non-intuitive user experience at login.

Administrator should be able to select the "Primary/Default Authentication strategy".

To Reproduce
Steps to reproduce the behavior:

  1. Configure new Auth strategy
  2. Login page

Expected behavior
The username/password prompt should be replaced with, as an example, "Sign in with [GitHub Enterprise]" as the main login item.

This decreases the user's likelihood they attempt to use another user/password to gain access, and the Local is shown only under "or login using..." because this is always required.

Screenshots
image

contrib-medium enhancement
Source
picture seafre
👍8

Most helpful comment

In my case I wanted users to always pick Keycloak and I wanted to avoid showing the regular login form altogether. Accomplished this with a simple rewrite rule from /login to /login/keycloak (in our case in Helm on Kubernetes):

[...]
      - ingress:
          tls: true
          annotations:
            nginx.ingress.kubernetes.io/configuration-snippet: |
              rewrite ^/login$ https://{{ requiredEnv "HOSTNAME" }}/login/keycloak redirect;

Works like a charm, users don't even see the login screen anymore. Obviously give your SSO user admin access first, you won't be able to use local sign in anymore.

Hope this helps somebody in the meantime.

picture signalkraft on 4 Mar 2020
👍2

All 7 comments

I had to walk nearly every user through this same situation. It should be prioritized!

githubdave2020 picture githubdave2020 on 7 Feb 2020
👍1

In my case I wanted users to always pick Keycloak and I wanted to avoid showing the regular login form altogether. Accomplished this with a simple rewrite rule from /login to /login/keycloak (in our case in Helm on Kubernetes):

[...]
      - ingress:
          tls: true
          annotations:
            nginx.ingress.kubernetes.io/configuration-snippet: |
              rewrite ^/login$ https://{{ requiredEnv "HOSTNAME" }}/login/keycloak redirect;

Works like a charm, users don't even see the login screen anymore. Obviously give your SSO user admin access first, you won't be able to use local sign in anymore.

Hope this helps somebody in the meantime.

signalkraft picture signalkraft on 4 Mar 2020
👍2

Thanks, @signalkraft! Exactly what I needed. This issue should definitly be prioritized.

michidk picture michidk on 1 Apr 2020

Agreed, this should be prioritized. This issue has kept me from upgrading to version 2 for a while now.

steviethecat picture steviethecat on 8 Jul 2020

This is already being addressed in 2.5.

NGPixel picture NGPixel on 8 Jul 2020
👍1

This is already being addressed in 2.5.

This is great news, as we get this confusion from our users ( Cloudron ) often as well. Is there a way to track the task for 2.5 somewhere?

nebulade picture nebulade on 4 Aug 2020

This is already being addressed in 2.5.

This is great news, as we get this confusion from our users ( Cloudron ) often as well. Is there a way to track the task for 2.5 somewhere?

it's documented on here. But it seems he missed the deadline though. 馃槥

Smankusors picture Smankusors on 4 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

D3mon86 picture D3mon86  路  4Comments
gruesomehit picture gruesomehit  路  4Comments
axisofentropy picture axisofentropy  路  4Comments
ahkimkoo picture ahkimkoo  路  4Comments
ramirahikkala picture ramirahikkala  路  3Comments