Ticket #504 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Create configuration variable that indicates authentication method

Reported by: business@… Owned by: robert@…
Priority: major Milestone: 0.8.6
Component: Authentication / Authorization Version: 0.8.3
Keywords: Cc:
Product: Operating system:
URL: Hardware:

Description

Request headers are used to determine Shibboleth login -- so in case the standard authentication method is used, people could hack in those headers and create a new user that way.

This can be solved by defining a new configuration setting that explicitly specifies what authentication method is used.

See also #501.

Change History

Changed 2 years ago by business@…

  • owner changed from business@… to robert@…
  • component changed from Unknown to Authentication / Authorization

Changed 2 years ago by work@…

  • status changed from new to closed
  • resolution set to fixed

Resolved in r2107, added a configuration parameter which can be used in the externalized configuration to enable shibboleth authentication (see #501 for more information).

Note: See TracTickets for help on using tickets.