Ticket #504 (closed defect: fixed)

Opened 5 years ago

Last modified 5 years ago

Create configuration variable that indicates authentication method

Reported by: business@… Owned by: robert@…
Priority: major Milestone: 0.8.6
Component: Authentication / Authorization Version: 0.8.3
Keywords: Cc:
Hardware: Operating system:
Product: URL:


Request headers are used to determine Shibboleth login -- so in case the standard authentication method is used, people could hack in those headers and create a new user that way.

This can be solved by defining a new configuration setting that explicitly specifies what authentication method is used.

See also #501.

Change History

comment:1 Changed 5 years ago by business@…

  • Owner changed from business@… to robert@…
  • Component changed from Unknown to Authentication / Authorization

comment:2 Changed 5 years ago by work@…

  • Status changed from new to closed
  • Resolution set to fixed

Resolved in r2107, added a configuration parameter which can be used in the externalized configuration to enable shibboleth authentication (see #501 for more information).

Note: See TracTickets for help on using tickets.