Ticket #504 (closed defect: fixed)
Create configuration variable that indicates authentication method
|Reported by:||business@…||Owned by:||robert@…|
|Component:||Authentication / Authorization||Version:||0.8.3|
Request headers are used to determine Shibboleth login -- so in case the standard authentication method is used, people could hack in those headers and create a new user that way.
This can be solved by defining a new configuration setting that explicitly specifies what authentication method is used.
See also #501.