Allow new SSO logins in "deny" mode (!19) · Merge requests · obs / open-build-service

Andrej Shadura requested to merge allow-sso-in-deny-mode into collabora/staging May 04, 2022

The can_register check is actually only suitable for preventing new unverified registrations; in SSO mode, we normally trust the SSO provider have performed the checks and only gives us users we’re supposed to let in.

Ideally, this should be a separate set of settings to allow e.g. optionally requiring confirmation on SSO logins or to configure different levels of trust per SSO provider.

Allow new SSO logins in "deny" mode

Merge request reports