Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin SSO: Source is not used, all SSO User are ADMIN #8384

Open
BiasF opened this issue Nov 8, 2024 · 0 comments
Open

Admin SSO: Source is not used, all SSO User are ADMIN #8384

BiasF opened this issue Nov 8, 2024 · 0 comments
Assignees
@fdurand
Labels
Priority: High Type: Bug
Milestone
+1 (patch release)

Comments

@BiasF
Copy link

BiasF commented Nov 8, 2024

Describe the bug
If you configure SSO with SAML for Admin login with a AD Source as source, the user can login and get full admin rights even if the source won't match.
The same user is not able to login with username and password directly.

For example:
image

This rule match for the LDAP user and the user can login.
If I disable the rule, login via LDAP (Username + PW) is not possible anymore, but login via SSO is still possible.
You can delete the user tob70778 from PF, but he can still login via SSO (and is not recreated)

image
Source is selected in SAML Source.

image
SAML Source is selected in Connection Profile.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fdurand fdurand

Labels
Priority: High Type: Bug
Projects
None yet
Milestone
+1 (patch release)
Development

No branches or pull requests
3 participants
@fdurand @satkunas @BiasF