How to disable username/password login?

Zlateshkin1337 · February 13, 2024, 6:42am

Hi all. Recently I integrated owncloud with keycloak. I have an alternative login button through it. I want to remove the ability to log in using a username and password. How can I do this? What parameter in config.php is responsible for this?

jvillafanez · February 13, 2024, 8:05am

You can try Login Policies
The username + password will always be shown, although you can prevent users from going through there.

There might be additional details in the config.sample.php file (core/config/config.sample.php at master · owncloud/core · GitHub), in the relevant config options.

Note that you need a recent OC version in order to use the login policies.

Zlateshkin1337 · February 13, 2024, 8:13am

Can I hide the username and password and leave only the alternative login method?

jvillafanez · February 13, 2024, 8:37am

I don’t think so.
In fact, it could be better to let the admins go through the username + password. If keycloak goes down, at least admins can use ownCloud.

Zlateshkin1337 · February 13, 2024, 10:33am

Ok, how i can disable login by username/password?I have default admin and i wont to disable this user

jvillafanez · February 13, 2024, 5:17pm

Read through the documentation link. It should explain everything you need. If there is something that isn’t clear enough, feel free to point it out so we can improve the documentation.

Zlateshkin1337 · February 14, 2024, 8:25am

The documentation contains instructions on how to deny entry to users of a certain group. User admin in group admin. I made the config according to the instructions, but I can still log in as the admin user. What did I do wrong?

  'loginPolicy.order' => '\OC\Authentication\LoginPolicies\GroupLoginPolicy',
  'loginPolicy.groupLoginPolicy.forbidMap' =>
  array(
    'password' => 
    array(
      'allowOnly' => ['users'],
      'reject' => ['admin'],
    ),
  ),

jvillafanez · February 14, 2024, 2:35pm

The loginPolicy.order must be an array:

'loginPolicy.order' => ['\OC\Authentication\LoginPolicies\GroupLoginPolicy'],

That’s why the policy isn’t being applied and the admin can login.

Zlateshkin1337 · February 15, 2024, 5:04am

I tried that too, no result

jvillafanez · February 15, 2024, 7:49am

It should work from OC version 10.12. If you have an earlier version, you’ll have to upgrade first.

Zlateshkin1337 · February 21, 2024, 10:45am

I am updated owncloud to 10.13.4 version. It doesn’t work. I tried to allow the admin group to log in using a password and deny the users group - it didn’t work either

jvillafanez · February 22, 2024, 8:26am

'loginPolicy.order' => ['OC\Authentication\LoginPolicies\GroupLoginPolicy'],

Note that the leading \ char must NOT be present.

The problem was that the policy is registered under the OC\Authentication\LoginPolicies\GroupLoginPolicy name (without the leading \), so you tried to setup a non-existent policy.
Although the configuration of the policy is ok, the policy wasn’t setup. That’s why everyone was login in.

I’ve also checked the documentation and it’s correct. OC\Authentication\LoginPolicies\GroupLoginPolicy is what you need to use.

Zlateshkin1337 · February 22, 2024, 10:13am

Thank u very much)It works!