/login vs /index.php/login - inconsistent behavior

whyisitsohard · September 24, 2023, 6:26pm

Running ownCloud 10.13.1 (stable) on Docker.

I configured

  'openid-connect' => [
...
        'loginButtonName' => 'OpenId Connect',
        'autoRedirectOnLoginPage' => true,
..
],
  'token_auth_enforced' => true, // only enables OAuth login

And I obsered the following

if autoRedirectOnLoginPage is off, then I can see the OpenID Connect button on /index.php/login page, but not /login
When it’s on, then /index.php/login automatically redirects to open id

This is weird?

In addition, I was hoping that

  'token_auth_enforced' => true,

Will enforce that only open id login is enabled, but owncloud still enables password-based login.

Any thoughts or ideas why login vs index.php/login behave differently?

whyisitsohard · September 24, 2023, 6:39pm

(For ‘forbidding’ password logins, except for admin account, this works:

 'loginPolicy.order' => ['OC\Authentication\LoginPolicies\GroupLoginPolicy'],
 'loginPolicy.groupLoginPolicy.forbidMap' => [
          'password' => [
            'allowOnly' => ['admin'],
          ],
          'token' => [
          ],
          'OCA\OpenIdConnect\OpenIdConnectAuthModule' => [
          ],
  ]

But /login still looks different than /index.php/login, which is super confusing

system · December 23, 2023, 6:40pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.