On 07/22/2013 09:18 AM, Martin Kosek wrote:
On 07/20/2013 02:51 AM, Stephen Ingram wrote:
Is there a way to disable the forms-based login to the WebUI and require a
No, this is currently not possible. Stephen, can you please describe your use
case why you want it to be off? This would allow us to consider this as an
enhancement for future.
Petr, would it be possible to achieve this via Web UI plugin system introduced
in FreeIPA 3.2?
The login form can be removed by replacing IPA.unauthorized_dialog by
different implementation. But it only hides the interface, the login
feature itself (/ipa/session/login_password) won't be affected. So user
can still send a HTTP POST with his credentials to log in. It's how the
separate login page (/ipa/ui/login.html) works.
So the steps to disable forms-based login are:
1. deny access to /ipa/session/login_password
2. create UI plugin to change Web UI unauthorized_dialog
3. deny access to /ipa/ui/login.html
#1 is sufficient if one does not care about UX.
Freeipa-users mailing list