Hi Peter,
On 06/27/2018 08:07 PM, pkboucher801(a)gmail.com wrote:
Is it just for convenience and reduced confusion that you want to
prevent showing the username and password form to the users and show
them instead only buttons for the available brokered login methods?
If so, then a theme change would probably be fine.
Yes, that's the reason.
Would it be a violation of your security policy if a hacker users
used fiddler or somesuch to tweak what the browser sends in order to
login anyway with a username and password, even though you didn't
include that form on your login Freemarker page? Then you'll
probably want to change the flow itself as Marek suggests, to block
that from happening.That was not our primary concern.
Thanks for all the pointers in this thread. We will edit the template.
However.. We still feel that a checkbox like "Disallow direct user/pass
logins for this realm" would be a good feature. :-)
MJ