[keycloak-user] brokered-login only
mj
lists at merit.unu.edu
Thu Jun 28 04:20:39 EDT 2018
Hi Peter,
On 06/27/2018 08:07 PM, pkboucher801 at gmail.com wrote:
> Is it just for convenience and reduced confusion that you want to
> prevent showing the username and password form to the users and show
> them instead only buttons for the available brokered login methods?
> If so, then a theme change would probably be fine.
Yes, that's the reason.
> Would it be a violation of your security policy if a hacker users
> used fiddler or somesuch to tweak what the browser sends in order to
> login anyway with a username and password, even though you didn't
> include that form on your login Freemarker page? Then you'll
> probably want to change the flow itself as Marek suggests, to block
> that from happening.That was not our primary concern.
Thanks for all the pointers in this thread. We will edit the template.
However.. We still feel that a checkbox like "Disallow direct user/pass
logins for this realm" would be a good feature. :-)
MJ
More information about the keycloak-user
mailing list