New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unexpected behavior when disabling built-in user authentication #4267
Comments
@pameyer does restarting Glassfish help? |
Oh, "false" doesn't do anything. You have to delete the built in provider. I think I documented this but you can fact check me. 😄 |
I'm looking at what I wrote and it's confusing. As of http://guides.dataverse.org/en/4.8.2/installation/config.html#auth-modes-local-vs-remote-vs-both it says this: "Remote only" mode should be considered experimental until #2974 is resolved. For now, "remote only" means:
Maybe I'm wrong about that false/enabled thing. I don't know. Again, I think you have to delete the whole auth provider and restart Glassfish. If that doesn't work I would suggest reading through #2974. |
I see that over at #2974 (comment) I wrote, "The main code change I added is to not show the suggestion to convert your account if you have deleted the builtin auth provider." |
restarting glassfish didn't help; and deleting the build-in provider didn't help. Guessing this is related to the |
Initial guess was incorrect. |
Today I let @pameyer know about |
@pdurbin Thanks for the suggestion - this does appear to work. |
Thanks @pdurbin ! |
Sure. As I said at #4267 (comment) the documentation is confusing, so maybe this issue should be about cleaning it up. |
For an installation with OAuth only authentication, disabling built-in users results in unexpected behavior in the login page:
before disabling built-in accounts
[root@dv-dev ~]# curl -X GET http://localhost:8080/api/admin/authenticationProviders | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
120 481 120 481 0 0 9268 0 --:--:-- --:--:-- --:--:-- 10688
{
"data": [
{
"enabled": true,
"factoryData": "type: XXXXX | userEndpoint: XXXXXX | clientId: XXXXXX | clientSecret: XXXXX",
"subtitle": "",
"title": "ORCID",
"factoryAlias": "oauth2",
"id": "orcid-sandbox"
},
{
"enabled": true,
"factoryData": "",
"subtitle": "Datavers' Internal Authentication provider",
"title": "Dataverse Local",
"factoryAlias": "BuiltinAuthenticationProvider",
"id": "builtin"
}
],
"status": "OK"
}
disable built-in account:
[root@dv-dev ~]# curl -X PUT -d 'false' http://localhost:8080/api/admin/authenticationProviders/buil
tin/enabled
after disabling:
{"status":"OK","data":{"mGET http://localhost:8080/api/admin/authenticationProviders | jq .
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
120 482 120 482 0 0 28656 0 --:--:-- --:--:-- --:--:-- 48200
{
"data": [
{
"enabled": true,
"factoryData": "type: orcid | userEndpoint: XXXX | clientId: XXXX | clientSecret: XXXX",
"subtitle": "",
"title": "ORCID",
"factoryAlias": "oauth2",
"id": "orcid-sandbox"
},
{
"enabled": false,
"factoryData": "",
"subtitle": "Datavers' Internal Authentication provider",
"title": "Dataverse Local",
"factoryAlias": "BuiltinAuthenticationProvider",
"id": "builtin"
}
],
"status": "OK"
}
The text was updated successfully, but these errors were encountered: