diff --git a/jobs/uaa/spec b/jobs/uaa/spec index 3fb9ab5b7..7335136fe 100644 --- a/jobs/uaa/spec +++ b/jobs/uaa/spec @@ -451,6 +451,9 @@ properties: login.checkOriginEnabled: description: "This flag enables the origin check in SCIM. Otherwise, the assignments of users to an origin are not validated." default: false + login.allowOriginLoop: + description: "This flag enables the loop over all origin of a certain type during login, e.g. all SAML or OIDC providers in case of such a logon. Otherwise, only index access is allowed." + default: true # Email login.notifications.url: diff --git a/jobs/uaa/templates/config/uaa.yml.erb b/jobs/uaa/templates/config/uaa.yml.erb index da64e900c..c443f3a8b 100644 --- a/jobs/uaa/templates/config/uaa.yml.erb +++ b/jobs/uaa/templates/config/uaa.yml.erb @@ -672,6 +672,7 @@ 'accountChooserEnabled' => p('login.accountChooserEnabled'), 'aliasEntitiesEnabled' => p('login.aliasEntitiesEnabled'), 'checkOriginEnabled' => p('login.checkOriginEnabled'), + 'allowOriginLoop' => p('login.allowOriginLoop'), 'entityBaseURL' => login_entityBaseUrl, 'entityID' => login_entityId, 'prompt' => { diff --git a/spec/compare/all-properties-set-uaa.yml b/spec/compare/all-properties-set-uaa.yml index 3380cf54d..a291babd9 100644 --- a/spec/compare/all-properties-set-uaa.yml +++ b/spec/compare/all-properties-set-uaa.yml @@ -348,6 +348,7 @@ login: accountChooserEnabled: true aliasEntitiesEnabled: true checkOriginEnabled: true + allowOriginLoop: false entityBaseURL: http://all-properties-set:8888/uaa entityID: all-properties-set:8888/uaa prompt: diff --git a/spec/compare/bosh-lite-uaa.yml b/spec/compare/bosh-lite-uaa.yml index fc3644f3c..8352f8063 100644 --- a/spec/compare/bosh-lite-uaa.yml +++ b/spec/compare/bosh-lite-uaa.yml @@ -266,6 +266,7 @@ login: accountChooserEnabled: false aliasEntitiesEnabled: false checkOriginEnabled: false + allowOriginLoop: true entityBaseURL: https://login.bosh-lite.com entityID: login.bosh-lite.com prompt: diff --git a/spec/compare/deprecated-properties-still-work-uaa.yml b/spec/compare/deprecated-properties-still-work-uaa.yml index a5ab65a09..d0daacb83 100644 --- a/spec/compare/deprecated-properties-still-work-uaa.yml +++ b/spec/compare/deprecated-properties-still-work-uaa.yml @@ -220,6 +220,7 @@ login: accountChooserEnabled: false aliasEntitiesEnabled: false checkOriginEnabled: false + allowOriginLoop: true entityBaseURL: http://test.uaa.url entityID: test.uaa.url prompt: diff --git a/spec/compare/test-defaults-uaa.yml b/spec/compare/test-defaults-uaa.yml index b7c1cc105..f2cac97f2 100644 --- a/spec/compare/test-defaults-uaa.yml +++ b/spec/compare/test-defaults-uaa.yml @@ -171,6 +171,7 @@ login: accountChooserEnabled: false aliasEntitiesEnabled: false checkOriginEnabled: false + allowOriginLoop: true entityBaseURL: http://test.uaa.url entityID: test.uaa.url prompt: diff --git a/spec/input/all-properties-set.yml b/spec/input/all-properties-set.yml index f0a0a53cd..e27439eb9 100644 --- a/spec/input/all-properties-set.yml +++ b/spec/input/all-properties-set.yml @@ -40,6 +40,7 @@ properties: accountChooserEnabled: true aliasEntitiesEnabled: true checkOriginEnabled: true + allowOriginLoop: false links: global: passwd: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/forgot_password"