Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include in SSO documentation that SSO redirect confirmation can be bypassed using the sso.client_whitelist option #11294

Open
matrixbot opened this issue Dec 19, 2023 · 0 comments
Open

Include in SSO documentation that SSO redirect confirmation can be bypassed using the sso.client_whitelist option #11294

matrixbot opened this issue Dec 19, 2023 · 0 comments
Labels
A-Config A-Docs A-Social Login O-Uncommon S-Tolerable T-Task Z-Help-Wanted

Comments

@matrixbot
Copy link
Collaborator

matrixbot commented Dec 19, 2023
edited
Loading

This issue has been migrated from #11294.

It's not currently obvious that the SSO redirection page (introduced as a security measure) can be bypassed by use of the sso.client_whitelist option. This option allows specifying a whitelist of client URIs, for which the redirection page won't appear if the client you are being redirected to during SSO login.

We should include some words about it on the yet-to-be-written Single Sign-On documentation page.
@matrixbot matrixbot changed the title Dummy issue Include in SSO documentation that SSO redirect confirmation can be bypassed using the sso.client_whitelist option Dec 21, 2023
@matrixbot matrixbot reopened this Dec 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Config A-Docs A-Social Login O-Uncommon S-Tolerable T-Task Z-Help-Wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@matrixbot