New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault UI Feature Request: Don't Show all login methods in Vault UI Login Page #4307
Comments
Yeah, right now it’s a chicken or the egg problem because you have to be authenticated to read the auth mounts, so these are hard coded (that’s also why you have to specify the mount path). We do have plans for this, but ui support for it will come after the 0.10 release. I’ll keep this open for now and keep you up to date when it ships. |
Maybe just expose a subkey in the Vault config of what Auth methods to enable. |
It's already there: https://www.vaultproject.io/api/system/mounts.html#listing_visibility-1 |
@meirish marked this as UI for tracking since it also isn't milestoned, I don't think there's anything left to do here but want confirmation before closing. |
Weird, on the cluster I just upgraded to 0.10.2 it has Okta and GitHub listed on login which we don't even have mounted. |
I think if we cannot get a specific list we just offer all of them. |
We don’t take advantage of this in the UI just yet so we should keep it open. |
Can the list simply be made configurable? I don't need the UI to dynamically detect the enabled auth mechanisms, which creates the chicken and egg thing. I am fine if the default is all of them but having something customizable in the configuration would be my preference. Even though we have Token auth enabled for applications, I may not want Token auth enabled for the UI. I may want my human users to use another form of auth than Token and having it configurable would be nice. |
+1 - Having a whole bunch of irrelevant auth methods which are irrelevant to our users often causes confusion, especially given we force internal LDAP auth as I suspect many others do. |
when can we hope this to be implemented? |
Feature Request:
Let Vault Administrators choose/select which login methods get displayed on the Vault UI login page. At the moment, the login page displays token, userpass, LDAP, okta, github auth methods...most people will never need all of those.
For human operators, having all of these options displayed by default, even if the authentication backend for any/all of these has not been configured by Vault administrators, creates confusion and furthermore, clutters the login form.
The text was updated successfully, but these errors were encountered: