Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vault UI Feature Request: Don't Show all login methods in Vault UI Login Page #4307

Closed
fia5000 opened this issue Apr 7, 2018 · 10 comments
Closed

Vault UI Feature Request: Don't Show all login methods in Vault UI Login Page #4307

fia5000 opened this issue Apr 7, 2018 · 10 comments
Labels
ui

Comments

@fia5000
Copy link

fia5000 commented Apr 7, 2018
edited

Feature Request:

Let Vault Administrators choose/select which login methods get displayed on the Vault UI login page. At the moment, the login page displays token, userpass, LDAP, okta, github auth methods...most people will never need all of those.

For human operators, having all of these options displayed by default, even if the authentication backend for any/all of these has not been configured by Vault administrators, creates confusion and furthermore, clutters the login form.

image 2018-04-07 at 6 18 19 pm
@meirish
Copy link
Contributor

meirish commented Apr 7, 2018

Yeah, right now it’s a chicken or the egg problem because you have to be authenticated to read the auth mounts, so these are hard coded (that’s also why you have to specify the mount path). We do have plans for this, but ui support for it will come after the 0.10 release. I’ll keep this open for now and keep you up to date when it ships.

@sidewinder12s
Copy link

Maybe just expose a subkey in the Vault config of what Auth methods to enable.

@jefferai
Copy link
Member

It's already there: https://www.vaultproject.io/api/system/mounts.html#listing_visibility-1

@jefferai jefferai added the ui label Jun 11, 2018
@jefferai
Copy link
Member

@meirish marked this as UI for tracking since it also isn't milestoned, I don't think there's anything left to do here but want confirmation before closing.

@sidewinder12s
Copy link

Weird, on the cluster I just upgraded to 0.10.2 it has Okta and GitHub listed on login which we don't even have mounted.

@jefferai
Copy link
Member

I think if we cannot get a specific list we just offer all of them.

@meirish
Copy link
Contributor

meirish commented Jun 12, 2018

We don’t take advantage of this in the UI just yet so we should keep it open.

@Hosweay
Copy link

Hosweay commented Jun 26, 2018

Can the list simply be made configurable? I don't need the UI to dynamically detect the enabled auth mechanisms, which creates the chicken and egg thing. I am fine if the default is all of them but having something customizable in the configuration would be my preference.

Even though we have Token auth enabled for applications, I may not want Token auth enabled for the UI. I may want my human users to use another form of auth than Token and having it configurable would be nice.

@meirish meirish mentioned this issue Jun 29, 2018
Merged
@sidewinder12s sidewinder12s mentioned this issue Jan 28, 2019
Closed
@monokal
Copy link

monokal commented Apr 4, 2019
edited

+1 - Having a whole bunch of irrelevant auth methods which are irrelevant to our users often causes confusion, especially given we force internal LDAP auth as I suspect many others do.

@devlounge
Copy link

when can we hope this to be implemented?

@sgleske-ias sgleske-ias mentioned this issue May 25, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@jefferai @meirish @sidewinder12s @devlounge @Hosweay @monokal @fia5000