Problem
The configuration only allows one authentication mechanism.
The login page is hard-coded to support all options and the user is expected to know which one to use.
We are using Okta-based SSO, which makes the login form unnecessary. Users can sign in without entering any credentials, but the presence of the form gives the impression that a username and password are required. When they attempt to log in this way, they see a generic error message: "You do not have the correct access permission."
In reality, the server is returning a more accurate message: "Username and password–based login is not enabled at this time.", but that is being ignored.
Expected behaviour
Make the login page config-aware:
- Only display Username & Passwords when needed to authenticate (local or active directory)
- Automatically login when OICD based SSO (remove the button)
Always render the errors returned, avoid acronyms (such as OICD)
Problem
The configuration only allows one authentication mechanism.
The login page is hard-coded to support all options and the user is expected to know which one to use.
We are using Okta-based SSO, which makes the login form unnecessary. Users can sign in without entering any credentials, but the presence of the form gives the impression that a username and password are required. When they attempt to log in this way, they see a generic error message:
"You do not have the correct access permission."In reality, the server is returning a more accurate message:
"Username and password–based login is not enabled at this time.", but that is being ignored.Expected behaviour
Make the login page config-aware:
Always render the errors returned, avoid acronyms (such as OICD)