Skip to content

Issue #3249704 by jcisio: Block password reset if "Force SAML login" is enabled

scott_earnest requested to merge issue/saml_sp-3249704:4.x into 4.x

When "Force SAML Login" is enabled, the login form will not be used. However if user goes directly to /user/password to generate a one time login link, it is possible. This update will block this form by disabling the submit (but keep the /user/reset route so that you can still use the OTL link (e.g. generated via drush) but normal users can't. Additionally, a message will appear alerting the user to use the SSO to login and reset their password.

Merge request reports

Loading