Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Guide users to upstream IdPs for certain features #3239

Open
pmaier1 opened this issue Sep 24, 2024 · 1 comment
Open

Guide users to upstream IdPs for certain features #3239

pmaier1 opened this issue Sep 24, 2024 · 1 comment

Comments

@pmaier1
Copy link

pmaier1 commented Sep 24, 2024

Is your feature request related to a problem? Please describe.
As a user I want to change my password and I don't necessarily know where I can do that if my homeserver uses an upstream IdP with MAS.

Describe the solution you'd like
If certain features is not available on MAS when used in conjunction with an upstream IdP, we should guide users to the upstream IdP.

Describe alternatives you've considered

  • not guiding users like we do today

Additional context

@teutat3s
Copy link

teutat3s commented Dec 4, 2024

One example we stumbled upon is:

  • Usage of singular upstream IdP keycloak with MAS
  • Disallowed changing email address via account.email_change_allowed: false - it should be completely managed and verified by the upstream IdP
  • Upon first login, the checkbox for changing profile information is still available. User checks box to change account information
  • User gets locked out of account, error message like: email address changes not allowed

Our workaround to get out of this situation was to temporarily allow changing the email address, manually verify it via mas-cli and turn it back to false.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants