From 8eef14ad03e9cda1769a9aa067109611425e9ff1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20D=C3=A9nari=C3=A9?= Date: Thu, 7 Dec 2023 12:01:29 +0100 Subject: [PATCH] feat: Add the possibitily to not authorize the login against the external store - EXO-68030 - meeds-io/meeds#1417 (#91) In some case, when the platform is configured with an external user store AND SSO like OIDC, the IDP have security rules for the login like MFA. But, as the user is present in the external store, he can logs with the eXo login form, bypassing security rules This commit add a property to refused the connection for a user in the external store by the exo login form. He have to use the IDP login form --- .../organization/externalstore/IDMExternalStoreService.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/externalstore/IDMExternalStoreService.java b/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/externalstore/IDMExternalStoreService.java index 92c7204b..19014f9d 100644 --- a/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/externalstore/IDMExternalStoreService.java +++ b/exo.core.component.organization.api/src/main/java/org/exoplatform/services/organization/externalstore/IDMExternalStoreService.java @@ -56,6 +56,8 @@ public interface IDMExternalStoreService { public static final String USER_PROFILE_ADDED_FROM_EXTERNAL_STORE = "exo.idm.externalStore.user.profile.new"; + public static final String AUTHORIZE_LOGIN_PARAM = "exo.idm.externalStore.authorizelogin"; + /** * Authenticates user using external store only *