Details
-
Improvement
-
Resolution: Fixed
-
Major
-
3.0
-
Security Level: Public
-
1
Description
Need the ability to explicitly disable/enable basic auth on the public REST API.
Use Case: Capella Mobile supports OIDC and Basic (username/password) based authentication. Ideally, when OIDC is configured, basic auth should be disabled and users should explicitly opt into basic auth. This could be a potential security risk in that this allows users to bypass OIDC IdP for authentication.
Attachments
Issue Links
- relates to
-
CBG-2119 Update DisablePasswordAuth to False does not work
- Closed