Hello,
I use an LDAP Synchronizer to creates users in my Bonita Repository. Let's say the user "Pierre-Yves" is created with success.
I set up an SSO based on SAML. It's working fine, I can connect with my user Pierre-Yves, using my personal password.
Now, I want to connect to the Bonita Engine via REST. I need to use a technical login, like "bonitarest / password Fnk,rzavfh77!! ". This user will not exist in the company directory.
So, I will use the properties
saml.auth.standard.allowed=true
After that, I understand, if I want to connect via the login bonitarest and the specific password, it will be ok, isn't it?
But what's happen if I try the login "Pierre-Yves" with the password "bpm"? Because, as you know, LDAP Synchronizer creates users with a fake password (it's bpm or blank, I don't remember).
1/ bad chance, of course, the SSO will fail, but due to the standard. allowed, BonitaPortal will try to connect me with Pierre-Yves/bpm, and will be successful.
2/ No worry, because the SSO failed, but knows you, it tells to the Bonita authentication "I know this user, but the password is not correct" the Bonita Authentication will not try to connect with Pierre-Yves/bpm
In the first situation, do you know if it's possible via the LDAP Synchronizer to creates a user, Disabled, with a marker? Then a Truckmilk job can be created to change the password / Enable the user then.
Thanks