This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

default behaviour if LOCALAUTHENABLED is not set

haardik_verma
Regular Contributor
Regular Contributor

‎04/02/2023 09:30 PM - last edited on ‎04/03/2023 03:49 PM by Community Manager

Can you please confirm what is the default behaviour if LOCALAUTHENABLED is not set.

We recently faced issues with our production environment where some users were not able to login. (This issue was later found out to be due to one of the UI server browser cache reached to Max) But One user, whose LOCALAUTHENABLED was null, was able to see the user credential login page and was able to reset the password and login using the new password.

And while resetting, the user was only asked new password and confirm password. 

The user got to the url https:// <base  url>/ECM/maintenance/passwordReset

I think this is a security risk.

What could have been the issue? is this the default behaviour if LOCALAUTHENABLED is null?


Thanks & Regards,
Haardik Verma
Labels:
0 Kudos
1 REPLY 1

nimitdave
Saviynt Employee
Saviynt Employee

‎04/04/2023 12:20 AM

LOCALAUTHENABLED is only used to allow users to login locally to EIC/SSM Portal login page using the local password.

Please raise a separate support ticket for LOCALAUTHENABLED as NULL causing the security issue and asking only new password and confirm password.

0 Kudos
Copyright © 2023 Khoros, LLC