mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-18 11:58:24 +01:00
* Mail/Filemanager: admin can allow users to store a password to pass to mail- and file-servers in case they use (password-less) SingleSignOn
This commit is contained in:
parent
5dafe00c95
commit
fd216b07f2
@ -115,6 +115,7 @@ all records and account information will be lost! admin de Alle Datensätze und
|
||||
all users admin de Alle Benutzer
|
||||
allow anonymous access to this app admin de Anonymen Zugriff auf diese Anwendung zulassen
|
||||
allow remote administration from following install id's (comma separated) admin de Erlaube die Remote-Verwaltung durch folgende (Komma separierte) Installation-IDs.
|
||||
allow the user to store his password under 'security & passwords' for singlesignon. admin de Erlaubt dem Benutzer sein Passwort unter 'Sicherheit & Passwort' für SingleSignOn zu speichern.
|
||||
allow user to set 'remember me' token admin de Erlaube Benutzer ein "An mich erinnern" Token zu setzen
|
||||
allow users to change forwards admin de Anwender dürfen Weiterleitung bearbeiten
|
||||
allow users to create identities for aliases admin de Anwender dürfen Identitäten für Aliase anlegen
|
||||
|
@ -115,6 +115,7 @@ all records and account information will be lost! admin en All records and accou
|
||||
all users admin en All users
|
||||
allow anonymous access to this app admin en Allow anonymous access to this app
|
||||
allow remote administration from following install id's (comma separated) admin en Allow remote administration from following install ID's, comma separated.
|
||||
allow the user to store his password under 'security & passwords' for singlesignon. admin en Allow the user to store his password under 'Security & Passwords' for SingleSignOn.
|
||||
allow user to set 'remember me' token admin en Allow user to set 'Remember me' token
|
||||
allow users to change forwards admin en Allow users to change forwards
|
||||
allow users to create identities for aliases admin en Allow users to create identities for aliases
|
||||
|
@ -330,6 +330,13 @@
|
||||
<option value="yes">Yes</option>
|
||||
</et2-select>
|
||||
</row>
|
||||
<row>
|
||||
<et2-vbox>
|
||||
<et2-description value="Logging in via SingleSignOn does not provide a password to pass it on to mail- or file-servers."></et2-description>
|
||||
<et2-description value="Allow the user to store his password under 'Security & Passwords' for SingleSignOn."></et2-description>
|
||||
</et2-vbox>
|
||||
<et2-checkbox id="newsettings[store_password_for_sso]" label="Store password retrievable for SingleSignOn"></et2-checkbox>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<et2-description value="Other security configuration" span="all" class="subHeader"></et2-description>
|
||||
|
@ -63,6 +63,7 @@ $setup_info['api']['hooks']['addgroup'] = 'EGroupware\\Api\\Vfs\\Hooks::addGroup
|
||||
$setup_info['api']['hooks']['deletegroup'] = array('EGroupware\\Api\\Vfs\\Hooks::deleteGroup', 'EGroupware\\Api\\Mail\\Hooks::deletegroup');
|
||||
$setup_info['api']['hooks']['editgroup'] = 'EGroupware\\Api\\Vfs\\Hooks::editGroup';
|
||||
$setup_info['api']['hooks']['changepassword'] = 'EGroupware\\Api\\Mail\\Hooks::changepassword';
|
||||
$setup_info['api']['hooks']['session_created'] = 'EGroupware\Api\Mail\Credentials::ssoPassword';
|
||||
|
||||
// Hooks to delete shares when file is deleted
|
||||
$setup_info['api']['hooks']['vfs_unlink'] = 'EGroupware\\Api\\Vfs\\Sharing::vfsUpdate';
|
||||
|
@ -15,6 +15,7 @@
|
||||
namespace EGroupware\Api\Mail;
|
||||
|
||||
use EGroupware\Api;
|
||||
use EGroupware\Api\Cache;
|
||||
use Jumbojett\OpenIDConnectClientException;
|
||||
|
||||
/**
|
||||
@ -85,10 +86,15 @@ class Credentials
|
||||
*/
|
||||
const OAUTH_REFRESH_TOKEN = 256;
|
||||
|
||||
/**
|
||||
* Password to use, if none provided due to SSO login
|
||||
*/
|
||||
const SSO_PASSWORD = 512;
|
||||
|
||||
/**
|
||||
* All credentials
|
||||
*/
|
||||
const ALL = self::IMAP|self::SMTP|self::ADMIN|self::SMIME|self::TWOFA|self::SPAMTITAN|self::OAUTH_REFRESH_TOKEN;
|
||||
const ALL = self::IMAP|self::SMTP|self::ADMIN|self::SMIME|self::TWOFA|self::SPAMTITAN|self::OAUTH_REFRESH_TOKEN|self::SSO_PASSWORD;
|
||||
|
||||
/**
|
||||
* Password in cleartext
|
||||
@ -138,7 +144,8 @@ class Credentials
|
||||
self::SMIME => 'acc_smime_',
|
||||
self::TWOFA => '2fa_',
|
||||
self::SPAMTITAN => 'acc_spam_',
|
||||
self::OAUTH_REFRESH_TOKEN => 'acc_oauth_'
|
||||
self::OAUTH_REFRESH_TOKEN => 'acc_oauth_',
|
||||
self::SSO_PASSWORD => 'sso_',
|
||||
);
|
||||
|
||||
/**
|
||||
@ -213,7 +220,7 @@ class Credentials
|
||||
self::$cache[$acc_id][$row['account_id']][$row['cred_type']] = $row;
|
||||
//error_log(__METHOD__."($acc_id, $type, ".array2string($account_id).") stored to cache ".array2string($row));
|
||||
|
||||
if (!isset($on_login) && self::needMigration($row['cred_pw_enc']))
|
||||
if (!isset($on_login) && self::needMigration($row['cred_pw_enc'], $row['cred_type']))
|
||||
{
|
||||
$on_login = array(__CLASS__.'::migrate', $acc_id);
|
||||
}
|
||||
@ -266,6 +273,38 @@ class Credentials
|
||||
return $results;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get password to use for current user, if he has one stored for SSO AND store it in session like the regular password
|
||||
*
|
||||
* @return string|null
|
||||
*/
|
||||
public static function ssoPassword() : ?string
|
||||
{
|
||||
// check if we have a regular, non-anonymous session
|
||||
if (!isset($GLOBALS['egw']->session) ||
|
||||
!empty($GLOBALS['egw']->session->cd_reason) ||
|
||||
$GLOBALS['egw']->session->session_flags !== 'N')
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
if (!empty($GLOBALS['egw']->session->passwd))
|
||||
{
|
||||
return $GLOBALS['egw']->session->passwd;
|
||||
}
|
||||
|
||||
$data = self::read(0, self::SSO_PASSWORD, $GLOBALS['egw_info']['user']['account_id']);
|
||||
|
||||
if (isset($data[self::$type2prefix[self::SSO_PASSWORD].'password']))
|
||||
{
|
||||
Api\Cache::setSession('phpgwapi', 'password',
|
||||
base64_encode($GLOBALS['egw']->session->passwd = $data[self::$type2prefix[self::SSO_PASSWORD].'password']));
|
||||
|
||||
return $data[self::$type2prefix[self::SSO_PASSWORD].'password'];
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get cached access-token, or use refresh-token to get a new one
|
||||
*
|
||||
@ -388,9 +427,10 @@ class Credentials
|
||||
* @param int $type self::IMAP, self::SMTP, self::ADMIN or self::SMIME
|
||||
* @param int $account_id if of user-account for whom credentials are
|
||||
* @param int $cred_id =null id of existing credentials to update
|
||||
* @param bool $use_system =null true: use system-secret/SYSTEM_AES, false: use user-password/USER_AES, null: determine automatic
|
||||
* @return int cred_id
|
||||
*/
|
||||
public static function write($acc_id, $username, $password, $type, $account_id=0, $cred_id=null)
|
||||
public static function write($acc_id, $username, $password, $type, $account_id=0, $cred_id=null, ?bool $use_system=null)
|
||||
{
|
||||
//error_log(__METHOD__."(acc_id=$acc_id, '$username', \$password, type=$type, account_id=$account_id, cred_id=$cred_id)");
|
||||
if (!empty($cred_id) && !is_numeric($cred_id) || !is_numeric($account_id))
|
||||
@ -415,7 +455,7 @@ class Credentials
|
||||
'account_id' => $account_id,
|
||||
'cred_username' => $username,
|
||||
'cred_password' => (string)$password === '' ? '' :
|
||||
self::encrypt($password, $account_id, $pw_enc),
|
||||
self::encrypt($password, $account_id, $pw_enc, $use_system ?? ($type == self::SSO_PASSWORD ? true : null)),
|
||||
'cred_type' => $type,
|
||||
'cred_pw_enc' => $pw_enc,
|
||||
);
|
||||
@ -490,12 +530,13 @@ class Credentials
|
||||
* @param string $password cleartext password
|
||||
* @param int $account_id user-account password is for
|
||||
* @param int& $pw_enc on return encryption used
|
||||
* @param bool $use_system =null true: use system-secret/SYSTEM_AES, false: use user-password/USER_AES, null: determine automatic
|
||||
* @return string encrypted password
|
||||
*/
|
||||
public static function encrypt($password, $account_id, &$pw_enc)
|
||||
public static function encrypt($password, $account_id, &$pw_enc, ?bool $use_system=null)
|
||||
{
|
||||
try {
|
||||
return self::encrypt_openssl_aes($password, $account_id, $pw_enc);
|
||||
return self::encrypt_openssl_aes($password, $account_id, $pw_enc, null, null, $use_system);
|
||||
}
|
||||
catch (Api\Exception\AssertionFailed $ex) {
|
||||
try {
|
||||
@ -531,13 +572,14 @@ class Credentials
|
||||
* @param int& $pw_enc on return encryption used
|
||||
* @param string $key =null key/password to use, default password according to account_id
|
||||
* @param string $salt =null (binary) salt to use, default generate new random salt
|
||||
* @param bool $use_system =null true: use system-secret/SYSTEM_AES, false: use user-password/USER_AES, null: determine automatic
|
||||
* @return string encrypted password
|
||||
*/
|
||||
protected static function encrypt_openssl_aes($password, $account_id, &$pw_enc, $key=null, $salt=null)
|
||||
protected static function encrypt_openssl_aes($password, $account_id, &$pw_enc, $key=null, $salt=null, ?bool $use_system=null)
|
||||
{
|
||||
if (empty($key))
|
||||
{
|
||||
if ($account_id > 0 && $account_id == $GLOBALS['egw_info']['user']['account_id'] &&
|
||||
if ($use_system !== true && $account_id > 0 && $account_id == $GLOBALS['egw_info']['user']['account_id'] &&
|
||||
($key = Api\Cache::getSession('phpgwapi', 'password')) &&
|
||||
// do NOT encrypt password if (optional) SAML or OpenIdConnect auth is enabled
|
||||
!array_filter(array_keys(Api\Config::read('phpgwapi')), static function($name)
|
||||
@ -769,10 +811,16 @@ class Credentials
|
||||
* Check if credentials need migration to AES
|
||||
*
|
||||
* @param string $pw_enc
|
||||
* @param int|null $cred_type =null
|
||||
* @return boolean
|
||||
*/
|
||||
static public function needMigration($pw_enc)
|
||||
static public function needMigration($pw_enc, ?int $cred_type=null)
|
||||
{
|
||||
// do NOT migrate/store SSO-passwords with user-credentials
|
||||
if (isset($cred_type) && $cred_type == self::SSO_PASSWORD)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
return $pw_enc == self::USER || $pw_enc == self::SYSTEM || $pw_enc == self::CLEARTEXT;
|
||||
}
|
||||
|
||||
@ -790,7 +838,7 @@ class Credentials
|
||||
{
|
||||
foreach($rows as $cred_type => &$row)
|
||||
{
|
||||
if (self::needMigration($row['cred_pw_enc']) && ($row['cred_pw_enc'] != self::USER ||
|
||||
if (self::needMigration($row['cred_pw_enc'], $cred_type) && ($row['cred_pw_enc'] != self::USER ||
|
||||
$row['cred_pw_enc'] == self::USER && $account_id == $GLOBALS['egw_info']['user']['account_id']))
|
||||
{
|
||||
self::write($acc_id, $row['cred_username'], self::decrypt($row), $cred_type, $account_id, $row['cred_id']);
|
||||
|
@ -56,6 +56,10 @@ class preferences_password
|
||||
'gauth_android' => self::GAUTH_ANDROID,
|
||||
'gauth_ios' => self::GAUTH_IOS,
|
||||
];
|
||||
if (($content['store_password_for_sso'] = $GLOBALS['egw_info']['server']['store_password_for_sso'] ?? false))
|
||||
{
|
||||
$content['store-password-for-sso'] = $content['store_password_for_sso'];
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -74,6 +78,24 @@ class preferences_password
|
||||
switch($content['tabs'])
|
||||
{
|
||||
case 'change_password':
|
||||
if (!empty($GLOBALS['egw_info']['server']['store_password_for_sso']) &&
|
||||
$content['store-password-for-sso'] && $content['button']['save'])
|
||||
{
|
||||
if (!$auth->authenticate($GLOBALS['egw_info']['user']['account_lid'], $content['password']))
|
||||
{
|
||||
$tmpl->set_validation_error('password', lang('Password is invalid'));
|
||||
break;
|
||||
}
|
||||
Credentials::write(0, $GLOBALS['egw_info']['user']['account_lid'], $content['password'],
|
||||
Credentials::SSO_PASSWORD, $GLOBALS['egw_info']['user']['account_id']);
|
||||
|
||||
// close now, if we're not changing the password
|
||||
if ($GLOBALS['egw']->acl->check('nopasswordchange', 1) || empty($content['n_passwd']) && empty($content['n_passwd_2']))
|
||||
{
|
||||
Framework::refresh_opener(lang('Password stored'), 'preferences');
|
||||
Framework::window_close();
|
||||
}
|
||||
}
|
||||
if (!$GLOBALS['egw']->acl->check('nopasswordchange', 1) && $content['button']['save'])
|
||||
{
|
||||
if (($errors = self::do_change($content['password'], $content['n_passwd'], $content['n_passwd_2'])))
|
||||
@ -158,7 +180,14 @@ class preferences_password
|
||||
// disable password change, if user has not right to change it
|
||||
if ($GLOBALS['egw']->acl->check('nopasswordchange', 1))
|
||||
{
|
||||
$readonlys['tabs']['change_password'] = true;
|
||||
if (!empty($GLOBALS['egw_info']['server']['store_password_for_sso']))
|
||||
{
|
||||
$content['nopasswordchange'] = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
$readonlys['tabs']['change_password'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
$preserve = [
|
||||
|
@ -100,6 +100,7 @@ icon preferences de Symbol
|
||||
icons and text preferences de Symbole und Text
|
||||
icons only preferences de Nur Symbole
|
||||
if a line is already selected, further lines get either selected by holding ctrl/cmd key and clicking on them (to not unselect the current selected line), or by just clicking on them as for a checkbox. if no line is selected clicking on one allways selects it. holding down shift key selects everything between current select line and the one clicked. preferences de Wenn bereits eine Zeile ausgewählt ist, werden weitere Zeilen entweder durch das Halten der Strg/Cmd Taste (um die bereits ausgewählten nicht abzuwählen) und anklicken derselben, oder durch einfaches anklicken wie für eine Checkbox, ausgewählt. Wenn keine Zeile ausgewählt ist, wählt anklicken diese immer aus. Das Halten der Umschalt-Taste wählt alles zwischen der aktuell ausgewählten Zeile und der angeklickten.
|
||||
if enabled, your entered password will be stored and passed on to other server, when you login via sso. preferences de Ihr eingegebenes Passwort wird gespeichert und an andere Server weiter gegeben, wenn eingeschaltet und Sie sich per SingleSignOn anmelden.
|
||||
images linked to an entry can be displayed as thumbnails. you can turn this off to speed up page display. preferences de Bilder die mit einem Eintrag verlinkt sind können als Vorschaubild angezeigt werden. Kann ausgeschaltet werden um die Geschwindigkeit der Anzeige zu erhöhen.
|
||||
in which country are you. this is used to set certain defaults for you. preferences de In welchen Land befinden Sie sich? Damit werden verschiedene Voreinstellungen für Sie vorgenommen.
|
||||
interface/template selection preferences de Auswahl der Benutzeroberfläche
|
||||
@ -108,6 +109,7 @@ just clicking on the line, like a checkbox preferences de Einfaches anklicken de
|
||||
kama theme preferences de Kama-Theme
|
||||
keep list open for selecting multiple preferences de Liste für die Auswahl mehrerer Optionen offen halten
|
||||
language preferences de Sprache
|
||||
logging in via singlesignon does not provide a password to pass it on to mail- or file-servers. common de Das Anmelden per SingleSignOn liefert kein Passwort das an Mail- oder Datei-Server weiter gegeben werden kann.
|
||||
look & feel preferences de Aussehen und Handhabung
|
||||
lowercase letters preferences de Kleinbuchstaben
|
||||
make applications list scrollable with up/down scroll buttons (usefull for users working with mouse with no scrollwheel) preferences de Macht die Seitenleiste links mit Scroll-Button nach oben/unten scrollbar (nützlich für Benutzer auf Tablets).
|
||||
@ -132,6 +134,7 @@ password contains only %1 of required %2 character classes: no %3 preferences de
|
||||
password contains with "%1" a parts of your user- or full-name (3 or more characters long) preferences de Passwort enthält mit "%1" einen Teil Ihres Benutzernamens oder vollständigen Namen (3 oder mehr Zeichen lang)
|
||||
password is invalid preferences de Das Passwort ist ungültig
|
||||
password must have at least %1 characters preferences de Passwort muss mindestens %1 Zeichen lang sein
|
||||
password stored preferences de Passwort gespeichert
|
||||
permanent time zone selection preferences de Ständige Zeitzonen Auswahl
|
||||
please select timezones, you want to be able to quickly switch between. switch is not shown, if less then two are selected. preferences de Zeitzonen auswählen, zwischen den schnell umgeschaltet werden soll. Der Umschalter wird NICHT angezeigt, wenn weniger als zwei ausgewählt werden.
|
||||
please select your timezone. preferences de Bitte wählen Sie Ihre Zeitzone.
|
||||
@ -173,11 +176,13 @@ show qrcode preferences de QR-Code anzeigen
|
||||
show qrcode to enable on an additional device. preferences de Zeigt den QR-Code wieder an um ihn auf weiteren Geräten einzurichten.
|
||||
show text on navigation icons preferences de Text zu Icons in der Navigationsleiste anzeigen
|
||||
show_more_apps common de Mehr Anwendungen anzeigen
|
||||
singlesignon and passwords preferences de SingleSignOn und Passwörter
|
||||
small paragraph preferences de Schmaler Absatz
|
||||
special characters preferences de Sonderzeichen
|
||||
spellchecker language addressbook de Sprache Rechtschreibprüfung
|
||||
stay open preferences de Liste auflassen
|
||||
stay open, but not for email preferences de Liste auflassen, aber nicht für E-Mail
|
||||
store password retrievable for singlesignon common de Passwort wiederherstellbar für SingleSignOn speichern
|
||||
text editor settings preferences de Einstellungen des Texteditors
|
||||
text only preferences de Nur Text
|
||||
the default application will be started when you enter egroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences de Diese Anwendung wird gestartet, wenn sie EGroupware neu starten oder auf das Symbol der Startseite klicken. Sie können auch mehrere Anwendungen auf Ihrer Startseite anzeigen, dazu wählen sie keine Anwendung aus. Welche Anwendungen dann angezeigt werden, wird in den Einstellungen der jeweiligen Anwendungen konfiguriert.
|
||||
|
@ -100,6 +100,7 @@ icon preferences en Icon
|
||||
icons and text preferences en Icons and text
|
||||
icons only preferences en Icons only
|
||||
if a line is already selected, further lines get either selected by holding ctrl/cmd key and clicking on them (to not unselect the current selected line), or by just clicking on them as for a checkbox. if no line is selected clicking on one allways selects it. holding down shift key selects everything between current select line and the one clicked. preferences en If a line is already selected, further lines get either selected by holding Ctrl/Cmd key and clicking on them (to not unselect the current selected line), or by just clicking on them as for a checkbox. If no line is selected clicking on one allways selects it. Holding down Shift key selects everything between current select line and the one clicked.
|
||||
if enabled, your entered password will be stored and passed on to other server, when you login via sso. preferences en If enabled, your entered password will be stored and passed on to other server, when you login via SSO.
|
||||
images linked to an entry can be displayed as thumbnails. you can turn this off to speed up page display. preferences en Images linked to an entry can be displayed as thumbnails. Turn this off to speed up page display.
|
||||
in which country are you. this is used to set certain defaults for you. preferences en Select the country. It sets some defaults e.g. in Calendar.
|
||||
interface/template selection preferences en Interface | Template
|
||||
@ -108,6 +109,7 @@ just clicking on the line, like a checkbox preferences en Just clicking on the l
|
||||
kama theme preferences en Kama theme
|
||||
keep list open for selecting multiple preferences en Keep list open for selecting multiple
|
||||
language preferences en Language
|
||||
logging in via singlesignon does not provide a password to pass it on to mail- or file-servers. common en Logging in via SingleSignOn does not provide a password to pass it on to mail- or file-servers.
|
||||
look & feel preferences en Look & feel
|
||||
lowercase letters preferences en lowercase letters
|
||||
make applications list scrollable with up/down scroll buttons (usefull for users working with mouse with no scrollwheel) preferences en Makes the sidebar on the left with scroll button scrollable up/down (useful for users on tablets).
|
||||
@ -132,6 +134,7 @@ password contains only %1 of required %2 character classes: no %3 preferences en
|
||||
password contains with "%1" a parts of your user- or full-name (3 or more characters long) preferences en password contains with "%1" a parts of your user- or full-name (3 or more characters long)
|
||||
password is invalid preferences en Password is invalid
|
||||
password must have at least %1 characters preferences en password must have at least %1 characters
|
||||
password stored preferences en Password stored
|
||||
permanent time zone selection preferences en Permanent time zone
|
||||
please select timezones, you want to be able to quickly switch between. switch is not shown, if less then two are selected. preferences en Select time zones to switch between. Switch is NOT shown, if less than two time zones are selected.
|
||||
please select your timezone. preferences en Select your time zone.
|
||||
@ -173,11 +176,13 @@ show qrcode preferences en Show QRCode
|
||||
show qrcode to enable on an additional device. preferences en Show QRCode to enable on an additional device.
|
||||
show text on navigation icons preferences en Show text on navigation icons
|
||||
show_more_apps common en Show more applications
|
||||
singlesignon and passwords preferences en SingleSignOn and passwords
|
||||
small paragraph preferences en Small Paragraph
|
||||
special characters preferences en Special characters
|
||||
spellchecker language addressbook en Spellchecker language
|
||||
stay open preferences en Stay open
|
||||
stay open, but not for email preferences en Stay open, but not for email
|
||||
store password retrievable for singlesignon common en Store password retrievable for SingleSignOn
|
||||
text editor settings preferences en Text editor settings
|
||||
text only preferences en Text only
|
||||
the default application will be started when you enter egroupware or click on the homepage icon.<br>you can also have more than one application showing up on the homepage, if you don't choose a specific application here (has to be configured in the preferences of each application). preferences en The default application will be started when you enter EGroupware or click on the Home icon.<br>More than one application scan be shown on the home page, if nothing is selected here. It has to be configured in the preferences of each application.
|
||||
|
@ -8,14 +8,21 @@
|
||||
<column/>
|
||||
</columns>
|
||||
<rows>
|
||||
<row>
|
||||
<row disabled="@nopasswordchange">
|
||||
<et2-description value="Enter your new password"></et2-description>
|
||||
<et2-password id="n_passwd" class="et2_required" suggest="16" autocomplete="new-password"></et2-password>
|
||||
</row>
|
||||
<row>
|
||||
<row disabled="@nopasswordchange">
|
||||
<et2-description value="Re-enter your password"></et2-description>
|
||||
<et2-password id="n_passwd_2" class="et2_required"></et2-password>
|
||||
</row>
|
||||
<row disabled="!@store_password_for_sso">
|
||||
<et2-groupbox summary="SingleSignOn and passwords" span="all" style="padding-top: 10px">
|
||||
<et2-checkbox id="store-password-for-sso" label="Store password retrievable for SingleSignOn" style="padding: 8px"></et2-checkbox>
|
||||
<et2-description value="Logging in via SingleSignOn does not provide a password to pass it on to mail- or file-servers." style="padding-top: 4px; padding-bottom: 8px"></et2-description>
|
||||
<et2-description value="If enabled, your entered password will be stored and passed on to other server, when you login via SSO."></et2-description>
|
||||
</et2-groupbox>
|
||||
</row>
|
||||
</rows>
|
||||
</grid>
|
||||
</template>
|
||||
|
Loading…
Reference in New Issue
Block a user