Hello!
I’m using OOD 4.0.0 with configured “OnDemand Dex for LDAP”.
Now, when performing authentication, an error in the Login, Password or LDAP filter mismatch leads to the output of the same message in the web interface: “Your username and/or password do not match.”
Is there a way to handle authentication errors more flexibly? And display a message in the web interface about the specific reason for the authentication refusal.
Best regards!
I don’t think so, but you’d have to check the Dex documentation to be sure.
The reason I don’t think you can change these is that they’re obfuscated for higher security.
I.e., as a malicious user, if you try to login and it says wrong password then you know for sure you got the username correct. So you could, in this case, brute force find all or a lot the valid usernames. So keeping the message generic here helps alleviate that I think.
Thank you.
I’ll check Dex documentation.