Description Ingo Steuwer 2022-11-21 16:25:37 CET

Currently the UMC login method is available by default and is in use by the UMC web interface, the UCS portal and some backend calls using UMCP commands. This has to be kept as it ensures that one can login to UMC on a fresh installation.

In scenarios where SSO using SAML or OpenID Connect is configured, the availability of UMC als alternative login method for portal and UMC Web interface needs to be deactivated. As an example: if the SSO IDP enforces 2FA, using the UMC login (which does not support 2FA) would be a way to bypass the second factor.

As the UMC login is still needed for some internal use cases (i.e. join scripts which send UMCP calls to the primary node using the host account to login via this method) the deactivation needs to be configrable. Options should be:

- default: login method is active
- login is fully deactivated
- login is limited to a list of IP addresses

Usecases would be:

- in a single server scenario, login is limited to the local system (localhost + own public IP)
- in a multi server scenario, login on the primary node is limited to the internal network of the datacenter. Recommendation is to not publish the ports of these servers to clients. On all other servers the login can be limited to localhost/own IP or completely deactivated once SSO has been configured.