Hi Brian,
Pretty sure it shouldn't let you enter without a password. Did you configure any external authentication providers like LDAP? (not sure if those were added in 9.0.1 or 9.1)
If you continue with the problem I recommend you to open a support ticket and get it thoubleshooted.
Regards,
João Rosado
Hello everyone,
As João Rosado stated, the behavior originally reported here is not the intended behavior. The OutSystems Platform should not allow you to authenticate using an empty password.
What happened was that Brian (unwittingly) uncovered a security flaw in the OutSystems Platform. Please refer to this Knowledge Base article for further details, and a fix for the issue.
Best regards,
Ricardo Silva
Thank you for the follow up and communication to users, Ricardo. It's great to see things like this fixed so quickly. Had I realized this was an issue that didn't stem from a simple misconfiguration on my side, I would have reported it in a more private setting. Please offer the team my apologies for the unintended public disclosure!
Cheers!
-Brian
Hi Brian or Ricardo,
Where can I find the checkbox you've mentioned "After checking the box in the LDAPAuthProvider configuration screen to enable fallback authentication"?
Cheers,
Gabriel
Hi Gabriel,
To get to that checkbox, first login to your OutSystems LifeTime environment, then select "Users & Roles" from the top of the page. After that, select "Authentication", and it should bring up a screen allowing you to choose between the built-in OutSystems authentication provider and an external authentication provider. Make sure the "external authentication provider" radio button is selected, and select LDAPAuthProvider from the selection list. Look at the "Configure plugin in environment" drop down list and select the environment you want to work with, then click "Configure". You may then get prompted to login as the admin user for that environment, but you will probably just be sent straight to the "LDAP Authentication Configuration" page. On that page, where you specify the LDAP host/port and base DN, you should see the "Fallback to built-in authentication" checkbox.