“We have implemented Keycloak integration into our Taiga setup, which we deployed using a **docker-compose.yml** file. Once users authenticate via Keycloak, they are automatically created as users in Taiga. We’ve noticed that these users can go to the ‘change password’ page and, by leaving the ‘current password’ field empty and properly filling in the other fields, they can change their password. Then they can log in via the Taiga login page using their username and this newly set password, bypassing Keycloak. What I want is to enforce single sign-on so that users can only log in through the centralized authentication system, and to disable their ability to change passwords after they have authenticated via Keycloak. Could you help me resolve this issue?” Thank you in advance for your help
1 Like
Hi @Sunucu_Sistem ,
We’re glad to see you in the community!
I’m afraid there isn’t a direct way to disable that functionality. The only way we can think of, is to explicetly block the requests to that endpoint in the nginx:
GET /user-settings/user-change-password
I change the tags in order to be considered as a feature request.
Thank you!
