Issue: User are forced to login with External Provider (IdP) while both are allowed
Original message was deleted
RHey @Rob! :gigipixel: Thanks so much for reaching out - I'm going to look into this with our engineers and get back to you with a response ASAP. Thanks for your patience!
SHi @Rob could you please check that the "Username and Password allowed" option is checked both in the Default Settings as well as in the Organization level settings?
SOk, then let me quickly look into what is happening here.
SIs the linked IDP still active?
SDo you use any OIDC scopes?
STo start the OIDC flow, but is irrelevant if you want to login to the console
SThere is already an issue regarding this topic around fallback handling in the login, refer to https://github.com/zitadel/zitadel/issues/6466.
In the meantime, we are working on a fix to solve your problem, I will keep you updated.
In the meantime, we are working on a fix to solve your problem, I will keep you updated.
GitHub
Preflight Checklist I could not find a solution in the existing issues, docs, nor discussions I have joined the ZITADEL chat Describe your problem Given I have configured an IDP while allowing pass...
Syes, we merged https://github.com/zitadel/zitadel/pull/9136, which will be available in the next release
SWith this if you disallow the external login, you will not be redirected to the external IDP.
That you always get the selection of password or IDP, unfortunately you would need to wait for the before mentioned PR.
That you always get the selection of password or IDP, unfortunately you would need to wait for the before mentioned PR.
Shttps://github.com/zitadel/zitadel/pull/9178 , I'm literally in the process of reviewing the fix right now, which means there should be a release shortly
GitHub
Which Problems Are Solved
The current login will always prefer external authentication (through an IdP) over local authentication. So as soon as either the user had connected to an IdP or even when...
The current login will always prefer external authentication (through an IdP) over local authentication. So as soon as either the user had connected to an IdP or even when...
SI will quickly ask internally, let me get back to you.
SThursday
SIDP first is still the plan, but you should get a password login when you return form the failed external IDP login.
Is username and password login enabled in the settings?
Does the respective user have a password or passkey set?
Is username and password login enabled in the settings?
Does the respective user have a password or passkey set?
SThe problem is here that you get stuck on the IDP login, if you would come back to Zitadel with an error, as it should be as the login was not successful, then you could use your password.
The current login expects if you logged in with an IDP, you should be able do login again, if not you should return with an error.
It's unfortunate but I can only propose to create an issue and/or support request regarding this problem of improper error handling of IDPs
The current login expects if you logged in with an IDP, you should be able do login again, if not you should return with an error.
It's unfortunate but I can only propose to create an issue and/or support request regarding this problem of improper error handling of IDPs
SIf it's a newly created user you still can select IDP or type in the username and then login with password.
This didn't change at all
This didn't change at all
SThe logic for auto redirect to external IDPs was implemented already some time ago, so to further improve on the SSO functionality.