Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
4.0.0
Description
In HIVE-25875, we allowed SAML to be set with other password based authentication, but we pass NONE to the function doPasswordAuth. That is, any requests use basic authentication header can bypass the password verification because NONE means a no-op authentication.
Attachments
Issue Links
- is caused by
-
HIVE-25875 Support multiple authentication mechanisms simultaneously
- Resolved
- links to