fix: cleanup docs

defenseunicorns · Dec 9, 2024 · 816beb9 · 816beb9
1 parent a13ab53
commit 816beb9
Showing 1 changed file with 1 addition and 118 deletions.
diff --git a/docs/reference/UDS Core/IdAM/authentication-flows.md b/docs/reference/UDS Core/IdAM/authentication-flows.md
@@ -44,125 +44,8 @@ By defualt UDS Core has all three options configured out of the box.
 | Username Password with Social (IDP) | `ENABLE_SOCIAL_LOGIN: true`<br>`ENABLE_X509_LOGIN: false`<br>`ENABLE_USERNAME_PASSWORD_AUTH: true`<br>`ENABLE_REGISTER_BUTTON: true`<br>`ENABLE_REGISTRATION_FIELDS: true` | `deny_username_password: DISABLED`<br>`reset_credential_flow: REQUIRED`<br>`registration_form: REQUIRED`<br>`otp_enabled: true` |
 | X509 with Social (IDP) | `ENABLE_SOCIAL_LOGIN: true`<br>`ENABLE_X509_LOGIN: true`<br>`ENABLE_USERNAME_PASSWORD_AUTH: false`<br>`ENABLE_REGISTER_BUTTON: true`<br>`ENABLE_REGISTRATION_FIELDS: true `| `deny_username_password: REQUIRED`<br>`reset_credential_flow: DISABLED`<br>`registration_form: REQUIRED`<br>`otp_enabled: false` |
 
-### Username Password Only Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: false
-ENABLE_X509_LOGIN: false
-ENABLE_USERNAME_PASSWORD_AUTH: true
-ENABLE_REGISTER_BUTTON: true
-ENABLE_REGISTRATION_FIELDS: true # optional
-```
-
-Realm configurations:
-```bash
-deny_username_password: DISABLED
-reset_credential_flow: REQUIRED
-registration_form: REQUIRED
-otp_enabled: true
-```
-
-### Social (IDP) Only Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: true
-ENABLE_X509_LOGIN: false
-ENABLE_USERNAME_PASSWORD_AUTH: false
-ENABLE_REGISTER_BUTTON: false
-ENABLE_REGISTRATION_FIELDS: false
-```
-
-Realm configurations:
-```bash
-deny_username_password: REQUIRED
-reset_credential_flow: DISABLED
-registration_form: DISABLED
-otp_enabled: false
-```
-
-### X509 Only Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: false
-ENABLE_X509_LOGIN: true
-ENABLE_USERNAME_PASSWORD_AUTH: false
-ENABLE_REGISTER_BUTTON: true
-ENABLE_REGISTRATION_FIELDS: true # optional
-```
-
-Realm configurations:
-```bash
-deny_username_password: REQUIRED
-reset_credential_flow: DISABLED
-registration_form: REQUIRED
-otp_enabled: false
-```
-
-### Username Password with X509 Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: false
-ENABLE_X509_LOGIN: true
-ENABLE_USERNAME_PASSWORD_AUTH: true
-ENABLE_REGISTER_BUTTON: true
-ENABLE_REGISTRATION_FIELDS: true # optional
-```
-
-Realm configurations:
-```bash
-deny_username_password: DISABLED
-reset_credential_flow: REQUIRED
-registration_form: REQUIRED
-otp_enabled: true
-```
-
-### Username Password with Social (IDP) Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: true
-ENABLE_X509_LOGIN: false
-ENABLE_USERNAME_PASSWORD_AUTH: true
-ENABLE_REGISTER_BUTTON: true
-ENABLE_REGISTRATION_FIELDS: true # optional
-```
-
-Realm configurations:
-```bash
-deny_username_password: DISABLED
-reset_credential_flow: REQUIRED
-registration_form: REQUIRED
-otp_enabled: true
-```
-
-### X509 with Social (IDP) Authentication
-Theme configurations:
-```bash
-ENABLE_SOCIAL_LOGIN: true
-ENABLE_X509_LOGIN: true
-ENABLE_USERNAME_PASSWORD_AUTH: false
-ENABLE_REGISTER_BUTTON: true
-ENABLE_REGISTRATION_FIELDS: true # optional
-```
-
-Realm configurations:
-```bash
-deny_username_password: REQUIRED
-reset_credential_flow: DISABLED
-registration_form: REQUIRED
-otp_enabled: false
-```
-
-
 ### Security Concerns and Misconfigurations
 
-* If Username/Password registration/login is disabled, there is still potential for someone to reach the reset credential flow and set their password. If not configured correctly that user could use that password to authenticate.
-
-* If Username/Password registration/login is disabled but `updated_password_enabled=true`, a user can set their password and potentially use that password to authenticate.
+* If Username/Password registration/login is disabled but `updated_password_enabled=true`, there is still potential for someone to reach the reset credential flow and set their password. If not configured correctly that user could use that password to authenticate.
 
 * `registration_form=DISABLED` and `ENABLE_REGISTER_BUTTON=false` are **only** for when Social login ( X509/CAC/PIV/YUBIKEY ) is the **only** method to register/login.
-
-
-## Known issues
-* when x509 is disabled there is still a pop up when a user has one on login page, adding a check that x509 login is enabled still results in something showing up but cant figure out where that comes from
-
-* remove registration fields from account? would need to add something in the realm.json into the big long string that makes it so only admin can view/edit or would have to remove those fields from that string somehow