@jmumby
Some changes made in admin ask for a password. This is the Matomo super user password not SAML password.
Summary
When a user makes some changes in admin the UI prompts for a password to confirm this change. It is expected this is the same as that used in LoginSAML but is in fact the Matomo password. They will then attempt to change their password after contacting support only to find the password reset also requires the original password. They then can not access the password reset feature without logging out or even then not have access as the Matomo is configured to not show the standard login.
Maybe this could be a general setting not to ask for password confirmation for all login types?
@bx80
Nice summary @jmumby :+1:
Another possible solution could be to allow the prompt for password check to be overridden by plugins, so the LoginSAML could handle the check using the expected user SAML password.
I'll assign this issue for prioritisation.
@sgiehl
@jmumby This needs to be created as an issue of the plugin. Core already provides a possibility to overwrite/disable the password confirmations. In addition, that password check uses the PasswordVerifier class, to check if the password is correct. That one can be overwritten by a plugin, to perform custom password checks.
@AltamashShaikh