Symptoms

Even though IDP is enabled, brand legacy login form are still accessible. 

Example of brand legacy login form: https://example.com/servlet/Turbine/frm/single/ 

This still allow end-users who has saved the path to login without theoretically mandatory 2FA.

Cause

Brand legacy login form is still not disabled to provide fall back access method if IDP service rendered inaccessible.

This will be disabled in future release.

Resolution

If you wish to hide brand legacy login form. 

Please use below method:

A. IF your platform is employing k8s based UI Cluster or branding-ui-cluster, please use below method:

1. Get the name of your branding-ui-cluster-ui pod: 

kubectl get pods | grep branding-ui-cluster-ui

2. Access the pod: 

kubectl exec -it <fullname of your branding-ui-cluster-ui> -c branding-ui-cluster-httpd  --bash

3. Edit the /var/www/<brand_domain>/.htaccess like below:

 4. restart httpd:

/usr/sbin/httpd -k restart

B. IF your platform is employing UI cluster, please use below method:

1. ssh to your UI node(s)
 

2. Edit the /var/www/<brand_domain>/.htaccess like below:

 3. restart httpd:

/usr/sbin/httpd -k restart

C. To re-enable the legacy login form. Follow the same steps and hash (#) the line which you added into the .htaccess file. httpd service has to be restarted afterwards.

Notes: Please bear in mind, this customization will be cleared on brand update.