Feature: allow client-sso-user to switch to sso-users only when using P4V

[jerem991]

Hello,

This is a MR request that allows switching a user from the client-sso-users group (non-interactive flow) to the sso-users group (interactive flow) when using P4V (which is intended for interactive use).

Due to our synchronization requirements, we cannot solely use the interactive flow (sso-users) for our user accounts. Over the weekend, we sync data using libraries through WAM to log in silently to Perforce, ensuring everything is ready for work on Monday morning. We aim to avoid any Web SSO authentication pop-ups that could disrupt this process.

The problem arises when a user is classified as a client-sso-user and attempts to log in using P4V. P4V prompts for the user’s password and does not execute the P4LOGINSSO routine. Therefore, the P4V app should automatically be considered as part of the interactive flow (Web SSO) since automation is not feasible in this context.

[p4-nathan]

Hello Jérémie, thank you for the contribution. I will discuss this with product management and we will try to devise a more general solution to the problem of users that need to authenticate in different ways. While examining the clientprog is one way, hard-coding to "P4V" might be too restrictive to work for everyone. I also dislike leaving it up to the client to control this as an attacker could leverage this knowledge to find a way around web-based SSO authentication. Sure, it's not really any easier to hack the usual auth mechanism, but I prefer keeping the control entirely in the server rather than the client.