It seems to me that if, for example, I configure OpenID Connect ONLY authentication I have no fallback to local authentication if one day OIDC auth was to fail for whatever reason. For sure “Mixed-mode” exists but that just encourages half of my team to skip the OIDC button and continue authenticating with their LDAP accounts / local accounts (which is what they did in the past) - old habits die hard and while the team SHOULD go through the OIDC flow, do MFA, sign on with our SSO system etc., they often just SEE the Centreon login page and use it - so Mixed mode is not really useful for us.
In the case of an OIDC / SAML failure (imagine after an upgrade of these systems, not impossible) could you not do provide an IP restricted URL that would provide local authentication fallback to the admins of Centreon that come from a certain restricted IP range, or potentially a configuration file that declares the auth type so that it could it temporarily changed until the OIDC problems are fixed.
Auth_type = “local_only | oidc_only | oidc_mixed | saml_only | saml_mixed” etc.
