If your users sign on using SAML, just set a random password of length 100. If that is not enough, I have created an app where I created my own login action where I always throw an error, so no normal login can occur:
import java.util.Map;
import com.mendix.core.Core;
import com.mendix.logging.ILogNode;
import com.mendix.m2ee.api.IMxRuntimeRequest;
import com.mendix.systemwideinterfaces.core.AuthenticationRuntimeException;
import com.mendix.systemwideinterfaces.core.ISession;
import com.mendix.systemwideinterfaces.core.UserAction;
public class CustomLoginAction extends UserAction<ISession>
{
private String userName;
private String password;
private IMxRuntimeRequest request;
public final static String USER_NAME_PARAM = "userName";
public final static String PASSWORD_PARAM = "password";
public CustomLoginAction(Map<String, ? extends Object> params) {
super(Core.createSystemContext());
this.userName = (String) params.get(USER_NAME_PARAM);
this.password = (String) params.get(PASSWORD_PARAM);
this.request = (IMxRuntimeRequest)params.get("request");
}
@Override
public ISession executeAction() throws Exception
{
ILogNode logNode = Core.getLogger("Authentication");
String remoteAddress = this.request.getRemoteAddr();
String forwardedFor = this.request.getHeader("X-Forwarded-For");
String realIP = this.request.getHeader("X-Real-IP");
if( realIP == null )
realIP = forwardedFor;
if( realIP == null )
realIP = remoteAddress;
logNode.warn("Regular login request for user: " + userName + " (X-Real-IP: " + realIP + ", X-Forwarded-For:" + forwardedFor + ", remote address: " + remoteAddress + ").");
throw new AuthenticationRuntimeException("Login FAILED: normal login action disabled!");
}
}
It looks like each request creates a session, but the sessions does not get closed at the end of the request.
Maybe you should file a support ticket?