View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 8
IDProjectCategoryView StatusDate SubmittedLast Update
17434Feature requestsAuthenticationpublic2021-07-13 16:232025-03-14 17:35
ReporterDenisChenu Assigned ToDenisChenu  
PrioritynoneSeverityfeature 
Status assignedResolutionopen 
Summary17434: TwoFactorAdminLogin work only with AuthDB
Description

Currently TwoFactorAdminLogin work with AuthDB
But nothing is done for other plugin specifically Plugin using redirect (OAuth or SAML or ...)

Additional Information

A lot of situation where have 2FA are (paypal for example)

  1. Connect with user/pass
  2. If OK : show 2FA code
  3. If OK : connect

Then : maybe adding 2FA control after connection is done ?

With newUserSession :

  1. set plugin priority at -1 (then after other)
  2. if user conexion is OK : $authEvent->get('result')->isValid() : show the 2FA form

Maybe with https://manual.limesurvey.org/AfterSuccessfulLogin too ?

With beforeControllerAction (3.X)

  1. If user is connected
  2. But session 2FA is not set
  3. Show the form
TagsNo tags attached.
Bug heat8
Story point estimate0
Users affected %0

Relationships

Relationship GraphDependency Graph
related to 17693 confirmed Bug reports LDAP and 2FA plugin conflict 
related to 20002 ready for testingtibor.pacalat Bug reports Create 2FA enforcement setting for 2FA plugin 

Users monitoring this issue

DenisChenu

Activities

Mazi

Mazi

2021-07-13 21:01

updater   ~65431

Would be interesting to know how many users are using a different login method or special plugin.

From what I can tell, LDAP is probably the approach used most as an alternative. What do others (@DenisChenu, @jelo, ...) think?
DenisChenu

DenisChenu

2021-07-14 00:49

developer   ~65435

I have AuthSAML , AuthCAS and a lot of SSO system, WPAuth (i think it was not used, but someone ask for 5.X compat : https://github.com/SondagesPro/LS-AuthWPbyDB/pull/3)
DenisChenu

DenisChenu

2021-07-15 15:24

developer   ~65462

PS : with SSO : i think 2FA must be done before (by SSO in fact).
DenisChenu

DenisChenu

2021-07-19 08:33

developer   ~65501

@galads : i put it a new : waiting for confirmation (september surely)
galads

galads

2021-11-02 10:20

reporter   ~67048

@DenisChenu , any progress on this task? Should I sync it to Zoho?
DenisChenu

DenisChenu

2021-11-02 10:23

developer   ~67049

It's a Feature request.

Currently client don't like 2FA App. Want a email confirmation …
Then : no client for me.

Finally : like you want ;)

Issue History

Date Modified Username Field Change
2021-07-13 16:23 DenisChenu New Issue
2021-07-13 21:01 Mazi Note Added: 65431
2021-07-14 00:49 DenisChenu Note Added: 65435
2021-07-15 15:24 DenisChenu Note Added: 65462
2021-07-19 08:28 galads Assigned To => DenisChenu
2021-07-19 08:28 galads Status new => assigned
2021-07-19 08:33 DenisChenu Note Added: 65501
2021-07-19 08:33 DenisChenu Assigned To DenisChenu =>
2021-07-19 08:33 DenisChenu Status assigned => new
2021-07-19 08:33 DenisChenu Issue Monitored: DenisChenu
2021-11-02 10:20 galads Note Added: 67048
2021-11-02 10:20 galads Bug heat 6 => 8
2021-11-02 10:23 DenisChenu Note Added: 67049
2021-11-03 09:05 DenisChenu Relationship added related to 17693
2025-03-12 00:50 DenisChenu Relationship added related to 20002
2025-03-14 17:28 DenisChenu Assigned To => DenisChenu
2025-03-14 17:28 DenisChenu Status new => assigned
2025-03-14 17:28 DenisChenu Summary TwoFactorAdminLogin with SAML and otherb redirect system => TwoFactorAdminLogin with SAML and other redirect system
2025-03-14 17:28 DenisChenu Story point estimate => 0
2025-03-14 17:28 DenisChenu Users affected % => 0
2025-03-14 17:31 DenisChenu Description Updated
2025-03-14 17:35 DenisChenu Summary TwoFactorAdminLogin with SAML and other redirect system => TwoFactorAdminLogin work only with AuthDB