View Issue Details

This bug affects 1 person(s).
 8
IDProjectCategoryView StatusLast Update
17434Feature requestsAuthenticationpublic2022-06-29 16:21
ReporterDenisChenu Assigned To 
PrioritynoneSeverityfeature 
Status newResolutionopen 
Summary17434: TwoFactorAdminLogin with SAML and otherb redirect system
Description

Currently TwoFactorAdminLogin work with AuthDB and maybe with AuthLDAP plugin.
But nothing is done for other plugin specifically Plugin using redirect (OAuth or SAML or ...)

Additional Information

A lot of situation where have 2FA are (paypal for example)

  1. Connect with user/pass
  2. If OK : show 2FA code
  3. If OK : connect

Then : maybe adding 2FA control after connection is done ?

With newUserSession :

  1. set plugin priority at -1 (then after other)
  2. if user conexion is OK : $authEvent->get('result')->isValid() : show the 2FA form

Maybe with https://manual.limesurvey.org/AfterSuccessfulLogin too ?

With beforeControllerAction (3.X)

  1. If user is connected
  2. But session 2FA is not set
  3. Show the form
TagsNo tags attached.
Bug heat8
Story point estimate
Users affected %

Relationships

related to 17693 confirmed Bug reports LDAP and 2FA plugin conflict 

Users monitoring this issue

DenisChenu

Activities

Mazi

Mazi

2021-07-13 21:01

updater   ~65431

Would be interesting to know how many users are using a different login method or special plugin.

From what I can tell, LDAP is probably the approach used most as an alternative. What do others (@DenisChenu, @jelo, ...) think?

DenisChenu

DenisChenu

2021-07-14 00:49

developer   ~65435

I have AuthSAML , AuthCAS and a lot of SSO system, WPAuth (i think it was not used, but someone ask for 5.X compat : https://github.com/SondagesPro/LS-AuthWPbyDB/pull/3)

DenisChenu

DenisChenu

2021-07-15 15:24

developer   ~65462

PS : with SSO : i think 2FA must be done before (by SSO in fact).

DenisChenu

DenisChenu

2021-07-19 08:33

developer   ~65501

@galads : i put it a new : waiting for confirmation (september surely)

galads

galads

2021-11-02 10:20

reporter   ~67048

@DenisChenu , any progress on this task? Should I sync it to Zoho?

DenisChenu

DenisChenu

2021-11-02 10:23

developer   ~67049

It's a Feature request.

Currently client don't like 2FA App. Want a email confirmation …
Then : no client for me.

Finally : like you want ;)

Issue History

Date Modified Username Field Change
2021-07-13 16:23 DenisChenu New Issue
2021-07-13 21:01 Mazi Note Added: 65431
2021-07-14 00:49 DenisChenu Note Added: 65435
2021-07-15 15:24 DenisChenu Note Added: 65462
2021-07-19 08:28 galads Assigned To => DenisChenu
2021-07-19 08:28 galads Status new => assigned
2021-07-19 08:33 DenisChenu Note Added: 65501
2021-07-19 08:33 DenisChenu Assigned To DenisChenu =>
2021-07-19 08:33 DenisChenu Status assigned => new
2021-07-19 08:33 DenisChenu Issue Monitored: DenisChenu
2021-11-02 10:20 galads Note Added: 67048
2021-11-02 10:20 galads Bug heat 6 => 8
2021-11-02 10:23 DenisChenu Note Added: 67049
2021-11-03 09:05 DenisChenu Relationship added related to 17693