View Issue Details

This bug affects 3 person(s).
 18
IDProjectCategoryView StatusLast Update
17693Bug reportsPluginspublic2024-05-14 12:53
Reporterkamkom Assigned To 
PrioritynoneSeveritypartial_block 
Status confirmedResolutionopen 
Product Version5.x 
Summary17693: LDAP and 2FA plugin conflict
Description

Setting LDAP as default method of authentication disables 2FA input on login screen.

Steps To Reproduce

Steps to reproduce

Enable LDAP plugin set it as default auth method. Then activate 2FA plugin.
Expected result

On login screen there should be 3 input fields - login, password and 2fa.

Actual result

On login screen there are only 2 fields - login and password, there is no input field to enter 2fa code. Also user with activated 2FA cannot login anymore.

TagsNo tags attached.
Bug heat18
Complete LimeSurvey version number (& build)5.1.17 211025
I will donate to the project if issue is resolvedNo
BrowserGoogle Chrome
Database type & version5.5.5-10.3.29-MariaDB-0+deb10u1
Server OS (if known)Debian
Webserver software & version (if known)Apache/2.4.38
PHP Version 7.3.27

Relationships

related to 17434 new Feature requests TwoFactorAdminLogin with SAML and otherb redirect system 

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2021-11-03 09:06

developer   ~67069

Not really a conflict in my opinion : https://bugs.limesurvey.org/view.php?id=17434

In general :

  1. Connect with User/pass
  2. If OK : new page with 2FA

The TwoFactorAdminLogin must work like this (in my opinion).

joeiachievedit

joeiachievedit

2022-04-07 15:03

reporter   ~68924

I ran into this issue as well - after having LDAP authentication enabled for some time I decided to go ahead and enable the 2FA plugin, only to find myself locked out. I don't disagree with @denischenu but the current functionality is broken. @galads is this something I can help with if someone defines the preferred implementation? I am on CE Version 5.1.10+210913.

FredJackson

FredJackson

2024-05-14 12:53

reporter   ~80103

Surprised this was last updated in 2022.

We use Lime Survey (public sector organisation) and the UK are now mandating AD / LDAP integration AND 2FA as a minimum security requirement for logging in to external-facing web apps.

Can this be developed, agree with @denischenu

Issue History

Date Modified Username Field Change
2021-11-02 21:52 kamkom New Issue
2021-11-03 08:57 galads Assigned To => galads
2021-11-03 08:57 galads Status new => acknowledged
2021-11-03 09:05 DenisChenu Relationship added related to 17434
2021-11-03 09:06 DenisChenu Note Added: 67069
2021-11-03 09:06 DenisChenu Bug heat 0 => 2
2022-04-07 15:03 joeiachievedit Note Added: 68924
2022-04-07 15:03 joeiachievedit Bug heat 2 => 4
2022-11-28 08:55 DenisChenu Assigned To galads =>
2022-11-28 08:55 DenisChenu Status acknowledged => confirmed
2022-11-28 08:56 guest Bug heat 4 => 10
2024-05-14 12:53 FredJackson Note Added: 80103
2024-05-14 12:53 FredJackson Bug heat 10 => 12
2024-05-14 12:54 guest Bug heat 12 => 18