![]() ![]() We require this to work with LDAP/AD accounts. I've added into the plugin the ability to fall back and check all other installed auth plugins for authentication as the way it's provided it only works with manual accounts. I do see value in a user being able to enable it for their account however. Our use case is slightly different however as we're only allowing high level system context roles to use it - and to enable it they will be trained individually prior to enabling it for each user. As such I'm running into some minor issues with the plugin approach for this. ![]() I considered abandoning the work I'd done on these plugins to head down that path - that may yet happen - but have persevered with the code we have and modified it to bring it up to scratch. I do agree with you however that two-factor integrated into Core would be very nice. It works with Google Authenticator, so I assume other apps will be fine too. The code provided is similar, but we've modified it heavily to work a bit better and with the standard login page. I'll push my code to my GitHub fork at a later date and if you think the changes are OK then you're welcome to grab them. I also see that the token generation/manipulation/management for the user and support/admin staff will need a lot of work. I would like to add the option of making it optional for all users - but that's not a priority at this moment for us. I am also adding the ability to specify which roles 2fa is required for at the System context level. I didn't see a better way around the issue without rewriting all the authentication code. One downside of how this needed to be implemented is that the code will now require mcrypt to run. This is a little nicer as it will then work more like mainstream services which also use 2fa google, facebook, github etc etc. Two distinct login screens would be a nightmare to support (implementing 2fa will be enough of a headache for the users who require it) so we needed to implement a different way. I have modified the login process so that the separate login page (/auth/a2fa/login.php) isn't required if a user is configured to use 2factor it will throw up an intermediate page to prompt them for the token rather than being expected to enter it in the initial login form. We've grabbed this from GitHub and we're working toward making this compulsory for some higher level system context roles. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |