Opened 5 years ago

Closed 5 years ago

#1087 closed enhancement (fixed)

Changes needed for supporting multiple authentication managers

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: critical Milestone: OTP login v1.2
Component: net.sf.basedb.otp Keywords:
Cc:

Description

The OTP extension should be updated so that it works with multiple authentication managers. See BASE ticket: ​http://base.thep.lu.se/ticket/2131

Change History (8)

comment:1 by Nicklas Nordborg, 5 years ago

(In [5145]) References #1087: Changes needed for supporting multiple authentication managers

Switch to BASE 3.14.

comment:2 by Nicklas Nordborg, 5 years ago

(In [5146]) References #1087: Changes needed for supporting multiple authentication managers

Updated CSS rules and script so that they are only active when <body data-login-form="net.sf.basedb.otp.login-form"> is set.

Added display name OTP to the login form.

comment:3 by Nicklas Nordborg, 5 years ago

(In [5147]) References #1087: Changes needed for supporting multiple authentication managers

The login manager now ignores login requests from other login forms.

comment:4 by Nicklas Nordborg, 5 years ago

(In [5151]) References #1087: Changes needed for supporting multiple authentication managers

Removed the optional "OTP or password" login option since it will not do what is expected if multiple authentication manages are installed. If this functionality is wanted when only the !OTP manager is installed the server manager should enable the "Password" login that is implemented in BASE. See http://base.thep.lu.se/changeset/7536

Also changed the interpration of the 'require-otp' setting so that it will not allow any other login manager if enabled.

comment:5 by Nicklas Nordborg, 5 years ago

(In [5153]) References #1087: Changes needed for supporting multiple authentication managers

The OTP setup now uses the 'login-form' attribute with value 'net.sf.basedb.otp.otp-setup' to trigger the setup login manager.

The returned authentication method has been changed to 'password' (from 'otp+password') since the OTP used in the setup is not really used for authentication.

comment:6 by Nicklas Nordborg, 5 years ago

(In [5157]) References #1087: Changes needed for supporting multiple authentication managers

Added configuration setting for allowing other authentication methods also for user accounts that have been configured to use OTP.

The check and enforcement is implemented in the new OtpAuthenticationManager.vetoAuthenticatedUser() method.

comment:7 by Nicklas Nordborg, 5 years ago

(In [5187]) References #1087: Changes needed for supporting multiple authentication managers

Updated README

comment:8 by Nicklas Nordborg, 5 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.