https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=41584
Bug ID: 41584
Summary: Don't ask for 2FA OTP after SSO login
Initiative type: ---
Sponsorship ---
status:
Product: Koha
Version: Main
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
We have a setup where 2FA = Enforce, and Shibboleth is enabled.
When users choose the SSO login they are redirected to the idP, sign in there
and are then return to Koha. But when they are returned to Koha they are asked
to provide the 2FA OTP. If they do not have 2FA set up for their account they
get a blue box with information about how to set it up, and a key/QR-code.
I am not sure if this happens by accident or design, but it seems to me that
signing in with the idP should be enough, and Koha should not ask for further
"credentials". I might be wrong, though. :-)
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[email protected]
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
