Hi, for the moment it is ok for us, because a 2FA authentication with TOTP is already implemented in SOGo
regards, Norman -----Ursprüngliche Nachricht----- Von: users-requ...@sogo.nu <users-requ...@sogo.nu> Im Auftrag von Christian Mack Gesendet: Freitag, 13. Juni 2025 09:55 An: users@sogo.nu Betreff: Re: [SOGo] OpenID login AND normal username/password login Hello Am 05.06.25 um 14:39 schrieb beon-IT contact (cont...@beon-it.de): > > we have several environments with users they has to be able to login with > username & password only. > They are called „public user“ and they aren’t has access to the IDP server. > I am sure they are more reasons for that. > Then you should have 2 systems anyway, as their users have different security rating. Because of that their data should be kept separate. > Also in other applications we know it is possible to login with username and > password or with Oauth2 > Both together. > Yes, but that are all systems, which only use OAuth2 + credentials for authentication to themselves, not to other systems. SOGo has to authenticate to IMAP and SMTP. > But doesn’t matter if that is not possible. Thanks for responding > > By the way: your smime signature is not resolvable > That is a problem of mailing lists, which change the From: address, in order to prevent Spam flagging via DMARC. Therefore the signature doesn't match the From: anymore. Kind regards, Christian Mack >> Am 05.06.2025 um 09:17 schrieb Christian Mack >> (christian.m...@uni-konstanz.de) <users@sogo.nu>: >> >> Hello >> >> There is no way, this can work on one SOGo instance. >> That is because internal access to IMAP and SMTP changes based on the >> authentication method. >> You would need to provide two instances, one with OID and one with direct >> credentials access. >> >> In my opinion your use case is at least strange. >> Of course the OID server can be down, but also can the database server or >> the LDAP server or the IMAP server or the reverse proxy or the firewall or >> ... be down. >> >> In order to prevent downtime, you have to use 2 or more servers of each kind >> and use some Proxy to always use the ones active. >> That is what HA is about. >> >> >> Kind regards, >> Christian Mack >> >> Am 05.06.25 um 08:49 schrieb beon-IT contact (cont...@beon-it.de): >>> Hi Guys, >>> does anyone know this? OpenID enabled means that the normal Login is >>> disabled. >>> How can we solve this? >>> Many thanks in advance! >>> Regards, >>> Norman >>>> Am 19.05.2025 um 10:14 schrieb contact (cont...@beon-it.de) >>>> <users@sogo.nu>: >>>> >>>> Hello together, >>>> is it possible to use both togehter?: >>>> >>>> - Login via IdP Server connected via openid >>>> - Normal login via username + password >>>> The reason for that is, it can be that the IdP Server is down. So a >>>> normal login has to be possible at any time. >>>> Thank and regards >> >> >> -- >> Christian Mack >> Universität Konstanz >> Kommunikations-, Informations-, Medienzentrum (KIM) >> Abteilung IT-Dienste Forschung, Lehre, Infrastruktur >> 78457 Konstanz >> +49 7531 88-4416 -- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416
