Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(casa): after enabling 2fa casa script throws invalid password #262

Closed
moabu opened this issue Jun 22, 2022 · 3 comments
Closed

fix(casa): after enabling 2fa casa script throws invalid password #262

moabu opened this issue Jun 22, 2022 · 3 comments
Assignees
@moabu
Labels
bug Something isn't working comp-casa Component affected by issue or PR priority-1 Issue or PR significantly impacts majority of users; Workaround is partial or overly painful

Comments

@moabu
Copy link
Member

moabu commented Jun 22, 2022

Describe the bug
After successfully registering OTP and FIDO2 , then enabling 2fa. The user can no longer sign in with an error that the password is incorrect. However, that is not true. singing in via basic auth with the admin ui works.

image

To Reproduce
Steps to reproduce the behavior:

  1. Install gluu flex
  2. login into casa
  3. Enable otp and fido2 scripts in the admin-ui
  4. Enable otp and fido2 as 2fa methods in casa
  5. register otp and fido2 devices
  6. logout
  7. attempt to login

If you head to /admin or the admin ui to login then to /casa you can bypass and get straight into casa even with 2fa enabled.

If you disable 2fa using the above method , the user can log back in using his password.

Expected behavior
A user gets prompted for otp /fido2

Screenshots
If applicable, add screenshots to help explain your problem.
@moabu moabu added the bug Something isn't working label Jun 22, 2022
@moabu moabu self-assigned this Jun 22, 2022
@moabu moabu added comp-casa Component affected by issue or PR priority-1 Issue or PR significantly impacts majority of users; Workaround is partial or overly painful labels Jun 22, 2022
@jgomer2001
Copy link
Contributor

If you head to /admin or the admin ui to login then to /casa you can bypass and get straight into casa even with 2fa enabled.

I didn't get quite well this part. If you are already logged into admin-ui and hit casa, you will get straight access because you already have a session in the server. To be re-prompted for credentials, you have to adjust the level of casa script so it is higher than the acr that let you access admin-ui

@iromli
Copy link
Contributor

iromli commented Jun 22, 2022
edited
Loading

This issue is in docker-casa upstream janssenproject/auth-server image where casa-external modules are outdated. I will send PR to address the issue.

@iromli iromli mentioned this issue Jun 22, 2022
Closed
@moabu
Copy link
Member Author

moabu commented Jun 23, 2022

fixed in :

@moabu moabu closed this as completed Jun 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@moabu moabu

Labels
bug Something isn't working comp-casa Component affected by issue or PR priority-1 Issue or PR significantly impacts majority of users; Workaround is partial or overly painful
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@iromli @jgomer2001 @moabu