Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML bypassing TFA #116

Open
fclaussen opened this issue Apr 20, 2021 · 1 comment
Open

SAML bypassing TFA #116

fclaussen opened this issue Apr 20, 2021 · 1 comment

Comments

@fclaussen
Copy link

Hi everyone,

I've configured this plugin and it is working as intended for the most part.
However, when trying to implement a separate TFA plugin I'm facing issues as this plugin is bypassing the TFA process entirely.
I'm trying to work with this one https://wordpress.org/plugins/two-factor/

By logging in manually everything works fine. Logging in using SAML bypasses the screen asking for the TFA code.
I've tried enabling the wp_login hook with no success.

Did anyone face this issue before? Did you use a different TFA plugin?
Thanks for all the help.
@pitbulk
Copy link
Contributor

pitbulk commented Jun 4, 2021

The two-factor plugin uses an action defined on the wp_login method, which basically will stop the wp login flow and show the 2fa.

wordpress-saml triggers the wp_login only if you enable a setting at the SAML configuration (trigger login hook).

I believe that if you enable it, you should see the 2fa requirements screen.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pitbulk @fclaussen