Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78816

Authentication: MFA - Support for external systems (login/token.php)

Details

    • MOODLE_402_STABLE
    • MDL-78816-master
    • Hide
      Prerequisite
      1. Moodle mobile app.
      2. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following:
        • Ensure that the phone with the mobile app and the web server are on the same network. Or
        • Expose the web server over the internet (https) via ngrok.
      Test new MFA setting
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. Open Plugins > Admin tools > Multi-factor authentication > Manage multi-factor authentication
      3. Tick off the MFA plugin enabled to enable MFA and Save changes
      4. Open the Mobile app
      5. Confirm that:
      6. * You can login into the site
      7. Go back to the MFA admin settings
      8. Now, select the “Moodle mobile web service” option in the “External services with MFA enabled” setting
      9. Click Save changes
      10. Go back to the app, logout, try to log in again and confirm that
      11. * You see an error and if you expand the error details you see “Multi-factor authentication is required for this service”
      Show
      Prerequisite Moodle mobile app. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following: Ensure that the phone with the mobile app and the web server are on the same network. Or Expose the web server over the internet (https) via ngrok. Test new MFA setting As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features Open Plugins > Admin tools > Multi-factor authentication > Manage multi-factor authentication Tick off the MFA plugin enabled to enable MFA and Save changes Open the Mobile app Confirm that: * You can login into the site Go back to the MFA admin settings Now, select the “Moodle mobile web service” option in the “External services with MFA enabled” setting Click Save changes Go back to the app, logout, try to log in again and confirm that * You see an error and if you expand the error details you see “Multi-factor authentication is required for this service”
    • 6

    Description

      The current implementation of tool_mfa is restricted to normal web session logins, it is not hooking into alternative authentication/access methods such as the one used by external systems (mobile app)

      Supporting MFA in the login/token.php could be a bit challenging as there are some factors that will require presenting a second page to the user (currently email, totpt and webauthn).

      For detailed information about the proposed solution for external services such as the Mobile app see: https://docs.google.com/document/d/1D1ODl_7PcGNQcOmWkHOHBDYKtf5wYq9WxvZ-j64ZYys/edit

      Attachments

        Issue Links

          Activity

            People

              jleyva Juan Leyva
              jleyva Juan Leyva
              Rodrigo Mady Rodrigo Mady
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 day, 4 hours, 30 minutes
                  1d 4h 30m

                  Clockify

                    Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.