Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-78816

Authentication: MFA - Support for external systems (login/token.php)

    • MOODLE_402_STABLE
    • MDL-78816-master
    • Hide
      Prerequisite
      1. Moodle mobile app.
      2. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following:
        • Ensure that the phone with the mobile app and the web server are on the same network. Or
        • Expose the web server over the internet (https) via ngrok.
      Test new MFA setting
      1. As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features
      2. Open Plugins > Admin tools > Multi-factor authentication > Manage multi-factor authentication
      3. Tick off the MFA plugin enabled to enable MFA and Save changes
      4. Open the Mobile app
      5. Confirm that:
      6. * You can login into the site
      7. Go back to the MFA admin settings
      8. Now, select the “Enable MFA for the mobile app" option
      9. Click Save changes
      10. Go back to the app, logout, try to log in again and confirm that
      11. * You see an error and if you expand the error details you see “Multi-factor authentication is required for this service”
      Show
      Prerequisite Moodle mobile app. Your Moodle mobile app should be able to connect to your Moodle website. You can either do the following: Ensure that the phone with the mobile app and the web server are on the same network. Or Expose the web server over the internet (https) via ngrok. Test new MFA setting As an admin, enable “Web services for mobile devices” on Site administration ► Advanced features Open Plugins > Admin tools > Multi-factor authentication > Manage multi-factor authentication Tick off the MFA plugin enabled to enable MFA and Save changes Open the Mobile app Confirm that: * You can login into the site Go back to the MFA admin settings Now, select the “Enable MFA for the mobile app" option Click Save changes Go back to the app, logout, try to log in again and confirm that * You see an error and if you expand the error details you see “Multi-factor authentication is required for this service”
    • 6

      The current implementation of tool_mfa is restricted to normal web session logins, it is not hooking into alternative authentication/access methods such as the one used by external systems (mobile app)

      Supporting MFA in the login/token.php could be a bit challenging as there are some factors that will require presenting a second page to the user (currently email, totpt and webauthn).

      For detailed information about the proposed solution for external services such as the Mobile app see: https://docs.google.com/document/d/1D1ODl_7PcGNQcOmWkHOHBDYKtf5wYq9WxvZ-j64ZYys/edit

      Note for integrators:

      • The change in lib/classes/session/manager.php is related to MDL-79712

            jleyva Juan Leyva
            jleyva Juan Leyva
            Rodrigo Mady Rodrigo Mady
            Votes:
            0 Vote for this issue
            Watchers:
            15 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - 0 minutes
                0m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 6 hours, 55 minutes
                1d 6h 55m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.