Currently, when SCLogin checks to see if two factor authentication is on, we are only checking to see if any of the twofactorauth plugins are enabled. I have added an issue to our tracker to take the Site Section settings into account.
One thing that you can do to get around this for now is to update the SCLogin code slightly. In /modules/mod_sclogin/helper.php, in the setupTwoFactorAuthentication method around line 83, you can add a statement at the end of the method to set 2-factor auth to false. The new code would be:
public function setupTwoFactorAuthentication()
{
// Two factor authentication check
$jVersion = new JVersion();
if (version_compare($jVersion->getShortVersion(), '3.2.0', '>=') && ($this->user->guest))
{
$db = JFactory::getDbo();
// Check if TFA is enabled. If not, just return false
$query = $db->getQuery(true)
->select('COUNT(*)')
->from('#__extensions')
->where('enabled=' . $db->q(1))
->where('folder=' . $db->q('twofactorauth'));
$db->setQuery($query);
$tfaCount = $db->loadResult();
if ($tfaCount > 0)
{
$this->tfaLoaded = true;
}
}
$this->tfaLoaded = false; /* ADDED TO FORCE TWO-FACTOR AUTHENTICATION OFF*/
}
Two Factor Authentication and SCLogin
