Topic-icon Two Factor Authentication

Support Specialist
1 month 3 days ago #68879 by mel
Replied by mel on topic Two Factor Authentication
Can you describe what you mean by being logged in? If you turn on multi-factor authentication, have a code set up for the user and hit login, there will be two buttons - to validate and to sign out. If you try to go to any of your site's pages, the prompt will come up. Maybe you'll be technically logged in, but you won't be able to interact with the page until the validation is performed. If this is not the behavior you're seeing, please provide a URL where I can see the behavior in action.

On the front-end, the user should be able to go into their Joomla profile to add multi-factor keys. It's usually with an authenticator app or a passkey. That's separate from SCLogin. We don't handle that.
Support Specialist
1 month 3 days ago #68886 by mel
Replied by mel on topic Two Factor Authentication
Can you verify that you're hitting the Log In button and not the Sign in with Passkey button?
Active Subscriptions:

None
1 month 3 days ago #68888 by sutpat
Replied by sutpat on topic Two Factor Authentication
I have set that if the user registers and logs in for the first time. The user must set up a multi-factor key. The next time they log in I want a login popup to appear for users to enter their code. But now I'm facing a problem. When I enter the username and password and press the Login button, Modal slogin-secretkey It turned out that I didn't need to enter the secret key value. I can log in It was then sent to a Joomla confirmation page for me to verify the code.


What I really need is when I enter my username and password and hit the login button. I want Joomla authentication to be displayed as a modal instead of being sent to another page.


ehss.co.th
this is my page You could try registering and then logging in so you can understand me better because I can't explain it well.


thank you
Support Specialist
1 month 2 days ago #68899 by mel
Replied by mel on topic Two Factor Authentication
I went through your registration and understand what you mean.

The initial prompting of the code is in a modal after 9.1.77. However, if the user pushes log in without a code, they're not actually logged in. Joomla redirects to the multifactor authentication page and needs the code. On the OTP modal, SCLogin passes the login flow to the Joomla Users Component to perform the login. We have no control of what the Joomla Users Component does if the user has tried to submit with an empty key.

On a side note, I am working on another thread for multiauth. 9.1.77 caused some other bugs so I am going to have to fix the secret key popping up in a modal in a different way.
Support Specialist
1 month 1 day ago #68903 by mel
Replied by mel on topic Two Factor Authentication
The code change that I gave earlier is not going to work properly. There are many pieces that it broke.

After talking with Alex, we've decided for J4.2 and later, we're going to rely on Joomla to handle the mutli-factor authentication more and strip out the MFA functionality in our code that we wrote in earlier versions of SCLogin. Joomla has introduced a more improvements in security that weren't present previously. There's a lot of logic that was put in to keep the user tied to that verification page until a code is entered to prevent sidestepping the auth process. Getting around this is extremely cumbersome in code and not really necessary anymore. That being said, this means SCLogin will not support modal verification codes for multifactor authentication after J4.2. Joomla's MFA system is a lot more robust now.
Active Subscriptions:

None
3 weeks 6 days ago #68906 by sutpat
Replied by sutpat on topic Two Factor Authentication
I appreciate the information and advice you have shared.
Active Subscriptions:

None
2 hours 12 minutes ago #68912 by sutpat
Replied by sutpat on topic Two Factor Authentication
Can I turn off one-time password slogin? Because many of my users don't understand about this. So I want to disable this function.