aidan- / simpletotp Goto Github PK
View Code? Open in Web Editor NEWA highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp.
License: MIT License
A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp.
License: MIT License
G'day @aidan-,
I have been using your SimpleTOTP module with a SimpleSAMLPHP v1.x installation, and am now trying to upgrade to v2.x
I realise that you may not be actively working in this space any more, but was wondering if your PHP insights may be able to assist.
I am hitting this error:
SimpleSAML\Error\UnserializableException: Could not resolve 'simpletotp:2fa': The class 'SimpleSAML\Module\simpletotp\Auth\Process\2fa' isn't a subclass of '\SimpleSAML\Auth\ProcessingFilter'.
I have modified the class definition from:
class sspmod_simpletotp_Auth_Process_2fa extends SimpleSAML_Auth_ProcessingFilter
to
use SimpleSAML\Auth;
...
class sspmod_simpletotp_Auth_Process_2fa extends Auth\ProcessingFilter
So, from what I understand, through the extends
keyword, the class "sspmod_simpletotp_Auth_Process_2fa" class is a sub class of SimpleSAML\Auth\ProcessingFilter
.
Do you have any pointers?
Using SimpleSAML from apt-get install under Ubuntu 16.04. Followed install instructions.
Get the following error upon trying an auth:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /usr/share/simplesamlphp/www/module.php:170 (N/A)
Caused by: Exception: Could not resolve 'simpletotp:2fa': No class named 'sspmod_simpletotp_Auth_Process_2fa'.
Do I have to manually enable the module? Right now it's in: /usr/share/simplesamlphp/modules/SimpleTOTP and "default-enable" is present.
thanks!
In public/authenticate.php line 22: throw new SimpleSAML_Error_BadRequest(
should be changed to throw new SimpleSAML\Error\BadRequest(
.
Hey,
Can you please provide an install guide with the steps?
I tried it my self but i get a : SimpleSAML\Error\CriticalConfigurationError: The configuration is invalid: The configuration (config/config.php) is invalid: Missing configuration file
Backtrace:
0 www/_include.php:70 (N/A)
After login no totp request and ga_secret is not removed
After each deployment, when the user enters TOTP, it becomes invalid, requiring them to set up TOTP again as the previous configuration no longer works.
for upcoming 1.70 release a twig template is needed
The user is able to bypass the TOTP page just by refreshing the page.
Issue:
The variable 'lastverified' is intended to track the time when the user last successfully verified the TOTP code. However, in the current code, 'lastverified' is set as soon as the user lands on the authentication page, which appears to be incorrect. 'lastverified' should only be set when the TOTP is successfully matched and verified. As a workaround, I have moved the code to set 'lastverified' within the authenticate.php file, under the section where the TOTP code is matched.
if ($code === $_REQUEST['code']) {
$now = time();
**$session->setData(
'\SimpleSAML\Module\simpletotp',
'lastverified',
$now,
Session::DATA_TIMEOUT_SESSION_END
);**
ProcessingChain::resumeProcessing($state);
} else {
$displayed_error = "You have entered the incorrect TOTP token.";
}
This needs to be fixed asap.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.