Two Factor Authentication module
Edition |
Incubator (services) |
||
Issues |
|||
Git |
|||
Latest |
1.0
|
The Two Factor Authentication module enables two factor authentication (2FA) via Time-Based One-Time Password (TOTP). for Magnolia’s default login form.
A private key is generated and sent to the sent to the user’s email as a QR code. The user scans this code in a suitable password generating app such as Google Authenticator, Microsoft Authenticator, or another 2FA tool.
On log in, users are required to enter the latest code generated by the app using their secret key. Only when the correct code is provided can the user log in.
Prerequisites
-
You must have the Mail module installed and the mail server configured in order to proceed.
Administrators need to generate QR codes for users and verify them before enabling the 2FA feature. If you have already enabled two-factor authentication:
|
Installing with Maven
Maven is the easiest way to install the module. Add the following to your bundle:
<dependency>
<groupId>info.magnolia.security</groupId>
<artifactId>two-factor-authentication</artifactId>
<version>1.0</version>
</dependency>
Configuration
There are a few configuration areas that this module modifies.
-
Standard Magnolia securityCallback
-
Standard Magnolia loginHandlers
-
Mail module qrCodeEmailTemplate
-
Two Factor Authentication module Module Configuration
securityCallback
At /server/filters/securityCallback/clientCallbacks/form/
the loginForm
property is changed from:
/defaultMagnoliaLoginForm/login.html
to
/defaultMagnoliaLoginForm/2fa-login.html
At the same location, the class
property is changed from:
info.magnolia.cms.security.auth.callback.FormClientCallback
to
info.magnolia.security.twofactorauth.auth.callback.TwoFactorAuthenticationFormClientCallback
loginHandlers
At /server/filters/login/loginHandlers/Form
the class
property is changed from:
info.magnolia.cms.security.auth.login.FormLogin
to
info.magnolia.security.twofactorauth.auth.login.TwoFactorAuthenticationFormLogin