LDAP + 2FA support for Cloudron Apps
-
I am starting a new topic to keep the discussion to the point. Previous discussions are linked at the bottom of this post. This is to request Cloudron to support inline TOTP code with LDAP Password in the form
password;2FCODE.;TLDR User Stories
Admin can choose to opt-in for
password:2fcodefeature from Settings.
During authentication, Cloudron checks for the setting, and if enabled, splitspasswordand2fcode.
Cloudron performs authentication based on password and the 2fa code.The last discussion with @girish ended with him mentioning that there's some standardization going on in the field of 2FA in custom fields of LDAP. Out of curiosity, I looked at the roadmaps of many open source projects and found that very few have any plans to standardize or even support TOTP secret through LDAP fields. I have no hopes of any standardization in the near future that Cloudron can look forward to.
I am serious about security, and mandate everyone in my team to enable 2FA whenever possible. We're also using more and more new apps, and I'm seeing mandatory 2FA in individual apps a lot of trouble to go through.
I already have 13 different entries for individual apps' 2FA codes, and the list is growing. Then there are the recovery codes of all apps written on dozens of pieces of paper - The situation is the same across the team, and it's only going to be worse when we stop using apps.
Please do something about it! Pretty, please?
More discussion on this topic:
https://forum.cloudron.io/topic/3285/2fa-for-all-ldap-apps/39
https://forum.cloudron.io/topic/2433/the-real-sso-with/1
https://forum.cloudron.io/topic/1972/i-am-missing-real-sso/1 -
I am starting a new topic to keep the discussion to the point. Previous discussions are linked at the bottom of this post. This is to request Cloudron to support inline TOTP code with LDAP Password in the form
password;2FCODE.;TLDR User Stories
Admin can choose to opt-in for
password:2fcodefeature from Settings.
During authentication, Cloudron checks for the setting, and if enabled, splitspasswordand2fcode.
Cloudron performs authentication based on password and the 2fa code.The last discussion with @girish ended with him mentioning that there's some standardization going on in the field of 2FA in custom fields of LDAP. Out of curiosity, I looked at the roadmaps of many open source projects and found that very few have any plans to standardize or even support TOTP secret through LDAP fields. I have no hopes of any standardization in the near future that Cloudron can look forward to.
I am serious about security, and mandate everyone in my team to enable 2FA whenever possible. We're also using more and more new apps, and I'm seeing mandatory 2FA in individual apps a lot of trouble to go through.
I already have 13 different entries for individual apps' 2FA codes, and the list is growing. Then there are the recovery codes of all apps written on dozens of pieces of paper - The situation is the same across the team, and it's only going to be worse when we stop using apps.
Please do something about it! Pretty, please?
More discussion on this topic:
https://forum.cloudron.io/topic/3285/2fa-for-all-ldap-apps/39
https://forum.cloudron.io/topic/2433/the-real-sso-with/1
https://forum.cloudron.io/topic/1972/i-am-missing-real-sso/1@nj Right. Making baby steps here. Already added 2FA now for the proxy auth in 6.1. Maybe we can add this feature to 6.2. I had created a task to implement this - https://git.cloudron.io/cloudron/box/-/issues/705 . It relied on mandatory 2FA which was implemented in 5.4.
-
@nj Right. Making baby steps here. Already added 2FA now for the proxy auth in 6.1. Maybe we can add this feature to 6.2. I had created a task to implement this - https://git.cloudron.io/cloudron/box/-/issues/705 . It relied on mandatory 2FA which was implemented in 5.4.
@girish said in LDAP + 2FA support for Cloudron Apps:
Making baby steps here.
š¦¾ Almost a slow walk
