-
-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ask for advice #664
Comments
Hello, The authentication context window lists the possible authentication workflows. The Manual Identity Provisioning workflow in SimpleIdServer enables visitors to your web application to create a local account with the identity provider. For more information, please refer to the documentation: https://simpleidserver.com/docs/iam/manualidentityprovisioning Kind regards, SID |
About ACRS |
You can utilize the Authentication Context Class Reference (ACR) by including its name in the
When employing password (pwd) and email authentication, it is classified as Two-Factor Authentication (2FA). |
Yes, I tried what you said, it can be used as 2fa. Besides being used during login, does it have any other usage. For example, when I execute certain important and sensitive interfaces or operations, I need to authenticate before I can continue. Can I implement this operation? If so, how can I call it? |
I have created a sample project to demonstrate the usage of the Authentication Context Reference (ACR) parameter. Before running the project, follow these steps:
Click on the |
Excuse me, I think there may be some logical errors in this case. Suppose I use the password method to log in to this system with the account 'admin', and when I click "Edit the profile" for 2FA, suppose I specify the mailbox for secondary verification. Generally speaking, This mailbox must be admin's mailbox, that is, I can authenticate admin twice, and now the situation is that I can use anyone's mailbox, as long as the authentication passes. In the example, "pwd-email" is used for 2FA. Suppose I log in as admin for the first time, I use "test1" as the pwd of 2FA for authentication, and it can pass normally. After successful login, the account information will be changed into "test1" account information. Isn't that logically problematic? |
Hello, I made some modifications to the master branch to prevent the administration website from assigning the same email to two different users. I tried to reproduce the scenario you described, but I was unsuccessful. |
I recorded a video: |
Thank you for the description. The issue is fixed in release 5.0.0. Kind regards, SID |
Thank you. Does the code in the sample need to be changed? |
This line must be commented out, otherwise the user will always be logged in: https://github.com/simpleidserver/SimpleIdServer/blob/master/samples/ProtectWebsiteServersideACR/src/Website/Program.cs#L19. |
Thank you for reminding me. I tried your case, but there was a problem when I used pwd-email. The location of the email is the user name, which is locked and cannot be modified. video9.mp4 |
The issue is fixed in the |
1.What is the specific introduction of these two functions, and how should I use them? Which process needs to use these two functions?
2.Can a user be limited to logging in to the specified client, not all clients.?What actions can be used to achieve it?
The text was updated successfully, but these errors were encountered: