Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some questions #723

Closed
qq1176914912 opened this issue Mar 29, 2024 · 5 comments
Closed

Some questions #723

qq1176914912 opened this issue Mar 29, 2024 · 5 comments
Assignees
@simpleidserver
Labels
question Further information is requested

Comments

@qq1176914912
Copy link

qq1176914912 commented Mar 29, 2024
edited
Loading

  1. Have you considered whether to enable two-factor authentication option in 5002 user configuration interface and 5001 personal information page, so that ACR can be used
  2. 5002 User credentials list on the user configuration page cannot be unchecked after I check it, but can only be deleted.
    3、5002 page in the user configuration page to add credentials, why only two passwords and otp no sms email and so on?
@qq1176914912
Copy link
Author

  1. Have you considered whether to enable two-factor authentication option in 5002 user configuration interface and 5001 personal information page, so that ACR can be used
  2. 5002 User credentials list on the user configuration page cannot be unchecked after I check it, but can only be deleted.
    3、5002 page in the user configuration page to add credentials, why only two passwords and otp no sms email and so on?

1、Here's an example of the first question: Add an option to the user page in 5002 whether to enable dual factors, if enabled, a drop-down selection box will pop up (multiple choices can be made), similar to the order of selecting ACR or listing ACR list, assuming that the password and email are selected, then judge whether the user has set dual factors when logging in, if so, perform the required steps. If no, the login succeeds.

@qq1176914912
Copy link
Author

Consent required for Clients
When "Consent required" is selected and the client logs in for the first time, the authorization page will be displayed:
image
image
When the license is Approved, the 5001 page will display the application in: "Approved applications" :
image
When I click "Revoke access" in the Approved application on the 5001 page, the authorization page will still pop up when I log in to the client again. After I agree, the reauthorized application will still be displayed in the "Approved applications" on the 5001 page.
However, when I uncheck the "Consent required" configuration in 5002 and click "Revoke access" on the page of 5001 to remove the client authorization, no authorization form will pop up when I log in to the client again (because the Consent required configuration is removed). As a result, the "Approved applications" on the 5001 page does not load the client information and the list is empty.
I'm not sure if this is a problem, but I understand that the "Consent required" option means that even if I don't check it, it will automatically authorize and be logged in 5001's "Approved applications" list (just once).

@qq1176914912
Copy link
Author

Repeat login problem
Project 5002 and project 5001 are on the login page at the same time. If you successfully log in on page 5002 and then log in on page 5001, 400 errors will occur

video.mp4

@simpleidserver
Copy link
Owner

Enable Two-Factor Authentication Options in User Configuration

The request for authentication context class reference must be determined by the client/website and not by the user. We may consider adding a new client property to specify the minimal context class reference required to authenticate the user.

Cannot Uncheck the Credential

It is normal that you cannot uncheck a credential because only one credential of the pwd or otp type can be active. I fixed an issue in the backend code to set the IsActive property to false.

Sms & Email are not Present in the Credential

They are not present because SMS and email are not user credentials.

Consent Required

It is not a problem; the list is empty because the user didn't accept any consent.

Repeat Login Problem

An exception is thrown because the Anti-Forgery token is incorrect. I made some modifications in the BaseAuthenticateController to redirect the user-agent to the redirect URL when the user is already authenticated.

@simpleidserver simpleidserver self-assigned this Apr 2, 2024
@simpleidserver simpleidserver added the question Further information is requested label Apr 2, 2024
@qq1176914912
Copy link
Author

Enable Two-Factor Authentication Options in User Configuration

The request for authentication context class reference must be determined by the client/website and not by the user. We may consider adding a new client property to specify the minimal context class reference required to authenticate the user.

Cannot Uncheck the Credential

It is normal that you cannot uncheck a credential because only one credential of the pwd or otp type can be active. I fixed an issue in the backend code to set the IsActive property to false.

Sms & Email are not Present in the Credential

They are not present because SMS and email are not user credentials.

Consent Required

It is not a problem; the list is empty because the user didn't accept any consent.

Repeat Login Problem

An exception is thrown because the Anti-Forgery token is incorrect. I made some modifications in the BaseAuthenticateController to redirect the user-agent to the redirect URL when the user is already authenticated.

Thank you very much for your reply and look forward to the new version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simpleidserver simpleidserver

Labels
question Further information is requested
Projects
No open projects
@simpleidserver's Release 4.0.8
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simpleidserver @qq1176914912