Use Trusted Browser/Stayconnected with 2FA and SAML proxy/client
Affected version
Version: 18.0.1
Platform: Nginx
Summary
The new Trusted Browser plugin worked without problems and sets the corresponding cookie llngconnection when using standard authentification methods.
But we also use lemonldap as SAML proxy/client.
In our production system we directly redirect a SAML proxy to our main system. No Trusted Browser cookie is set on proxy server. (only on main system)
On our test system with an authentification choice, we can manually check the corresponding "stayconnected/trusted browser" - checkbox (which is imho not useable with a direct redirection to productive main SAML server), but the cookie will also not be set. Therefore we cannot use the Trusted Browser plugin (with 2FA) when the plugin is (only) activated on SAML proxy/client.
Logs
2024-01-23T12:41:05.709145+01:00 XXX LLNG[8550]: [debug] Module Lemonldap::NG::Portal::Plugins::TrustedBrowser loaded
2024-01-23T12:41:05.709239+01:00 XXX LLNG[8550]: [debug] Declaring unauth route
2024-01-23T12:41:05.709294+01:00 XXX LLNG[8550]: [debug] Add POST route:
2024-01-23T12:41:05.709340+01:00 XXX LLNG[8550]: [debug] route registerbrowser added
2024-01-23T12:41:05.709396+01:00 XXX LLNG[8550]: [debug] Declaring auth route
2024-01-23T12:41:05.709436+01:00 XXX LLNG[8550]: [debug] Add POST route:
2024-01-23T12:41:05.709483+01:00 XXX LLNG[8550]: [debug] route registerbrowser added
2024-01-23T12:41:05.709555+01:00 XXX LLNG[8550]: [debug] Declaring unauth route
2024-01-23T12:41:05.709595+01:00 XXX LLNG[8550]: [debug] Add POST route:
2024-01-23T12:41:05.709682+01:00 XXX LLNG[8550]: [debug] route checkbrowser added
2024-01-23T12:41:05.709746+01:00 XXX LLNG[8550]: [debug] Declaring auth route
2024-01-23T12:41:05.709789+01:00 XXX LLNG[8550]: [debug] Add POST route:
2024-01-23T12:41:05.709842+01:00 XXX LLNG[8550]: [debug] route checkbrowser added
2024-01-23T12:41:05.710152+01:00 XXX LLNG[8550]: [debug] Found beforeLogout entry point:
2024-01-23T12:41:05.710229+01:00 XXX LLNG[8550]: [debug] -> logout
2024-01-23T12:41:05.710289+01:00 XXX LLNG[8550]: [debug] Plugin ::Plugins::TrustedBrowser initialized
Backends used
- Trusted Browser plugin
- SAML as IDP and Service Provider
- 2FA