Skip to content

Complete trusted browser implementation

Maxime Besson requested to merge fix-2fa-trustedbrowser-2490 into v2.0

The goal of this MR is to fix #2490 (closed) by implementing a $_trustedBrowser variable that can be used in 2FA activation rules

Once the trusted browser plugin is enabled:

  • Users are always offered to trust their browser
  • After login, if the user matches a given rule (can be based on _2f, authenticationLevel, groups, etc), browser fingerprint (TOTP) is collected and llngconnection cookie is set
  • On next logins, if llngconnection is set and TOTP challenge works, the $_trustedBrowser variable is set

StayConnected (auto-login) is still implemented and works without changes, the "stayConnected" option has been renamed to "Authentication bypass" in the manager

Edited by Maxime Besson

Merge request reports