AuthenticationLevel based macros and groups should be updated with second factor
Concerned version
Version: %"2.0.X" Platform: All
Summary
I created a macro like this : $_auth eq 'SSL' ? 'Card' : $authenticationLevel > 2 ? 'SFA' : 'LDAP'
$authenticationLevel is only 5 or 2. Macros and groups are computed before second factor. Only authenticationLevel is updated at the end of 2FA process.
Main/SecondFactor.pm
$self->userLogger->notice( $self->prefix
. '2F verification for '
. $req->sessionInfo->{ $self->conf->{whatToTrace} } );
if ( my $l = $self->conf->{ $self->prefix . '2fAuthnLevel' } ) {
$self->p->updateSession( $req, { authenticationLevel => $l } );
}
Possible fixes
Compute macros and groups again after a successful 2FA authentication
Any objections?