-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
legacy totp authenticators on an account will still be considered and will block / fail for users when totp is globally disabled #7213
Comments
Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it. Based on the information provided, it seems like there is an issue with the handling of TOTP authenticators when the TOTP option is globally disabled in the Authelia configuration. When TOTP is disabled, the system should not consider any previously attached TOTP authenticators as valid authentication methods. This should prevent them from appearing as an option during the login process, thereby avoiding the issue where users are locked out due to the system stalling at loading screens. To resolve this issue, you should ensure that the configuration for disabling TOTP is correctly implemented. Here are a few steps you can take:
If after following these steps the issue still occurs, it might be beneficial to reach out to the Authelia support or community forums for more specific guidance or to report a potential bug. This comment was generated by Glime. |
sorry, version .7, not .8 |
Version
v4.38.8
Deployment Method
Other
Reverse Proxy
Traefik
Reverse Proxy Version
?
Description
If a user previously had a TOTP authenticator attached to their account, when totp is globally disabled via config they are still treated as existing on the account, and can be selected as an authentication option, however they just stall at loading screens locking out users.
Reproduction
see description
Expectations
TOTP authenticators should not be considered as existing when totp is globally disabled, allowing users to only use remaining options, or action the initial add a device workflow if it is the only attached option to the account.
Configuration (Authelia)
No response
Build Information
seriously?
Logs (Authelia)
seriously?
Logs (Proxy / Application)
No response
Documentation
No response
Pre-Submission Checklist
I agree to follow the Code of Conduct
This is a bug report and not a support request
I have read the security policy and this bug report is not a security issue or security related issue
I have either included the complete configuration file or I am sure it's unrelated to the configuration
I have either included the complete debug / trace logs or the output of the build-info command if the logs are not relevant
I have provided all of the required information in full with the only alteration being reasonable sanitization in accordance with the Troubleshooting Sanitization reference guide
I have checked for related proxy or application logs and included them if available
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: