multifactorlab / multifactor-selfservice-portal Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
See https://github.com/MultifactorLab/MultiFactor.SelfService.Windows.Portal/releases/tag/1.0.107
Change PWD after 2FA
New behavior when trying to access disabled functionality: now the user is redirected to the home page. Warning
log is written with information about the disabled functionality.
Handling cases where a user logged in with an expired password. Before changing the expired password, the user is redirected to the the second factor confirm page. And only after confirming the second factor, the user will be returned to the expired password change form. Main steps:
Password changing session. To configure session options you can specify the following settings in the configuration file:
pwd-changing-session-lifetime
(optional) - session lifetime in hh:mm:ss
format (00:02:00 by default).Extended logging:
warning
if the login/password are correct, but the password is expired.warning
if user was redirected to the change password page but the password management is not enabled.404/unhandled Error catching: now in case of unhandled error technical page will be displayed and the error
log will be written.
Доки изучить
Если в AD проставить альтернатифный суффикс (например, 301.exchange) и попробовать войти в портал, вводя логин не в UPN, ничего не получится. Это нормальное поведение - в этих случаях надо указывать UPN.
Но можно переделать таким образом:
Добавить в конфигурации портала
-возможность задать несколько доменов и пользователя, для поиска в каждом домене
-для каждого домена ищутся трасты и пользователя проверяем в т.ч. в трасте
Поправить описание на сайте
в т.ч. нужна возможность мэппить LDAP-атрибуты в Claims
[Unit]
Description=Self Service Portal for Linux Service
[Service]
WorkingDirectory=/var/www/sspl
ExecStart=/usr/bin/dotnet /var/www/sspl/MultiFactor.SelfService.Linux.Portal.dll
Restart=always
RestartSec=10
KillSignal=SIGINT
TimeoutStopSec=90
SyslogIdentifier=sspl-service
User=sspl-service-user
Environment=ASPNETCORE_ENVIRONMENT=localhost
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
server {
root /var/www/html;
server_name sspl.multifactor.dev;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sspl.multifactor.dev/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sspl.multifactor.dev/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = sspl.multifactor.dev) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name sspl.multifactor.dev;
return 404; # managed by Certbot
}
Если пользователь не в группе, не давать совсем заходить на портал
Возможность в конфиге портала (win / linux) задать группу или группы (из админки) через точку с запятой, в которые помещать пользователя при первой регистрации.
Такая же штука нужна для RADIUS adapter (win / lin)
Предусмотреть случаи:
DN
UID
UPN
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.