Page MenuHomePhabricator
Create Task
Maniphest T189638

Let users generate 2FA tokens within Striker
Closed, DuplicatePublic
Actions

Description

Issue: Users who create LDAP accounts through Striker do not have the option to set 2FA tokens even though it is required for Horizon.

Steps to reproduce:

  1. Create a Wikimedia SUL account with no connection to LDAP.
  1. Use Striker to create an LDAP account.
  1. Try to log in to Horizon using your username and password.
  1. Be unable to proceed due to not being able to fill in the 2FA code.

Current workaround is to set up 2FA on Wikitech, but moving LDAP accounts away from Wikitech means we're better off moving this functionality.

Related Objects

Event Timeline

Harej created this task.Mar 14 2018, 1:01 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 14 2018, 1:01 AM
bd808 moved this task from Backlog to Needs Discussion on the Striker board.Dec 30 2018, 4:07 AM
bd808 triaged this task as Low priority.Mar 9 2019, 12:13 AM
bd808 subscribed.

Doing this would require either:

Harej added a comment.Mar 9 2019, 12:37 AM
In T189638#5012383, @bd808 wrote:
  • adding an API to MediaWiki's OATHAuth extension that would let us manage 2FA tokens remotely

I am not against the OATHAuth extension being improved to support this, but I don't really see a strong business case to build such a feature except as a workaround for this problem.

This is definitely the better option, and something we want to do anyway for other reasons.

GTirloni added a project: cloud-services-team (Kanban).Mar 24 2019, 11:59 AM
bd808 removed a project: cloud-services-team (Kanban).Jul 9 2019, 9:33 PM
bd808 closed this task as a duplicate of T179463: Create a single application to provision and manage developer (LDAP) accounts.Jul 24 2020, 12:34 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL