SAML bypassing TFA

[fclaussen]

Hi everyone,

I've configured this plugin and it is working as intended for the most part. However, when trying to implement a separate TFA plugin I'm facing issues as this plugin is bypassing the TFA process entirely. I'm trying to work with this one https://wordpress.org/plugins/two-factor/

By logging in manually everything works fine. Logging in using SAML bypasses the screen asking for the TFA code. I've tried enabling the wp_login hook with no success.

Did anyone face this issue before? Did you use a different TFA plugin? Thanks for all the help.

[pitbulk]

The two-factor plugin uses an action defined on the wp_login method, which basically will stop the wp login flow and show the 2fa.

wordpress-saml triggers the wp_login only if you enable a setting at the SAML configuration (trigger login hook).

I believe that if you enable it, you should see the 2fa requirements screen.