search

goauthentik / authentik

The authentication glue you need.
https://goauthentik.io
Other
7.76k stars 598 forks source link

Make semicolon separation optional #10299

Open Lokkenum opened 3 days ago

Lokkenum commented 3 days ago

Hello there!

According to official documentation: https://docs.goauthentik.io/docs/providers/ldap/#bind-modes

For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password example-password and the code 123456, the input must be example-password;123456.

What is the reason and purpose for semicolon separation? I'm getting a ton of negative feedback from users especially from notebooks and mobile devices who are forgetting to add semicolon.

How to get rid of this requirement or make this optional? Should be a quick fix/feature.

Thank you!

BeryJu commented 3 days ago

Before we introduced the option to make support for MFA in LDAP a toggle that can be enabled, having the semicolon required was part of the detection for MFA codes

Lokkenum commented 2 days ago

Before we introduced the option to make support for MFA in LDAP a toggle that can be enabled, having the semicolon required was part of the detection for MFA codes

Strange requirement. What will happen if user password contains semicolon like in this example;password;123456 ? Why just not to parse last 6-8 digit's from password string?