Fix fallback DAG deadlock

himmelblau-idm / himmelblau

Azure Entra ID Authentication, with PAM and NSS modules.

GNU General Public License v3.0

25 stars 3 forks source link

Fix fallback DAG deadlock #104

Closed dmulder closed 2 months ago

dmulder commented 3 months ago

The DAG request isn't polling properly, and needs patches to Kanidm. Disable DAG for now until this is fixed.

Fixes #

Checklist

[ ] This pr contains no AI generated code
[ ] cargo fmt has been run
[ ] cargo clippy has been run
[ ] A functionality test has been added
[ ] make test has been run and passes

dmulder commented 3 months ago

This is a temporary fix for https://github.com/himmelblau-idm/himmelblau/issues/103. A more permanent fix will require a redesign of the DAG in Kanidm.

dmulder commented 3 months ago

Perhaps this fix should remain anyway, and we could have a fallback from the SFA fail to DAG (when that's fixed). That way we have a shortcut to enrollment if the user doesn't require MFA anyway (otherwise they'll be forced to SFA authenticate again using the DAG).

dmulder commented 3 months ago

Updated to include the DAG fallback after SFA attempt.