jpenren
commented
10 years ago Checked that after sso or auto login, authentication pipeline is not executed. I will modify the plugin functionality to use a Filter to check some params in the user session, sure is not the "clearest" solution because the latch account will be checked after login but is the most effective for all login mechanisms in Liferay. Also other url paths will be added to the filter.
Hi,
I found that the protection works only when authentication is done through the login portlet and user is accessing portal pages, i.e.: 1, When user authenticates using SSO (i.e. SAML or any AutoLogin filter) the 2 factor authentication protection doesn't work 2, The protection works only when accessing /web/, /group/ and /user/* portal pages. It doesn't work when user access for example WebDAV or Liferay Web Service API.
Any of these two makes the protection ineffective.