search

wso2 / product-is

Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
748 stars 729 forks source link

MFA interference in Sub-Organization Login Flow #20737

Open Shashika616 opened 4 months ago

Shashika616 commented 4 months ago

Describe the issue: In a B2B scenario involving Asgardeo SSO, when configuring an application, users attempting to sign in via a sub-organization's SSO experience an unexpected interruption if MFA is configured in the parent organization. After completing the sub-organization's login steps, the second factor of the parent organization's MFA is triggered, resulting in an incomplete sub-organization-specific login flow. As in the screenshots provided we can track the activity in the network trace where, after the user is authorized under the sub orgs login the main orgs step 2 is called and makes the login a failure.

How to reproduce:

  1. Configure Asgardeo with an application for a parent organization.
  2. Set up MFA (Multi-Factor Authentication) in the parent organization's application login flow.
  3. Create a sub-organization under the parent organization in Asgardeo.
  4. Create a connection in the sub org under standard based idp, configure the attribute mappings as necessary and configure the login of the sub org with it. (This could be a single step or more).
  5. Add SSO in the parent login step 1.
  6. Try login in using SSO with the connected idp and see the results.

Expected behavior: The user should be able to complete the login process using the sub-organization's configured login flow without interference from the parent organization's MFA configuration.

Environment information (Please complete the following information; remove any unnecessary fields) :

Optional Fields

Related issues:

Suggested labels:

Shashika616 commented 4 months ago

cc : @sadilchamishka @chamathns