Additional Second Factors¶
Starting with version 2.0.6, LemonLDAP::NG lets you configure multiple instances of second factor authentication modules, in a manner similar to the Combination module.
Only the following Second Factor modules are compatible with this feature:
Using this option, lets you give your users a wider range of possible second factors. They could decide between using their work email or home email. And as an administrator you may now plug in more than one Second Factor solution through REST or external commands.
Configuration¶
You can find the configuration for this feature in
General parameters » Second factors »
Additional second factors
Name: the technical name of this second factor, it should be all lowercase, and it is used as a sort key when second factors are displayed to the userType: what type of second factor you want to useLabel: what title to display in the 2F choice screenLogo: URL path of a logo to display in the 2F choice screenLevel: authentication level that will be set if this 2F is usedRule: If you leave this field empty, this second factor will always be enabled. You may use a perl expression to decide when this second factor is available.$homeMail: this second factor will only trigger if the$homeMailsession key existsdefined $hGroups->{'admin'}: this second factor will only trigger if the user is in theadmingroup
After adding your second factors, don’t forget to add overload parameters to them. You usually should at least give them different logos so that the user can tell the difference between two second factors of the same type.
See the parameters list page for a full list of parameters you may overload. Here are the most useful ones:
mail2fLogomailSessionKeymail2fCodeRegexmail2fSubjectmail2fBody
- External
ext2fLogoext2fCodeActivationext2FSendCommandext2FValidateCommand
- REST
rest2fLogorest2fVerifyUrlrest2fVerifyArgs(must be a JSON object)rest2fInitUrlrest2fInitArgs(must be a JSON object)