Google 2FA Authenticator module
Edition |
Incubator (services) |
||
Issues |
|||
Git |
|||
Latest |
1.0
|
The Google 2FA Authenticator module helps you leverage Google’s 2-step verification (second factor authentication - 2FA) mechanism for Magnolia’s default login form. A QR code is generated and sent to the user’s email where the user scans the code with the Google Authenticator app. Only after this step is the user allowed access to AdminCentral.
Prerequisites
-
You must have the Mail module installed and the mail server configured in order to proceed.
This module is at the INCUBATOR level. Administrators need to generate QR codes for users and verify them before enabling the 2FA feature. If you have already enabled 2FA:
|
Installing with Maven
Maven is the easiest way to install the module. Add the following to your bundle:
<dependency>
<groupId>info.magnolia.security</groupId>
<artifactId>google-2fa-authenticator</artifactId>
<version>1.0</version>
</dependency>
Configuration
There are a few places in that you’ll need to configure in AdminCentral.
-
Standard Magnolia securityCallback
-
Standard Magnolia loginHandlers
-
Mail module qrCodeEmailTemplate
-
Google 2FA module OTP Issuer Config
securityCallback
-
In AdminCentral, go to the Configuration app.
-
Go to
/server/filters/securityCallback/clientCallbacks/form/
. -
Change the
loginForm
property to:/defaultMagnoliaLoginForm/2fa-login.html
loginHandlers
-
In AdminCentral, go to the Configuration app.
-
Go to
/server/filters/login/loginHandlers/Form
. -
Change the
class
property to:info.magnolia.security.googleauthenticator.auth.login.Google2FAFormLogin
qrCodeEmailTemplate
-
In AdminCentral, go to the Configuration app.
-
Go to
/modules/mail/config/templatesConfiguration/
. -
Add a new template entitled
ga2faQrCodeEmailTemplate
. You can do this by clicking Add content node in the edit panel to the right. -
In the new
ga2faQrCodeEmailTemplate
template, give it a Subject property.-
Click Add property in the edit panel to the right.
-
Name = Subject
-
Value = Your desired subject line.
-
Type = String
-
-
Usage
This sections covers how to use the module.
Generate token
-
In AdminCentral, go to the Security app.
-
Go to System Users.
-
Select the desired user.
-
In edit panel, click Generate Security Token.
-
Use the token
For the flow to be completed:
-
The user scans the QR code with the Google Authenticator app.
-
The user receives a code in the Google Authenticator app.
-
The user enters the code in the field on Magnolia login screen.
Manage 2FA
You can manage the 2FA flow within the app itself or via the Rescue app.
-
Go to
/modules/google-2fa-authenticator/config/
. -
Set
enable2FA
to true.
-
Go to
/modules/google-2fa-authenticator/config/
. -
Set
enable2FA
to false.
-
Ensure the Rescue App is enabled.
-
Use the script to disable 2FA.
s = MgnlContext.getJCRSession("config"); s.getNode("/modules/google-2fa-authenticator/config/").setProperty("enable2FA", false); s.save();