Comments (5)
Thanks for reporting this bug and help making aad-auth better. You are correct that as of now, MFA is not supported and enforced.
This is something we definitively want to support in future release, but it needs quite some graphical work to display additional widgets and UIs in the graphical login manager.
from aad-auth.
Even worse: When the MFA is enforced by the AAD backend, but never given by the user due to the successful login, this looks like a "PW of the user was compromised, but MFA saved the day" type of scenario to the AAD backend. This in return will increase the Identity Protection Risk Score of that user and by that – in the long run – results in blocking them.
This is a major blocker for us, preventing adaptation into our managed corporate Linux client.
from aad-auth.
If the conditional access policy/multifactor condition is not met surely the user is not authenticated and the login should be denied?
At the moment it is allowing sign in with the following noted in the Azure AD portal.
21/06/2023, 15:27:06
Password in the cloud
Succeeded: true
Correct password
21/06/2023, 15:27:06
Succeeded: false
MFA required in Azure AD
from aad-auth.
You could implement the device code flow to provide some simple MFA capabilities.
from aad-auth.
Even worse: When the MFA is enforced by the AAD backend, but never given by the user due to the successful login, this looks like a "PW of the user was compromised, but MFA saved the day" type of scenario to the AAD backend. This in return will increase the Identity Protection Risk Score of that user and by that – in the long run – results in blocking them.
I wonder if the Identity Protection Risk Score for the user is still increased if the failed auth due to MFA requirement is immediately followed by a successful MFA from the same device?
from aad-auth.
Related Issues (20)
- userdel/deluser aad user HOT 1
- Sudo execution HOT 6
- group membership management HOT 5
- no success logon in my Azure AD app HOT 1
- Azure AD Password Change from Linux HOT 1
- Scopes seem to be required by the AzureAD public client HOT 9
- Question: Is home folder synchronised to cloud? HOT 2
- Question: Is Ubuntu Pro subscription required to use the login feature? HOT 4
- Changed password in Azure AD does not work locally HOT 6
- journalctl? HOT 3
- shell setting in /etc/aad.conf does not work HOT 1
- Can not add aad user to sudoers HOT 1
- aad-auth segfault when in debug mode
- Screen sharing problem with aad user HOT 4
- Issue: No successful logon with uppercase letters contained UPN HOT 1
- Issue: Unable to access Azure AD account on Ubuntu 23.04 OS, permissions if missed in Azure application please suggest. HOT 6
- Backport Timeline HOT 6
- Issue: Password Authentication Fails
- Unable to authenticate as sudo HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aad-auth.