[opencms-dev] How to enable 2FA on OC14

Michael Emmerich m.emmerich at alkacon.com
Tue Mar 28 09:31:18 CEST 2023 

Antonio,

OpenCms uses TOTP for 2FA. To configure it in OpenCms, you must do the 
following configuration:


- In WEB-INF/config/opencms-system.xml configure a new element below 
</loginmanager> as follows:

[...]
<loginmanager>
[...]
</loginmanager>
<two-factor-authentication>
     <!-- 2FA enable/disable -->
     <enabled>true</enabled>

     <!--Secret key with which the user's 2FA data is encrypted. Should 
therefore not be changed later.->
     <secret>secretpassword123!</secret>

     <!-- Label text that is displayed in the user's authentication app 
for the account after 2FA is set up  -->
     <issuer>MyCompany OpenCms</issuer>

     <!--Users for whom 2FA should be enabled.
         Contains 0 or more "group", "orgunit", or "pattern" elements, 
in any order, specifying the users.
         users are specified.

         If this is not defined, all non-excluded users fall under 2FA.
     -->
     <include-users>
         <!-- by Group -->
         <group>ABC</group>
         <!-- by OU -->
         <orgunit>DEF</orgunit>
         <!-- by regular expression (matched to the full internal user 
name)-->
         <pattern>.*ABCDE.*</pattern>
     </include-users>

     <!-- Users to exclude from 2FA.
         Contains 0 or more elements "group", "orgunit" or "pattern", in 
any order, specifying the users to be excluded.
         users to be excluded are specified.
     -->
     <exclude-users>
         <!-- by Group -->
         <group>GHI</group>
         <!-- by OU-->
         <orgunit>JKL</orgunit>
         <!-- by regular expression (matched to the full internal user 
name)-->
         <pattern>.*QRSTU.*</pattern>
     </exclude-users>
</two-factor-authentication>

- Restart OpenCms after the changes.


I hope this should be enough information to set the 2FA up.


Kind regards,

Michael



Am 22.03.23 um 09:39 schrieb Antonio Cordeddu via opencms-dev:
>
> Hello list,
>
> how can I enable the new feature two-factor authentication on OC14? I 
> didn't found information on documentation 
> (https://documentation.opencms.org) and options when I create an user.
>
> Thank you for any hint.
>
> Kind regards
>
> Antonio Cordeddu
>
> _______________________________________________
> Coranto informatica di Antonio Cordeddu
> Via Torricelli, 9 09047 Selargius (CA) - Italy
> antoniocordeddu at coranto.it
> Skype: antonio.cordeddu
> https://www.coranto.it
> _______________________________________________
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> https://lists.opencms.org/mailman/listinfo/opencms-dev
>
>
>
-- 
Michael Emmerich

Alkacon Software GmbH & Co. KG - The OpenCms Expertshttp://www.alkacon.com  -http://www.opencms.org  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencms.org/pipermail/opencms-dev/attachments/20230328/f147e647/attachment.htm>

More information about the opencms-dev mailing list