Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
TOTP access
« previous
next »
Print
Pages: [
1
]
Author
Topic: TOTP access (Read 2571 times)
tomlawesome
Newbie
Posts: 5
Karma: 0
TOTP access
«
on:
January 26, 2021, 09:25:08 pm »
I have to say, I really don't understand the implementation of TOTP in OPNsense? Why does the token use the same field as the password? It would be much more user friendly/intuitive for there to be two separate fields, one for each code and appropriately labelled.
I have never seen an implementation like this and I thought I was locked out of my system. I even flashed a USB drive to reinstall! In hindsight, I re-read the docs and it *does* say that you use the system like this, and that's OK. I'm just asking if there's a technical reason or some big challenge to do it with separate pass/OTP fields?
My coding ability is rudimentary, but it seems like something an experienced coder would be able to do simply?
This is meant as constructive criticism -- I am very impressed with OPNsense and grateful for the hard work of all involved.
Thanks again for the great product
(Sorry if this has been posted before, I tried to search)
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: TOTP access
«
Reply #1 on:
January 26, 2021, 09:30:18 pm »
Hi there,
The reason is that console login, SSH, OpenVPN and IPsec amongst others do not have a third input using the user/password combination. I believe that is not all too uncommon in existing implementations.
Cheers,
Franco
Logged
tomlawesome
Newbie
Posts: 5
Karma: 0
Re: TOTP access
«
Reply #2 on:
January 27, 2021, 03:43:59 pm »
Thanks for reply Franco, that does make sense.
Is there no way to code the web GUI so that it combines the two input fields into one before querying the user permissions database? I appreciate this may not be possible due to security with passwords, and that there's likely much more important areas to focus development.
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: TOTP access
«
Reply #3 on:
January 27, 2021, 04:08:24 pm »
It's possible but there is no high demand and making one part that not a lot of people see (admin GUI) more flexible with an option to show a third field to not sideline other installation has to be put into perspective:
The problem is what technical problem does it fix and is the work going into solving that technical problem worth the effort. My feeling is it is not.
Cheers,
Franco
Logged
Obeng
Newbie
Posts: 8
Karma: 2
Re: TOTP access
«
Reply #4 on:
August 10, 2021, 09:48:32 am »
I absolutely agree with your last statement but I would like to present a more practical use case.Captive portal, making use of LDAP + TOTP. Most regular end users are not used to entering the password and token in the same field.And in the case of "Token + Password" , the token may expire before typing the password if the password is a long one.If there is a work around I could do myself I would really appreciate
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: TOTP access
«
Reply #5 on:
August 10, 2021, 09:58:05 am »
If you adjust the template in the captive portal it's not a hard thing to do...
Cheers,
Franco
Logged
errored out
Full Member
Posts: 171
Karma: 3
Re: TOTP access
«
Reply #6 on:
August 12, 2021, 01:22:27 am »
Oben, I have seen / experience this issue before. At first I agreed with the same way of thinking you had, until I found a easy change.
TOTP is configured to be entered first then the password as you know. Opnsense has a setting which allow the 6 digit TOTP to be entered
behind
the password (last 6 characters). This will allow users to have the user name and password entered and sitting on the page until they want to entered in the TOTP.
A user can have their credentials entered, walk away (just joking) and when they come back, enter in their TOTP without any issues from a time delay.
If that does not work, the MFA server can be set to accept TOTP X seconds
after
it have expired.
Logged
Obeng
Newbie
Posts: 8
Karma: 2
Re: TOTP access
«
Reply #7 on:
January 27, 2022, 11:17:07 am »
I've not been here in a while. @franco you are absolutely right. I talked to some developers and they solved it in seconds.We have a working separate token field now. Thank You very much
Logged
franco
Administrator
Hero Member
Posts: 17657
Karma: 1611
Re: TOTP access
«
Reply #8 on:
January 27, 2022, 11:51:29 am »
Nice to hear that, thanks for reporting back
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
TOTP access