- Issue created by @lobsterr
- πΊπΈUnited States bkosborne New Jersey, USA
If I understand correctly, you want to modify the URL the user is redirected to (to append some information that forces 2FA?), but only for users of a certain role? I don't see how this is possible. When CAS redirects to the CAS server for authentication, it doesn't know who the user is. The CAS module only knows who the user is after the authentication process is completed.
2FA should be implemented within your CAS server.
Unless, are you implementing 2FA within the Drupal site, separate from your CAS server login?
- π§πͺBelgium lobsterr
Yes, I wonder, if we could have some info about user in EVENT_PRE_LOGIN. Is it too early and we don't have any info about user? And another probably would be too late to force 2 factor authentication ? Right?
- πΊπΈUnited States bkosborne New Jersey, USA
It's not possible to deliver information about the user in EVENT_PRE_LOGIN. The CAS module has no idea who the user is until they actually authenticate with the CAS server.
I suppose you could implement 2FA after the CAS authentication process has been completed, but before you log the user in, but really, the proper way to do 2FA here is within your CAS server.
- Status changed to Closed: works as designed
about 1 year ago 8:55am 6 March 2024