Make semicolon separation optional

Question

Make semicolon separation optional

Lokkenum opened this issue 2 months ago · comments

Hello there!

According to official documentation:
https://docs.goauthentik.io/docs/providers/ldap/#bind-modes

For code-based authenticators, the code must be given as part of the bind password, separated by a semicolon. For example for the password example-password and the code 123456, the input must be example-password;123456.

What is the reason and purpose for semicolon separation?
I'm getting a ton of negative feedback from users especially from notebooks and mobile devices who are forgetting to add semicolon.

How to get rid of this requirement or make this optional?
Should be a quick fix/feature.

Thank you!

Jens L. · Answer 1 · Sun Jun 30 2024 02:29:57 GMT+0800 (China Standard Time)

Before we introduced the option to make support for MFA in LDAP a toggle that can be enabled, having the semicolon required was part of the detection for MFA codes

Lokkenum · Answer 2 · Sun Jun 30 2024 23:59:49 GMT+0800 (China Standard Time)

Before we introduced the option to make support for MFA in LDAP a toggle that can be enabled, having the semicolon required was part of the detection for MFA codes

Strange requirement.
What will happen if user password contains semicolon like in this example;password;123456 ?
Why just not to parse last 6-8 digit's from password string?