Description
A plugin should be able to register login forms that an admin would enable/disable for a site.
Craft would be aware of those and display them on the CP login page instead of the default login form and it would provide a way for plugins to easily add things like 2FA authentication, SSO, LADP, etc. to the Craft login page.
angrybrad
All 11 comments
For craft 2 i just created a plugin for this. I did have to use a nasty workaround to get things working. Right now all CP pages are blocked until the 2FA is verified (this all happens after login).
https://github.com/born05/craft-twofactorauthentication
roelvanhintum
on 5 May 2017
Thanks for sharing, @roelvanhintum. Curious what the hack was you had to use.
angrybrad
on 5 May 2017
@takobell The ugliest part is logging the user in and logging out when the tries to bypass the 2FA page. This means verifying every page: https://github.com/born05/craft-twofactorauthentication/blob/master/TwoFactorAuthenticationPlugin.php#L56
The second part is the copied method to give the same result as a normal login.
https://github.com/born05/craft-twofactorauthentication/blob/master/controllers/TwoFactorAuthentication_VerifyController.php#L75
(If there is any problem with the copied part, or you know a nicer way, please let me know.)
roelvanhintum
on 8 May 2017
Any idea whether this will be part of Craft CMS 3? I am very much interested in having a different authentication flow for the admin-side of Craft CMS, in my case to have SSO-type of login
qrazi
on 18 Jul 2017
@qrazi Not going to make it into 3.0 but maybe a 3.x release.
brandonkelly
on 19 Jul 2017
Maybe good to know, in the next update a userSession.onBeforeAuthenticate event is available.
I used this to manage LDAP authentication with the normal Craft CP Login screen.
PR: https://github.com/craftcms/cms/pull/2296
bertoost
on 15 Jan 2018
With the current setup i'm able to add my own login step, except for adding a special case request.
@brandonkelly Is it possible to add an option to add paths to _isSpecialCaseActionRequest?
https://github.com/craftcms/cms/blob/develop/src/web/Application.php#L546
roelvanhintum
on 4 Jul 2018
The AuthManager.js should also allow a follow up or replacement, when customizing the login form or adding an extra step.
roelvanhintum
on 23 Jul 2018
@roelvanhintum Yep, thanks for the reminder :)
brandonkelly
on 24 Jul 2018
I have this working in Craft 3 for my SAML SP Plugin by overwriting the route. But, it's not pretty. Really, all I need for the SAML plugin is the ability to add some buttons.
Here's a screenshot of what's on my dev branch:
dsmrt
on 13 Aug 2018
I would like to mention our experience customizing the login form.
Seems that CraftCMS is appropriating the url where the query string contain p=/login matching the native UserController::actionLogin().
That could derivate in errors like this one:
https://github.com/craftcms/cms/issues/3458
Or some funny unexpected behaviors when you want the form to hit your particularly login system instead.
blasvicco
on 9 Nov 2018
Related issues
angrybrad
路
3Comments
Mosnar
路
3Comments
mattstein
路
3Comments
rynpsc
路
3Comments
michel-o
路
3Comments
Most helpful comment
Maybe good to know, in the next update a
userSession.onBeforeAuthenticateevent is available.I used this to manage LDAP authentication with the normal Craft CP Login screen.
PR: https://github.com/craftcms/cms/pull/2296