2nd factor credentials can't be used without username&email identity

Description

User authenticated in any way in the 1st factor, even with neither email nor username identity, should be allowed to use arbitrary 2nd factor (OTP/password/SMS).

This can easily happen when user has only X509 identity, or identifier, and corresponding authN method is used for the 1st factor.

Environment

None

Activity

Show:
Krzysztof Benedyczak
July 20, 2020, 8:45 PM

Fixed for SMS and OTP.  Passwords and cert credentials should be updated too but that's unlikely to be practically needed (use of them as 2nd factor). Can be fixed later, should be easy now, basing on solution for OTP and SMS.

Done

Assignee

Krzysztof

Reporter

Krzysztof

Labels

Fix versions

Priority

Medium