MFA not loaded, if oidc has authorization_policy with two_factor about authelia HOT 3 CLOSED

Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.

Based on the detailed information you've provided, it seems like the issue you're encountering is related to how Authelia processes authorization policies, particularly in the context of OpenID Connect (OIDC) and two-factor authentication (2FA) settings. From your description, it appears that 2FA settings for OIDC are not being recognized unless there's at least one non-OIDC ACL rule set to two_factor. This behavior suggests a potential oversight in how Authelia's authorization logic handles OIDC-specific 2FA configurations when general 2FA ACL rules are not present or are set to a less secure policy.

Given the complexity of the issue and the potential impact on security and functionality, I recommend the following steps:

1. Review Authelia's Documentation and Configuration: Ensure that your configuration aligns with the latest recommendations and examples provided by Authelia, particularly regarding OIDC and 2FA settings. Sometimes, updates or changes in the software might require adjustments in the configuration to maintain or achieve the desired behavior.

2. Check for Updates: Verify that you're running the latest version of Authelia. If not, consider upgrading, as the issue might have been addressed in a more recent release. Keep an eye on the release notes for any mentions of changes or fixes related to OIDC and 2FA.

3. Reach Out to Authelia's Support Channels: If the issue persists, consider reaching out to Authelia's support channels, such as their GitHub Discussions or Issues pages. Given that you've identified specific code segments that might be related to the issue, providing those details will be incredibly helpful for the developers or community members to understand and address the problem.

4. Temporary Workaround: As a temporary measure, maintaining a dummy or placeholder ACL rule with two_factor policy might help keep the OIDC 2FA functionality working as expected. However, this should be considered a temporary fix until a more permanent solution is identified.

5. Monitor for Patches or Updates: If this issue is acknowledged by the Authelia team as a bug or unintended behavior, stay tuned for patches or updates that address the problem. Applying such updates promptly will help ensure your setup is both secure and functioning as intended.

This comment was generated by Glime.

from authelia.

Thanks for reporting, this has both been confirmed and a fix has been designed.

from authelia.

Merci

from authelia.