[horizon] How to enable MFA using TOTP on Horizon (ZED)
Hi all, I was working on a MFA in openstack (ZED). Is it possible to enable MFA using TOTP on Horizon? I'm using a ZED Openstack with Ubuntu 22.04 , and I know that from the CLI point of view, you can have Multi Factor Authentication, but I don't see that implemented on Horizon.
i added MFA using - https://docs.openstack.org/keystone/pike/advanced-topics/auth-totp.html
but now the problem is i can use the token issued to run openstack cli but not able to login into Horizon with user and password/totp.
I see The Totp support was added to Horizon in the Bobcat (2023.2) release So i would like to ask how it is possible to backport the feature in Horizon in the zed release.
I would appreciate any help! Thanks!
[I'm Cc'ing the address in reply since the author does not appear to be subscribed to the mailing list; please make sure all replies still go to the list in order to keep the conversation public.]
On 2024-07-30 19:00:18 +0530 (+0530), Shubham Kumar Yadav wrote:
Hi all, I was working on a MFA in openstack (ZED). Is it possible to enable MFA using TOTP on Horizon? I'm using a ZED Openstack with Ubuntu 22.04 , and I know that from the CLI point of view, you can have Multi Factor Authentication, but I don't see that implemented on Horizon.
i added MFA using - https://docs.openstack.org/keystone/pike/advanced-topics/auth-totp.html
but now the problem is i can use the token issued to run openstack cli but not able to login into Horizon with user and password/totp.
I see The Totp support was added to Horizon in the Bobcat (2023.2) release So i would like to ask how it is possible to backport the feature in Horizon in the zed release.
I would appreciate any help! Thanks!
It looks to me like this was added through a single patch to Horizon:
https://review.opendev.org/c/openstack/horizon/+/885570
It seems to backport cleanly to the current state of the unmaintained/zed branch in Git, with the exception of a merge conflict on doc/source/configuration/settings.rst which isn't critical unless you want to make sure your local copy of the documentation is updated to include information on setting the OPENSTACK_KEYSTONE_MFA_TOTP_ENABLED config option.
Keep in mind that just because the commit can be backported easily, that doesn't necessarily mean it works without other commits to different parts of the software, but it's at least worth trying as a first step.
participants (2)
-
Jeremy Stanley
-
Shubham Kumar Yadav