Support

Admin Tools

#21029 Two-Factor Authentication Joomla 3

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by GNaglik on Friday, 03 October 2014 12:26 CDT

Wednesday, 24 September 2014 08:11 CDT

GNaglik
 Hello,

I have read that one should use the two-factor authentication by Admin Tools not in Joomla 3.2 or higher.
Now I can not use the Joomla own two-factor authentication although the two-factor authentication is not active in admin tools. I get the activate only the 403 access denied error.
But do i uninstall Admin Tools and i can use the Joomla version of two-factor authentication.
Does that mean that you can not run admin tools and Joomla 3.3 with two-factor authentication Google?
Then you either need to all the other admin tools features or waive the two-factor authentication from Google?
Or is it possible insert an exception somewhere at WAF?

Regards Guido

Wednesday, 24 September 2014 10:01 CDT

nicholas
You are confusing a few things.

Joomla! 3.2 or later comes with two factor authentication already built in. We contributed that code to the Joomla! project. In fact, you get two different options, Google Authenticator and YubiKey.

Since Joomla! 3.2 and later already has built-in two factor authentication there's no need for a separate solution. This is why on Joomla! 3.2 and later Admin Tools does not offer you such an option.

Joomla! 3.1, 3.0 and 2.5 don't have built in two factor authentication. Therefore, if you want to use two factor authentication you need a third party solution. Admin Tools offers two factor authentication for administrator logins on Joomla! 2.5, 3.0 and 3.1.

You can OF COURSE use Admin Tools with Joomla! 3.2 and 3.3. You have all the other features (over 40, by our latest count). Our own site is running on the latest Joomla! 3 release and Admin Tools at any given time.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 25 September 2014 03:49 CDT

GNaglik
Hello,
I have understand. I am not sure you have understand me.
I used google to translate. Now i try with owen words. sorry for my english. I'm German.

If Admintools installed i cant't use buildin Two-Factor-Authentication (Google Authentication) If i want activate this i becomes a Error 404. Do i uninstall Admintools i can activate the buildin Two-Factor-Authentication.

How can i use buildin Two-Factor-Authentication with installed Admintools?
Can i configure a rule in Admintools to accept buildin Two-Factor-Authentication?

Thursday, 25 September 2014 05:29 CDT

nicholas
No, you CAN use the built-in Two Factor Authentication with Admin Tools. I know this because our site runs on Joomla! 3 and we do use the built-in two factor authentication.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 30 September 2014 03:00 CDT

GNaglik
Hello Nicholas,
I have found the error. It was because that was the package mcrypt is not installed. Why do I get an error 403 I do not know. I came across a post in Joomla code from you. I have now installed mcrypt. If you think this a security risk? Thank you for your support

Tuesday, 30 September 2014 07:04 CDT

nicholas
Ah! That makes perfect sense. When mcrypt is missing you can't encrypt/decrypt the settings in the database which means that you get an empty Authenticator code. An empty code is still a valid code (hey, I didn't write the TOTP specification, I am just implementing it!) which means that your secret code will always be invalid. I wonder how you managed to enable the two factor auth on your site...

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 30 September 2014 11:06 CDT

GNaglik
I don't know. Maybe it has to do with that I made a backup of my Server, installed the Server with new Ubuntu Server 14.04 LTS OS and restored my Backup to this. Now works fine.
Thank you.

Tuesday, 30 September 2014 13:22 CDT

GNaglik
I think now I'm completely crazy. I have just done on one of my sites Joomla updated from Joomla 2.5.25 to 2.5.26 and update of Admin Tools Pro to 3.2.0. Now the login window in the back-end, the window for entering the two-factor authentication code is no longer there. Is that it? Login works without Auth.Code. See Pictures. No Plugin or Modules are disabled.
Edited by GNaglik on 2014-09-30 13:23 CDT

Tuesday, 30 September 2014 14:37 CDT

nicholas
3.2.1 will be released tomorrow

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 03 October 2014 12:26 CDT

GNaglik
Ok, i wait for Release Admin Tools 3.3.0 an close my Ticket.
Thanks

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!