Skip to content

Releases: Emixa-application-solutions/multifactor-authentication

MFA module upgradable

08 Jul 14:22
@pimvdnoll pimvdnoll
v4.0
77b86df
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
MFA module upgradable Latest
Latest

We redesigned the architecture of the module so you don't have to change microflows within the Marketplace module. You configure the required microflows in the after startup and they will be executed during the login procedure. Be sure to add the ASU_SetMicroflows and ASU_v2 to your after startup (in this order)

Assets 3
Loading

Security fix + UI improvements

08 Jan 13:50
@pimvdnoll pimvdnoll
v3.1
3d1027b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Security fix + UI improvements

see https://marketplace.mendix.com/link/component/116892

Loading

Added support for Datadog CloudSIEM (Mx9 + Mx10)

06 Sep 11:23
@pimvdnoll pimvdnoll
v3.0
6442c32
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Added support for Datadog CloudSIEM (Mx9 + Mx10)

To support the feature of using Datadog's CloudSIEM there is a new constant introduced to enable this. When enabled it will produce INFO logmessages that are detected by Datadog's CloudSIEM if you have Datadog configured for your environment.
Please take a look at the documentation: https://docs.mendix.com/developerportal/operate/datadog-metrics/ and https://www.datadoghq.com/blog/how-to-monitor-authentication-logs/#log-using-a-standard-parsable-format

Example is

evt.category="authentication" evt.name="MFA code created" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="user login with MFA" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="MFA validated" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="unknown user" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="Henk"
evt.category="authentication" evt.name="invalid password" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="MFA enabled but no session found" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Max MFA attempts exceeded" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
Loading

Added support for Datadog CloudSIEM

06 Sep 11:22
@pimvdnoll pimvdnoll
v2.1
6442c32
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Added support for Datadog CloudSIEM

To support the feature of using Datadog's CloudSIEM there is a new constant introduced to enable this. When enabled it will produce INFO logmessages that are detected by Datadog's CloudSIEM if you have Datadog configured for your environment.
Please take a look at the documentation: https://docs.mendix.com/developerportal/operate/datadog-metrics/ and https://www.datadoghq.com/blog/how-to-monitor-authentication-logs/#log-using-a-standard-parsable-format

Example is

evt.category="authentication" evt.name="MFA code created" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="user login with MFA" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="MFA validated" network.client.ip=127.0.0.1 evt.outcome="success" usr.name="MxAdmin"
evt.category="authentication" evt.name="unknown user" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="Henk"
evt.category="authentication" evt.name="invalid password" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="MFA enabled but no session found" http.useragent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Invalid MFA entered" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
evt.category="authentication" evt.name="Max MFA attempts exceeded" network.client.ip=127.0.0.1 evt.outcome="failure" usr.name="demo_user"
Loading

Making the complex simple + Mendix 9 fix

29 Dec 22:38
@pimvdnoll pimvdnoll
v2.0
d1e1bdc

Choose a tag to compare

View all tags
Making the complex simple + Mendix 9 fix

After reviewing and feedback we released 2.0 of the module. Please upgrade to this version!

  • When your mark this module as your favorite marketplace content you will receive notifications about new releases.

Breaking change:

  • We removed the capability to use MFA from login.html (too complex)

Configuration:

  • Remove MFA directory from your resources directory

Improvements:

  • For MFA users: Max login attempts and Max MFA attempts can be configured with constants (default is 3)
  • For non-MFA user after the default platform attempts of 3 the user will be blocked according to the Mendix platform default and is released after 5 minutes (but read https://docs.mendix.com/refguide/login-behavior)
  • Improved logging message when user is blocked (so it's in line with unblocks by the Core runtime)
  • Reduced lines of java code
  • Added unit tests (if you experience issues, please check if you can create a unit test for the case)
  • Removed a HTML snippet and replaced this with a nanoflow + Javascript action
  • Create code flow is more fail proof if the custom implementation of creating code was not correct, the flow remains secure (by always setting a random code)
  • This Mendix 8.18.8 version of the module is Mendix 9 compatible (BlockSince attribute on User entity fix for Mendix 9 included!)
Loading

Vulnerability fix, rate limit and documentation

24 Dec 20:04
@pimvdnoll pimvdnoll
v1.5
275b824

Choose a tag to compare

View all tags
Vulnerability fix, rate limit and documentation
  • Added check on MFA code by the user (thanks Dirk of S-Unit for reporting after pentests!)
  • Added rate limit on attempts for MFA codes. Will block after user after 3 times (just like normal login attempts)
  • Custom info and error messages are now possible
  • Small documentation fixes
Loading