Affects Version/s: Master
Fix Version/s: None
Component/s: Application Security > Multi-Factor Authentication
Sprint:Iteration 45, Iteration 46, Iteration 47, Iteration 48, Iteration 49, Iteration 50, AppSec Iteration 51, AppSec Iteration 52, AppSec Iteration 53, AppSec Iteration 54, AppSec Iteration 55, AppSec Iteration 56
Git Pull Request:
Currently, the Instance administrator can set any non-valid Origin, and after save, we didn't provide any feedback to UI about this configuration will cause troubles.
- Create a new virtual instance, eg. able.com
- Login to able.com as Instance admin
- Go to Instance Settings / Multi-factor Authentication
- Enable MFA and Save
- Go to FIDO2 settings
- Enter the following to Origins field "http://localhost.com,[http://able.com:8080|http://able.com:8080/]"
No warning message on the UI about the contents of Origins
We should at least, warn the Instance Admin after save, about the origin url will be lead to problems.
Updated on: Tue Nov 17 13:37:30 2020 -0800