MFA Reprompts on SSO login

[Brodur]

I run Rocketchat in Docker - it is up to date.
I have an OUATH/OpenID connect setup using Keycloak for SSO.
I've noticed that my administrator user is re-prompted for MFA (TOTP) after a successful SSO authentication.

As Keycloak already handles MFA - it would be desirable to not prompt upon redirect back.

[yashovardhan]

Hi there,

Thanks for submitting the issue.

For helping us support you better here, please follow our guidelines for reporting issues:

https://rocket.chat/docs/contributing/reporting-issues

Please note that this repository is reserved for bug reporting only, you can ask for support here on our forums:

https://forums.rocket.chat

If you have a feature request, please open a new issue in this repo

https://github.com/RocketChat/feature-requests

[Brodur]

- Operating System / Version / Architecture: Docker (Debian 64bit host) - Browser type and version, including any add-ons.: Reproduced on Chrome, Firefox, Edge - Rocket.Chat version:3.17.0 - Expected behavior: After SSO login - proceed directly to main landing (/channel/general) - Actual behavior: Prompted for MFA after SSO login - Can the bug consistently be reproduced? If so, how?: Configure a 3rd party OAUTH provider - enable MFA on an account, and login using MFA - Relevant errors and other log output: totp-required error shown on login. - Screenshots are necessary https://imgur.com/a/obfPhyR (Something went screwy with the ordering on Imgur- sorry! Essentially - log in with SSO, get directed back, get prompted for TOTP again)

…

On Sun, Aug 1, 2021 at 11:07 AM Yashovardhan Agrawal < ***@***.***> wrote: Hi there, Thanks for submitting the issue. For helping us support you better here, please follow our guidelines for reporting issues: https://rocket.chat/docs/contributing/reporting-issues Please note that this repository is reserved for bug reporting only, you can ask for support here on our forums: https://forums.rocket.chat If you have a feature request, please open a new issue in this repo https://github.com/RocketChat/feature-requests — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#22827 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ALZBAVHW6TAQSTQIZDCABMTT2VWMHANCNFSM5BLG3BZA> .