Trusted browser plugin¶
This plugin lets you remember your web browser after a successful login. This trusted browser can then be used to skip the entire authentication, or just bypass second factors.
Configuration¶
Parameters:
Activation condition: Enable the plugin for all users or only under certain conditions
Authentication bypass: Skip authentication completely if the user has a trusted browser (not recommended)
Do not check fingerprint: enable/disable browser fingerprint checking
Expiration time: how long browsers are remembered
Cookie name: trusted browser cookie name
One trusted browser per user: allow only one trusted browser per user New trusted browsers will disable the old ones. This option requires Indexing the _session_uid field.
Rules examples¶
Only allow members of a certain group to remember their browsers
inGroup('trusted_users')
Only allow registering a trusted browser from a certain network
inSubnet('10.0.0.0/8', '192.168.0.0/16')
Only allow remembering the web browser if the authentication was strong enough
$authenticationLevel >= 4
Using trusted browsers to bypass 2FA¶
You can use the $_trustedBrowser
session variable in 2FA rules, for example, as a TOTP activation rule
has2f("TOTP") and !$_trustedBrowser
means that TOTP will not be asked for trusted browsers