Wiki source code of xwiki-two-factor-authentication

Version 1.14 by Agnease on 2026/05/22 03:43

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Siblings
- Content
- Comments
- Attachments
- History
- Information
- Likes

version	line-number	content
1.2	1	{{velocity}}
	2	#set ($discard = $xwiki.ssx.use('PublicWebSite.WebHome'))
	3	#set ($discard = $xwiki.ssx.use('products.WebHome'))
	4	{{html clean="false"}}
	5
	6	<section class="hero hero-centered product-hero" aria-labelledby="product-title">
	7	<div class="container hero-inner">
1.7	8	<div class="hero-kicker">
1.2	9	<i class="fa fa-lock" aria-hidden="true"></i>
	10	XWiki security extension
	11	</div>
	12
	13	<h1 id="product-title">XWiki Two-Factor Authentication</h1>
	14
	15	<p class="lead">
	16	Add a second verification step to the standard XWiki login flow.
	17	</p>
	18
	19	<p class="hero-support">
1.12	20	This XWiki MFA / 2FA extension adds an additional verification step after the standard username and password login.
	21	Users can verify access with authenticator app codes, email-delivered one-time codes, or a combined setup requiring both methods.
1.2	22	</p>
	23
	24	<div class="hero-actions">
	25	<a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Ask about this extension</a>
	26	<a class="btn btn-secondary" href="$xwiki.getURL('products.WebHome')">View all products</a>
	27	</div>
	28	</div>
	29	</section>
	30
	31	<section aria-labelledby="overview-title">
	32	<div class="container">
	33	<div class="product-layout">
	34	<article class="product-summary-card">
	35	<h2 id="overview-title">Stronger login protection for XWiki</h2>
	36
	37	<p>
1.13	38	The XWiki MFA / Two-Factor Authentication extension adds additional verification after the standard
	39	XWiki username and password login. It strengthens account protection without replacing the familiar
	40	XWiki authentication flow.
1.2	41	</p>
	42
	43	<p>
1.13	44	The extension supports authenticator app codes using TOTP, email-delivered one-time verification codes,
	45	and stricter configurations where both verification methods are required. This allows organizations to
	46	choose between a simpler 2FA setup or a stronger multi-step MFA policy.
1.2	47	</p>
	48
	49	<p>
1.13	50	Trusted clients can also be remembered for a configured period. In practice, this means that a known
	51	browser or device can avoid repeated MFA prompts, while new or untrusted clients still require the
	52	configured verification steps.
1.2	53	</p>
	54	</article>
	55
	56	<aside class="product-info-card" aria-labelledby="quick-facts-title">
	57	<h3 id="quick-facts-title">Quick facts</h3>
	58	<ul>
	59	<li>Works with the standard XWiki login flow</li>
1.14	60	<li>Supports authenticator app codes using TOTP</li>
	61	<li>Supports email-delivered one-time verification codes</li>
	62	<li>Can require app code and email code together for stricter MFA</li>
	63	<li>Can remember trusted browsers or devices beyond the current session</li>
	64	<li>Includes wiki administration and user profile controls</li>
1.2	65	<li>Can be used on the main wiki and subwikis</li>
	66	</ul>
	67	</aside>
	68	</div>
	69	</div>
	70	</section>
	71
	72	<section aria-labelledby="features-title">
	73	<div class="container">
	74	<h2 id="features-title">Main capabilities</h2>
	75	<p class="section-intro">
	76	The extension focuses on adding a practical second authentication step while keeping the standard XWiki login
	77	process and administration experience understandable.
	78	</p>
	79
	80	<div class="product-feature-grid">
	81	<article class="product-feature">
	82	<div class="feature-icon">
	83	<i class="fa fa-key" aria-hidden="true"></i>
	84	</div>
	85	<h3>Second login step</h3>
	86	<p>
1.11	87	After the username and password are verified, users are asked to enter an additional verification code
	88	before accessing the wiki.
1.2	89	</p>
	90	</article>
	91
	92	<article class="product-feature">
	93	<div class="feature-icon">
1.11	94	<i class="fa fa-mobile" aria-hidden="true"></i>
	95	</div>
	96	<h3>Authenticator app codes</h3>
	97	<p>
1.14	98	Users can verify access with TOTP codes generated by authenticator applications on a mobile device or desktop.
1.11	99	</p>
	100	</article>
	101
	102	<article class="product-feature">
	103	<div class="feature-icon">
	104	<i class="fa fa-envelope-o" aria-hidden="true"></i>
	105	</div>
	106	<h3>Email verification codes</h3>
	107	<p>
1.14	108	Users can receive one-time verification codes by email, useful when an authenticator app is not available or preferred.
1.11	109	</p>
	110	</article>
	111
	112	<article class="product-feature">
	113	<div class="feature-icon">
1.14	114	<i class="fa fa-plus-circle" aria-hidden="true"></i>
	115	</div>
	116	<h3>Combined verification</h3>
	117	<p>
	118	The extension can also require both an authenticator app code and an email code for stricter multi-factor verification.
	119	</p>
	120	</article>
	121
	122	<article class="product-feature">
	123	<div class="feature-icon">
1.2	124	<i class="fa fa-qrcode" aria-hidden="true"></i>
	125	</div>
	126	<h3>User setup screen</h3>
	127	<p>
	128	Users can configure their verification code setup during login or from their XWiki profile when needed.
	129	</p>
	130	</article>
	131
	132	<article class="product-feature">
	133	<div class="feature-icon">
1.14	134	<i class="fa fa-laptop" aria-hidden="true"></i>
1.11	135	</div>
	136	<h3>Remember trusted clients</h3>
	137	<p>
1.14	138	Known browsers or devices can be remembered for a configured period, reducing repeated MFA prompts from trusted clients.
1.11	139	</p>
	140	</article>
	141
1.14	142	article class="product-feature">
1.11	143	<div class="feature-icon">
1.2	144	<i class="fa fa-sliders" aria-hidden="true"></i>
	145	</div>
	146	<h3>Administration controls</h3>
	147	<p>
1.14	148	Administrators can configure MFA behavior, manage user activation, and reset user setup when required.
1.2	149	</p>
	150	</article>
	151
	152	<article class="product-feature">
	153	<div class="feature-icon">
	154	<i class="fa fa-user" aria-hidden="true"></i>
	155	</div>
	156	<h3>Profile integration</h3>
	157	<p>
	158	The extension adds user profile controls so the second-factor setup can be reviewed or reset from XWiki.
	159	</p>
	160	</article>
	161
	162	<article class="product-feature">
	163	<div class="feature-icon">
	164	<i class="fa fa-random" aria-hidden="true"></i>
	165	</div>
	166	<h3>Fallback behavior</h3>
	167	<p>
	168	The extension can fall back to standard XWiki authentication when the feature is not enabled or not configured.
	169	</p>
	170	</article>
	171
	172	<article class="product-feature">
	173	<div class="feature-icon">
	174	<i class="fa fa-sitemap" aria-hidden="true"></i>
	175	</div>
	176	<h3>Main wiki and subwikis</h3>
	177	<p>
	178	The extension is designed to support XWiki environments using the main wiki and subwikis.
	179	</p>
	180	</article>
	181	</div>
	182	</div>
	183	</section>
	184
	185	<section aria-labelledby="use-cases-title">
	186	<div class="container">
	187	<div class="product-layout">
	188	<article class="product-summary-card">
	189	<h2 id="use-cases-title">When this extension is useful</h2>
	190
	191	<p>
	192	Two-factor authentication is especially relevant when XWiki contains internal documentation, procedures,
	193	customer information, project knowledge, administrative pages, or business-critical content.
	194	</p>
	195
	196	<p>
1.11	197	It can also support organizations that need MFA as part of their cybersecurity controls, including companies
	198	working toward NIS 2 readiness. NIS 2 focuses on stronger cybersecurity risk management across essential and
	199	important entities in the EU, and MFA is often expected as part of enterprise access protection programs.
	200	</p>
	201
	202	<p>
1.2	203	It is also useful when many users access the wiki remotely, when administrator accounts need stronger protection,
	204	or when the organization wants to reduce the risk of compromised passwords.
	205	</p>
	206	</article>
	207
	208	<aside class="product-info-card" aria-labelledby="good-fit-title">
	209	<h3 id="good-fit-title">Good fit for</h3>
	210	<ul>
	211	<li>Private XWiki knowledge bases</li>
	212	<li>Company intranets</li>
	213	<li>SOP and controlled-document platforms</li>
	214	<li>Documentation portals with sensitive content</li>
	215	<li>Wikis with several administrators or remote users</li>
	216	</ul>
	217	</aside>
	218	</div>
	219	</div>
	220	</section>
	221
1.11	222	<section class="product-section-muted" aria-labelledby="compliance-title">
	223	<div class="container">
	224	<div class="product-layout">
	225	<article class="product-summary-card">
	226	<h2 id="compliance-title">Useful for MFA adoption and NIS 2 readiness</h2>
	227
	228	<p>
1.14	229	Many organizations now need multi-factor authentication for enterprise software, including internal
	230	knowledge bases, documentation platforms, intranets and systems that contain operational procedures
	231	or sensitive business information.
1.11	232	</p>
	233
	234	<p>
1.14	235	For organizations using XWiki, adding MFA directly to the standard XWiki login flow can help close a
	236	practical access-control gap. The extension can support simple 2FA with one additional verification method,
	237	or a stricter MFA setup where both authenticator app and email verification are required.
1.11	238	</p>
	239
	240	<p>
1.14	241	This can be relevant for organizations preparing for NIS 2, where multi-factor authentication or
	242	continuous authentication is part of cybersecurity risk-management measures, where appropriate.
	243	MFA support in XWiki is only one part of a broader compliance and security program, but it can be an
	244	important technical control for protecting access to the wiki.
1.11	245	</p>
	246	</article>
	247
	248	<aside class="product-info-card" aria-labelledby="mfa-readiness-title">
	249	<h3 id="mfa-readiness-title">Security controls supported</h3>
	250	<ul>
	251	<li>Second-factor verification after password login</li>
	252	<li>Authenticator app or email-based verification codes</li>
	253	<li>Reduced repeated prompts for trusted clients</li>
	254	<li>Administration controls for user-level MFA management</li>
	255	<li>Better protection for administrator and remote-access accounts</li>
	256	</ul>
	257	</aside>
	258	</div>
	259	</div>
	260	</section>
	261
1.6	262	#*
1.2	263	<section aria-labelledby="gallery-title">
	264	<div class="container">
	265	<div class="product-gallery-panel">
	266	<h2 id="gallery-title">Screenshots</h2>
	267	<p class="gallery-note">
	268	Use this area to show the login verification screen, first-time setup, user profile controls,
	269	and administration configuration.
	270	</p>
	271
	272	<div class="product-gallery-placeholder">
	273	Replace this placeholder with the XWiki gallery macro and 3-5 screenshots from the application.
	274	</div>
	275	</div>
	276	</div>
	277	</section>
1.6	278	*#
1.2	279	<section class="cta-section" aria-labelledby="cta-title">
	280	<div class="container">
	281	<div class="cta-panel">
	282	<h2 id="cta-title">Interested in using this extension?</h2>
	283	<p>
	284	Send a short message with your XWiki version, authentication setup, and whether you use a single wiki
	285	or a main wiki with subwikis.
	286	</p>
	287	<a class="btn btn-primary" href="$xwiki.getURL('contact.WebHome')">Contact Agnease</a>
	288	</div>
	289	</div>
	290	</section>
	291
	292	{{/html}}
	293	{{/velocity}}