Skip to content

Configuration Reference

Minimal configuration

Below is a minimal example of the configuration necessary to use the TwoFAS/TwoFactorBundle in your application:

# app/config/config.yml
two_fas_two_factor:
    account_name: ~
    db_driver: orm
    encryption_key: ~
    firewalls: ["Your firewall name you are using in security.yml"]

Full configuration

Full configuration for TwoFactorBundle:

# app/config/config.yml
two_fas_two_factor:
    account_name: ~
    db_driver: orm
    encryption_key: ~
    firewalls: ["Your firewall name you are using in security.yml"]
    block_user_login_in_minutes: ~
    remember_me:
        lifetime: 31536000
    api_url: ~
    account_url: ~
    persisters:
        option_persister: ~
        user_persister: ~
        authentication_persister: ~
        remember_me_persister: ~
    entities:
        option_class: ~
        user_class: ~
        authentication_class: ~
        remember_me_class: ~

Description

account_name

(default value: null, type: string)

The name displayed as the title in mobile application after scanning QR Code.

db_driver

(default value: none, type: string)

Your DB driver you are using in your application (currently we support: Doctrine ORM). You can use custom but then you have to write your persister classes (see below).

encryption_key

(default value: null, type: string)

The encryption key is used to encrypt your sensitive data stored in your DB and some data sent to the external API. This encryption key should be generated by twofas:create-encryption-key command and pasted as the value of this key.

firewalls

(default value: none, type: array)

Which part of your application should be protected by the second factor authentication. You should use one (or more) firewalls where you are using "form_login".

auth_cannot_retry_lifetime

(default value: 5, type: int)

After 5 unsuccessful attempts to enter the code authentication will be closed and the user will be blocked for a few minutes. You can control this value by entering the number of zero or more.

remember_me

This is the parent key of the options to control "remember me" functionality (in second factor).

lifetime

(default value: 31536000, type: int)

The number of seconds during which the user will remain logged in the second factor. By default users are logged in for one year.

api_url

(default value: null, type: string)

The url of one of us external API (for tests only)

account_url

(default value: null, type: string)

The url of one of us external API (for tests only)

persisters

This is the parent key of the options to control persister services which are responsible for persist data, depending on the ORM. These child options should be changed only when you use "custom" db_driver.

option_persister

(default value: null, type: string)

Name of service used to perform operations on Option entity.

user_persister

(default value: null, type: string)

Name of service used to perform operations on User entity.

authentication_persister

(default value: null, type: string)

Name of service used to perform operations on Authentication entity.

remember_me_persister

(default value: null, type: string)

Name of service used to perform operations on RememberMeToken entity.

entities

This is the parent key of the options to control entities stored in your database. These child options should be changed only when you want extend standard entities.

option_class

(default value: null, type: string)

Reference of class which implements \TwoFAS\TwoFactorBundle\Model\Entity\OptionInterface

user_class

(default value: null, type: string)

Reference of class which implements \TwoFAS\TwoFactorBundle\Model\Entity\UserInterface

authentication_class

(default value: null, type: string)

Reference of class which implements \TwoFAS\TwoFactorBundle\Model\Entity\AuthenticationInterface

remember_me_class

(default value: null, type: string)

Reference of class which implements \TwoFAS\TwoFactorBundle\Model\Entity\RememberMeTokenInterface

Security

This configuration is used for most cases - it allows to use two factor authentication for all users. If you want to limit it to specific roles just change the role below. More information about access_control at How Does the Security access_control Work

# app/config/security.yml
access_control:
    - { path: ^/2fas, role: IS_AUTHENTICATED_REMEMBERED }

IMPORTANT!

If your are using your own voters or if you want to use many roles to check access to 2fas, you have to change Access Decision Strategy in Symfony and use unanimous.

For more information check Symfony documentation at Changing the Access Decision Strategy

<< Translations | Index