Skip to content Skip to site navigation Skip to service navigation

How to Fix Two-Step Authentication Issues with WebAuth Websites

Starting December 2023, duplicate multiple-factor authentication will be retired. Users logging into your server will only have to do two-step authentication only once.

How can application owners fix this?

To make logging in simpler for users, application owners can change their WebAuth sites so that they do not require two-step authentication every day. To disable requiring two-step authentication on your WebAuth site, look in your Apache configuration and remove any lines like

WebAuthRequireInitialFactor m


WebAuthRequireSessionFactor m

Owners can also resolve this problem by migrating their application to SAML 2.0, which you are strongly encouraged to do now. All owners of legacy WebAuth sites will be required to migrate to SAML 2.0 by August 31, 2018.

Last modified February 28, 2024