Skip to main content
Skip table of contents

Troubleshooting the MFA Plugin

With the MFA plugin installed, there is a risk that an XNAT site administrator may inadvertently lock themselves out of their own XNAT. For example, if you require MFA via Google Authenticator, set “Allow Fallback to Email” to “False”, and only enable Authenticator on one device and then lose that device, you will have no effective way of supplying the MFA code.

If this worst case scenario happens, the only way to remedy this currently is to hack the Postgres database that stores MFA credentials. Log into Postgres and enter the following, where {username} is your admin username:

CODE 
update public.xhbm_multifactor_entity set mfa_exempted=true where username = '{username}';

This will grant you an MFA exemption, which you can use to log in without entering your MFA credentials.

Known Issues in MFA 1.5.0

  • There are some conditions in the Plugin Settings UI where a site admin can require their own MFA registration, which should immediately log the user out. Intermittently, this logout does not happen. (MFA-23)

  • On application startup, there can be a race condition where MFA registration pages do not load correctly, with a javascript failure. This can be resolved with a tomcat restart. (MFA-25)

  • The fallback to email screen has a nuisance dialog stating “Refreshing Datatype Cache” that cannot be dismissed. Otherwise the page functions as it should. (MFA-26)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close