Skip to content

Add MFA support for IBM i 7.6 #3036

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SanjulaGanepola wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add MFA support for IBM i 7.6 #3036

SanjulaGanepola wants to merge 1 commit into from

Conversation

@SanjulaGanepola
Copy link
Member

@SanjulaGanepola SanjulaGanepola commented Jan 16, 2026
edited
Loading

Changes

This PR adds a new login setting to enable MFA when connecting:
image

When enabled, this will prompt the user for their TOTP which will be appended to the password when connecting via SSH (<password>:<totp>):
image

For users that have their TOTP optional interval set, you can also just press the Enter key to proceed without entering the TOTP.

This PR also resolves 2 other issues related to hitting Cancel in the progress bar when connecting:

  • Before if you tried to connect and hit Cancel right away, the progress bar goes away, but it still does all connect steps (check the Code for IBM i output channel). Now it properly cancels the connection attempt
  • Similar scenario to above, but if you wait a bit before pressing Cancel, you often would get a Cannot read properties of undefined (reading 'execCommand'). Now it properly notifies the user: Connection attempt cancelled.

Updates to docs: codefori/docs#88

How to test this PR

Scenarios to test:

  1. To test this PR, you will need a 7.6 IBM i with MFA enabled on your system and user profile. Enable the new login setting, try to connect (enter your TOTP when prompted). It should connect successfully.
  2. If your user profile has a TOTP optional interval set, reconnect and press Enter when prompted for the TOTP. It should still connect successfully.
  3. Verify that not entering the TOTP when it is required will result in a failed connection attempt.
  4. Verify that not having this login setting enabled will not prompt you for the TOTP.
  5. You can also test the 2 Cancel related fixes by trying the scenarios I mentioned.

Checklist

  • have tested my change
  • updated relevant documentation

@SanjulaGanepola
Add MFA support for IBM i 7.6
4c53b75 
Signed-off-by: Sanjula Ganepola <Sanjula.Ganepola@ibm.com>
@SanjulaGanepola SanjulaGanepola requested a review from a team January 16, 2026 23:53
@SanjulaGanepola SanjulaGanepola deployed to testing_environment January 16, 2026 23:53 — with GitHub Actions Active
@SanjulaGanepola SanjulaGanepola mentioned this pull request Jan 16, 2026
Open
@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026

👋 A new build is available for this PR based on 4c53b75.

eric-simpson
eric-simpson reviewed Jan 21, 2026
View reviewed changes
src/api/IBMi.ts
callbacks.progress({
message: `Prompting for one-time password.`
});
const oneTimePassword = await options.callbacks.inputBox(`Enter your one-time password or press "Enter" if within your TOTP interval`, `One-Time Password`, true);
Copy link

@eric-simpson eric-simpson Jan 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the terminology should be reviewed.
'one-time password' is not completely correct since it is actually 'time-based one-time password' (TOTP) value.
We should consider what is shown in 5250 and ACS which I think is 'Additional factor'. Consistency would be easier on users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@eric-simpson eric-simpson eric-simpson left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SanjulaGanepola @eric-simpson