diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
index 9ddbf1e0e..94c8b561a 100644
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Session/REST.pm
@@ -3,6 +3,7 @@ package Lemonldap::NG::Common::Session::REST;
 use strict;
 use Mouse;
 use Lemonldap::NG::Common::Conf::Constants;
+use JSON qw(from_json to_json);
 
 our $VERSION = '2.0.0';
 
@@ -44,15 +45,17 @@ sub delSession {
     my $id = $req->params('sessionId')
       or return $self->sendError( $req, 'sessionId is missing', 400 );
     my $session = $self->getApacheSession( $mod, $id );
+    $self->logger->debug("Delete session : $id");
     $session->remove;
     Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+
     if ( $session->error ) {
         return $self->sendError( $req, $session->error, 200 );
     }
     return $self->sendJSONresponse( $req, { result => 1 } );
 }
 
-sub deleteU2FKey {
+sub delete2F {
     my ( $self, $req ) = @_;
     return $self->sendJSONresponse( $req, { result => 1 } )
       if ( $self->{demoMode} );
@@ -62,12 +65,51 @@ sub deleteU2FKey {
       or return $self->sendError( $req, 'sessionId is missing', 400 );
 
     # Try to read session
+    $self->logger->debug("Loading session : $id");
     my $session = $self->getApacheSession( $mod, $id )
       or return $self->sendError( $req, undef, 400 );
 
-    # Delete U2F key attributs and update session
-    $session->data->{_u2fKeyHandle} = '';
-    $session->data->{_u2fUserKey}   = '';
+    # Try to read 2F parameters
+    $self->logger->debug("Reading parameters ...");
+    my $params = $req->parameters();
+    my $type   = $params->{type}
+      or return $self->sendError( $req, '2F device Type is missing', 400 );
+    my $epoch = $params->{epoch}
+      or return $self->sendError( $req, '2F device Epoch is missing', 400 );
+
+    # Try to load 2F Device(s) from session
+    $self->logger->debug("Looking for 2F Device(s) ...");
+    my $_2fDevices;
+    if ( $session->data->{_2fDevices} ) {
+        $_2fDevices = eval {
+            from_json( $session->data->{_2fDevices}, { allow_nonref => 1 } );
+        };
+        if ($@) {
+            $self->logger->error("Corrupted session (_2fDevices) : $@");
+            return $self->p->sendError( $req, "Corrupted session", 500 );
+        }
+    }
+    else {
+        $self->logger->debug("No 2F Device found");
+        $_2fDevices = [];
+    }
+
+    # Delete 2F device
+    $self->logger->debug("Reading 2F device(s) ...");
+    my @keep = ();
+    while (@$_2fDevices) {
+        my $element = shift @$_2fDevices;
+        $self->logger->debug(
+            "Searching 2F device to delete -> $type / $epoch ...");
+        push @keep, $element
+          unless ( ( $element->{type} eq $type )
+            and ( $element->{epoch} eq $epoch ) );
+    }
+
+    # Update session
+    $self->logger->debug("Saving 2F Devices ...");
+    $session->data->{_2fDevices} = to_json( \@keep );
+    $self->logger->debug("Updating session ...");
     $session->update( \%{ $session->data } );
 
     Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
@@ -77,79 +119,55 @@ sub deleteU2FKey {
     return $self->sendJSONresponse( $req, { result => 1 } );
 }
 
-sub deleteTOTPKey {
-    my ( $self, $req ) = @_;
-    return $self->sendJSONresponse( $req, { result => 1 } )
-      if ( $self->{demoMode} );
-    my $mod = $self->getMod($req)
-      or return $self->sendError( $req, undef, 400 );
-    my $id = $req->params('sessionId')
-      or return $self->sendError( $req, 'sessionId is missing', 400 );
+#sub add2F {
+#my ( $self, $req ) = @_;
+#return $self->sendJSONresponse( $req, { result => 1 } )
+#if ( $self->{demoMode} );
+#my $mod = $self->getMod($req)
+#or return $self->sendError( $req, undef, 400 );
+#my $id = $req->params('sessionId')
+#or return $self->sendError( $req, 'sessionId is missing', 400 );
 
-    # Try to read session
-    my $session = $self->getApacheSession( $mod, $id )
-      or return $self->sendError( $req, undef, 400 );
+## Try to read session
+#my $session = $self->getApacheSession( $mod, $id )
+#or return $self->sendError( $req, undef, 400 );
 
-    # Delete U2F key attributs and update session
-    $session->data->{_totp2fSecret} = '';
-    $session->update( \%{ $session->data } );
+## Delete U2F key attributs and update session
+#$session->data->{_u2fKeyHandle} = 'TOF';
+#$session->data->{_u2fUserKey}   = 'TOF';
+#$session->update( \%{ $session->data } );
 
-    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
-    if ( $session->error ) {
-        return $self->sendError( $req, $session->error, 200 );
-    }
-    return $self->sendJSONresponse( $req, { result => 1 } );
-}
+#Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+#if ( $session->error ) {
+#return $self->sendError( $req, $session->error, 200 );
+#}
+#return $self->sendJSONresponse( $req, { result => 1 } );
+#}
 
-sub addU2FKey {
-    my ( $self, $req ) = @_;
-    return $self->sendJSONresponse( $req, { result => 1 } )
-      if ( $self->{demoMode} );
-    my $mod = $self->getMod($req)
-      or return $self->sendError( $req, undef, 400 );
-    my $id = $req->params('sessionId')
-      or return $self->sendError( $req, 'sessionId is missing', 400 );
+#sub verify2F {
+#my ( $self, $req ) = @_;
+#return $self->sendJSONresponse( $req, { result => 1 } )
+#if ( $self->{demoMode} );
+#my $mod = $self->getMod($req)
+#or return $self->sendError( $req, undef, 400 );
+#my $id = $req->params('sessionId')
+#or return $self->sendError( $req, 'sessionId is missing', 400 );
 
-    # Try to read session
-    my $session = $self->getApacheSession( $mod, $id )
-      or return $self->sendError( $req, undef, 400 );
+## Try to read session
+#my $session = $self->getApacheSession( $mod, $id )
+#or return $self->sendError( $req, undef, 400 );
 
-    # Delete U2F key attributs and update session
-    $session->data->{_u2fKeyHandle} = 'TOF';
-    $session->data->{_u2fUserKey}   = 'TOF';
-    $session->update( \%{ $session->data } );
+## Delete U2F key attributs and update session
+#$session->data->{_u2fKeyHandle} = 'OK';
+#$session->data->{_u2fUserKey}   = 'OK';
+#$session->update( \%{ $session->data } );
 
-    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
-    if ( $session->error ) {
-        return $self->sendError( $req, $session->error, 200 );
-    }
-    return $self->sendJSONresponse( $req, { result => 1 } );
-}
-
-sub verifyU2FKey {
-    my ( $self, $req ) = @_;
-    return $self->sendJSONresponse( $req, { result => 1 } )
-      if ( $self->{demoMode} );
-    my $mod = $self->getMod($req)
-      or return $self->sendError( $req, undef, 400 );
-    my $id = $req->params('sessionId')
-      or return $self->sendError( $req, 'sessionId is missing', 400 );
-
-    # Try to read session
-    my $session = $self->getApacheSession( $mod, $id )
-      or return $self->sendError( $req, undef, 400 );
-
-    # Delete U2F key attributs and update session
-    $session->data->{_u2fKeyHandle} = 'OK';
-    $session->data->{_u2fUserKey}   = 'OK';
-    $session->update( \%{ $session->data } );
-
-    Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
-    if ( $session->error ) {
-        return $self->sendError( $req, $session->error, 200 );
-    }
-    return $self->sendJSONresponse( $req, { result => 1 } );
-}
+#Lemonldap::NG::Handler::PSGI::Main->localUnlog( $req, $id );
+#if ( $session->error ) {
+#return $self->sendError( $req, $session->error, 200 );
+#}
+#return $self->sendJSONresponse( $req, { result => 1 } );
+#}
 
 sub session {
     my ( $self, $req, $id, $skey ) = @_;
diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
index d408664c0..e6f204075 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/2ndFA.pm
@@ -27,7 +27,7 @@ use constant defaultRoute => '2ndfa.html#/persistent';
 sub addRoutes {
     my ( $self, $conf ) = @_;
 
-    # Remote Procedure Call are defined in Lemonldap::NG::Common::Session::REST
+    # Remote Procedure are defined in Lemonldap::NG::Common::Session::REST
     # HTML template
     $self->addRoute( '2ndfa.html', undef, ['GET'] )
 
@@ -36,24 +36,24 @@ sub addRoutes {
         ['GET']
       )
 
-      # DELETE 2FA KEY
+      # DELETE 2FA DEVICE
       ->addRoute(
-        sfa => { ':sessionType' => { ':sessionId' => 'delete2FAKey' } },
+        sfa => { ':sessionType' => { ':sessionId' => 'delete2FA' } },
         ['DELETE']
-      )
-
-      # ADD 2FA KEY
-      ->addRoute(
-        sfa => { ':sessionType' => { ':sessionId' => 'add2FAKey' } },
-        ['PUT']
-      )
-
-      # VERIFY 2FA KEY
-      ->addRoute(
-        sfa => { ':sessionType' => { ':sessionId' => 'verify2FAKey' } },
-        ['POST']
       );
 
+      ## ADD 2FA DEVICE
+      #->addRoute(
+        #sfa => { ':sessionType' => { ':sessionId' => 'add2FA' } },
+        #['PUT']
+      #)
+
+      ## VERIFY 2FA DEVICE
+      #->addRoute(
+        #sfa => { ':sessionType' => { ':sessionId' => 'verify2FA' } },
+        #['POST']
+      #);
+
     $self->setTypes($conf);
 
     $self->{ipField}              ||= 'ipAddr';
@@ -61,54 +61,60 @@ sub addRoutes {
     $self->{hiddenAttributes} //= "_password";
     $self->{TOTPCheck} = '1';
     $self->{U2FCheck}  = '1';
+    $self->{UBKCheck}  = '1';
 }
 
 ###################
 # II. 2FA METHODS #
 ###################
 
-sub delete2FAKey {
+sub delete2FA {
 
     my ( $self, $req, $session, $skey ) = @_;
 
     my $mod = $self->getMod($req)
       or return $self->sendError( $req, undef, 400 );
 
-    my $params = $req->parameters();
-    my $Key    = $params->{Key};
+    my $params 	= $req->parameters();
+    my $type    = $params->{type};
+    my $epoch	= $params->{epoch};
 
-    if ( $Key =~ /\bU2F\b/ ) {
-        $self->logger->debug("Call procedure deleteU2FKey");
-        return $self->deleteU2FKey( $req, $session, $skey );
-    }
-    elsif ( $Key =~ /\bTOTP\b/ ) {
-        $self->logger->debug("Call procedure deleteTOTPKey");
-        return $self->deleteTOTPKey( $req, $session, $skey );
+    if ( $type =~ /\b(?:U2F|TOTP|UBK)\b/ and $epoch ) {
+        $self->logger->debug("Call procedure delete2F with type=$type and epoch=$epoch");
+        return $self->delete2F( $req, $session, $skey );
     }
+    #elsif ( $type =~ /\bTOTP\b/ ) {
+        #$self->logger->debug("Call procedure deleteTOTP");
+        #return $self->deleteTOTP( $req, $session, $skey );
+    #}
+    #elsif ( $type =~ /\bUBK\b/ ) {
+        #$self->logger->debug("Call procedure deleteUBK");
+        #return $self->deleteUBK( $req, $session, $skey );
+    #}
     else {
         return $self->sendError( $req, undef, 400 );
     }
 }
 
-sub add2FAKey {
+#sub add2FA {
 
-    my ( $self, $req, $session, $skey ) = @_;
+    #my ( $self, $req, $session, $skey ) = @_;
 
-    eval 'use Crypt::U2F::Server::Simple';
-    if ($@) {
-        $self->error("Can't load U2F library: $@");
-        return 0;
-    }
+    #eval 'use Crypt::U2F::Server::Simple';
+    #if ($@) {
+        #$self->error("Can't load U2F library: $@");
+        #return 0;
+    #}
 
-    return $self->addU2FKey( $req, $session, $skey );
-}
+    #return $self->addU2FKey( $req, $session, $skey );
+#}
 
-sub verify2FAKey {
+#sub verify2FA {
 
-    my ( $self, $req, $session, $skey ) = @_;
+    #my ( $self, $req, $session, $skey ) = @_;
 
-    return $self->addU2FKey( $req, $session, $skey );
-}
+    #return $self->addU2FKey( $req, $session, $skey );
+#}
 
 ########################
 # III. DISPLAY METHODS #
@@ -137,8 +143,7 @@ sub sfa {
     # 2.1 Get fields to require
     my @fields = (
         '_httpSessionType', $self->{ipField},
-        $whatToTrace,       '_u2fKeyHandle',
-        '_totp2fSecret'
+        $whatToTrace,       '_2fDevices'
     );
     if ( my $groupBy = $params->{groupBy} ) {
         $groupBy =~ s/^substr\((\w+)(?:,\d+(?:,\d+)?)?\)$/$1/;
@@ -155,9 +160,10 @@ sub sfa {
     $moduleOptions->{backend} = $mod->{module};
 
     # Select 2FA sessions to display
-    if ( defined $params->{TOTPCheck} and defined $params->{TOTPCheck} ) {
+    if ( defined $params->{TOTPCheck} or defined $params->{U2FCheck} or defined $params->{UBKCheck}) {
         $self->{TOTPCheck} = delete $params->{TOTPCheck};
         $self->{U2FCheck}  = delete $params->{U2FCheck};
+        $self->{UBKCheck}  = delete $params->{UBKCheck};
     }
 
     my %filters = map {
@@ -236,15 +242,22 @@ sub sfa {
     if ( $self->{U2FCheck} eq '2' ) {
         foreach my $session ( keys %$res ) {
             delete $res->{$session}
-              unless ( defined $res->{$session}->{_u2fKeyHandle}
-                and length $res->{$session}->{_u2fKeyHandle} );
+              unless ( defined $res->{$session}->{_2fDevices}
+                and $res->{$session}->{_2fDevices} =~ /"type":\s*"U2F"/s );
         }
     }
     if ( $self->{TOTPCheck} eq '2' ) {
         foreach my $session ( keys %$res ) {
             delete $res->{$session}
-              unless ( defined $res->{$session}->{_totp2fSecret}
-                and length $res->{$session}->{_totp2fSecret} );
+              unless ( defined $res->{$session}->{_2fDevices}
+                and $res->{$session}->{_2fDevices} =~ /"type":\s*"TOTP"/s );
+        }
+    }
+    if ( $self->{UBKCheck} eq '2' ) {
+        foreach my $session ( keys %$res ) {
+            delete $res->{$session}
+              unless ( defined $res->{$session}->{_2fDevices}
+                and $res->{$session}->{_2fDevices} =~ /"type":\s*"UBK"/s );
         }
     }
 
diff --git a/lemonldap-ng-manager/site/coffee/2ndfa.coffee b/lemonldap-ng-manager/site/coffee/2ndfa.coffee
index 341bdc23d..632cc224d 100644
--- a/lemonldap-ng-manager/site/coffee/2ndfa.coffee
+++ b/lemonldap-ng-manager/site/coffee/2ndfa.coffee
@@ -19,9 +19,6 @@ displayError = (j, status, err) ->
 		setMsg res, 'warning'
 
 
-
-
-
 # Max number of session to display (see overScheme)
 max = 25
 
@@ -72,40 +69,34 @@ hiddenAttributes = '_password'
 categories =
     dateTitle:          ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen']
     connectionTitle:    ['ipAddr', '_timezone', '_url']
-    authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel']
-    modulesTitle:       ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti']
-    saml:               ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
-    groups:             ['groups', 'hGroups']
-    ldap:               ['dn']
-    BrowserID:          ['_browserIdAnswer', '_browserIdAnswerRaw']
-    OpenIDConnect:      ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
+    sfaTitle:			['_2fDevices']
 
 # Menu entries
 menu =
-	delU2FKey: [
-		title: 'deleteU2FKey'
-		icon:  'trash'
-	]
-	addU2FKey: [
-		title: 'addU2FKey'
-		icon:  'plus'
-	]
-	verifyU2FKey: [
-		title: 'verifyU2FKey'
-		icon:  'check'
-	]
-	delTOTPKey: [
-		title: 'deleteTOTPKey'
-		icon:  'trash'
-	]
-	addTOTPKey: [
-		title: 'addTOTPKey'
-		icon:  'plus'
-	]
-	verifyTOTPKey: [
-		title: 'verifyTOTPKey'
-		icon:  'check'
-	]
+	#delU2FKey: [
+		#title: 'deleteU2FKey'
+		#icon:  'trash'
+	#]
+	#addU2FKey: [
+		#title: 'addU2FKey'
+		#icon:  'plus'
+	#]
+	#verifyU2FKey: [
+		#title: 'verifyU2FKey'
+		#icon:  'check'
+	#]
+	#delTOTPKey: [
+		#title: 'deleteTOTPKey'
+		#icon:  'trash'
+	#]
+	#addTOTPKey: [
+		#title: 'addTOTPKey'
+		#icon:  'plus'
+	#]
+	#verifyTOTPKey: [
+		#title: 'verifyTOTPKey'
+		#icon:  'check'
+	#]
 	home: []
 
 ###
@@ -146,6 +137,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 			switch typeof button.action
 				when 'function'
 					button.action $scope.currentNode, $scope
+					$scope[button.action]()
 				when 'string'
 					$scope[button.action]()
 				else
@@ -161,83 +153,49 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 		$scope.data = []
 		$scope.updateTree2 '', $scope.data, 0, 0
 	
-	# Delete U2F key
-	$scope.deleteU2FKey = ->
+	# Delete 2FA device
+	$scope.delete2FA = (type, epoch) ->
+		item = angular.element("#data-#{epoch}")
+		item.remove()
 		$scope.waiting = true
-		$http['delete']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
+		$http['delete']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?type=#{type}&epoch=#{epoch}").then (response) ->
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
+			#$scope.data = []
 			$scope.waiting = false
 		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		$scope.showT = false
-		
-	# Delete TOTP key
-	$scope.deleteTOTPKey = ->
-		$scope.waiting = true
-		$http['delete']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
 			$scope.waiting = false
 		$scope.showT = false
+		#$scope.data = []
 
-	# Add U2F key
-	$scope.addU2FKey = ->
-		$scope.waiting = true
-		$http['put']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		$scope.showT = false
-		
-	# Add TOTP key
-	$scope.addTOTPKey = ->
-		$scope.waiting = true
-		$http['put']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		$scope.showT = false
+	## Add 2FA device
+	#$scope.add2FA (type) = ->
+		#$scope.waiting = true
+		#$http['put']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) ->
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
+			#$scope.waiting = false
+		#, (resp) ->
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
+			#$scope.waiting = false
+		#$scope.showT = false
 
-	# Verify U2F key
-	$scope.verifyU2FKey = ->
-		$scope.waiting = true
-		$http['post']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=U2F").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		$scope.showT = true
 
-	# Verify TOTP key
-	$scope.verifyTOTPKey = ->
-		$scope.waiting = true
-		$http['post']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		, (resp) ->
-			$scope.currentSession = null
-			$scope.currentScope.remove()
-			$scope.waiting = false
-		$scope.showT = true
+	## Verify 2FA device
+	#$scope.verify2FA (epoch) = ->
+		#$scope.waiting = true
+		#$http['post']("#{scriptname}sfa/#{sessionType}/#{$scope.currentSession.id}?Key=TOTP").then (response) ->
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
+			#$scope.waiting = false
+		#, (resp) ->
+			#$scope.currentSession = null
+			#$scope.currentScope.remove()
+			#$scope.waiting = false
+		#$scope.showT = true
 
 	# Open node
 	$scope.stoggle = (scope) ->
@@ -284,66 +242,46 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 						else if key.match /^(_utime|_lastAuthnUTime|_lastSeen|notification)$/
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
-							session[key] = _stToStr value
-						#else if key.match /^(_u2fKeyHandle|_u2fUserKey|_totp2fSecret)$/
-						#	session[key] = '##########'
-							
+							session[key] = _stToStr value							
 			res = []
 
 			# 2. Push session keys in result, grouped by categories
 			for category, attrs of categories
 				subres = []
 				for attr in attrs
-					if session[attr]
-						subres.push
-							title: attr
-							value: session[attr]
-						delete session[attr]
+					if session[attr]  and session[attr].match(/\w+/)
+						if session[attr].match(/"type":\s*"(?:TOTP|U2F|UBK)"/)
+							subres.push
+								title: "type"
+								value: "name"
+								sdate: "date"
+							array = JSON.parse(session[attr]);
+							for sfDevice in array
+								for key, value of sfDevice
+									if key == 'type'
+										title = value
+									if key == 'name'
+										name = value
+									if key == 'epoch'
+										epoch   = value
+										newDate = new Date(value * 1000)
+										myDate  = newDate.toLocaleString()
+								subres.push
+									title: title
+									value: name
+									epoch: epoch
+									sdate: myDate
+							delete session[attr]	
+						else
+							subres.push
+								title: attr
+								value: session[attr]
+							delete session[attr]
+					
 				if subres.length >0
 					res.push
 						title: "__#{category}__"
 						nodes: subres
-
-			# 3. Add OpenID and notifications already notified
-			_insert '^openid', 'OpenID'
-			_insert '^notification_(.+)', '__notificationsDone__'
-
-			# 4. Add session history if exists
-			if session._loginHistory
-				tmp = []
-				if session._loginHistory.successLogin
-					for l in session._loginHistory.successLogin
-						tmp.push
-							t: l._utime
-							title: $scope.localeDate l._utime
-							value: "Success (IP #{l.ipAddr})"
-				if session._loginHistory.failedLogin
-					for l in session._loginHistory.failedLogin
-						tmp.push
-							t: l._utime
-							title: $scope.localeDate l._utime
-							value: "#{l.error} (IP #{l.ipAddr})"
-				delete session._loginHistory
-				tmp.sort (a,b) ->
-					a.t - b.t
-				res.push
-					title: '__loginHistory__'
-					nodes: tmp
-
-			# 5. Other keys (attributes and macros)
-			tmp = []
-			for key, value of session
-				tmp.push
-					title: key
-					value: value
-			tmp.sort (a,b) ->
-				if a.title > b.title then 1
-				else if a.title < b.title then -1
-				else 0
-
-			res.push
-				title: '__attributesAndMacros__'
-				nodes: tmp
 			return {
 				_utime: time
 				id: id
@@ -478,7 +416,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 			over = 0
 
 		# Launch HTTP
-		$http.get("#{scriptname}sfa/#{sessionType}?_session_uid=#{$scope.searchString}*&groupBy=substr(_session_uid,#{$scope.searchString.length})&U2FCheck=#{$scope.U2FCheck}&TOTPCheck=#{$scope.TOTPCheck}").then (response) ->
+		$http.get("#{scriptname}sfa/#{sessionType}?_session_uid=#{$scope.searchString}*&groupBy=substr(_session_uid,#{$scope.searchString.length})&U2FCheck=#{$scope.U2FCheck}&TOTPCheck=#{$scope.TOTPCheck}&UBKCheck=#{$scope.UBKCheck}").then (response) ->
 			data = response.data
 			if data.result
 				for n in data.values
@@ -528,3 +466,5 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 	$scope.type = if c then c[1] else '_whatToTrace'
 ]
 
+
+
diff --git a/lemonldap-ng-manager/site/coffee/sessions.coffee b/lemonldap-ng-manager/site/coffee/sessions.coffee
index 589f03a79..bd3dbb65d 100644
--- a/lemonldap-ng-manager/site/coffee/sessions.coffee
+++ b/lemonldap-ng-manager/site/coffee/sessions.coffee
@@ -77,7 +77,7 @@ hiddenAttributes = '_password'
 categories =
     dateTitle:          ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen']
     connectionTitle:    ['ipAddr', '_timezone', '_url']
-    authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel']
+    authenticationTitle:['_session_id', '_user', '_password', 'authenticationLevel', '_2fDevices']
     modulesTitle:       ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti']
     saml:               ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump']
     groups:             ['groups', 'hGroups']
@@ -196,8 +196,7 @@ llapp.controller 'SessionsExplorerCtrl', ['$scope', '$translator', '$location',
 							session[key] = $scope.localeDate value
 						else if key.match /^(_startTime|_updateTime)$/
 							session[key] = _stToStr value
-						#else if key.match /^(_u2fKeyHandle|_u2fUserKey|_totp2fSecret)$/
-						#	session[key] = '##########'
+							
 			res = []
 
 			# 2. Push session keys in result, grouped by categories
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.js b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.js
index b9675000c..b43d64756 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.js
@@ -82,52 +82,10 @@
   categories = {
     dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen'],
     connectionTitle: ['ipAddr', '_timezone', '_url'],
-    authenticationTitle: ['_session_id', '_user', '_password', 'authenticationLevel'],
-    modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti'],
-    saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
-    groups: ['groups', 'hGroups'],
-    ldap: ['dn'],
-    BrowserID: ['_browserIdAnswer', '_browserIdAnswerRaw'],
-    OpenIDConnect: ['_oidc_id_token', '_oidc_OP', '_oidc_access_token']
+    sfaTitle: ['_2fDevices']
   };
 
   menu = {
-    delU2FKey: [
-      {
-        title: 'deleteU2FKey',
-        icon: 'trash'
-      }
-    ],
-    addU2FKey: [
-      {
-        title: 'addU2FKey',
-        icon: 'plus'
-      }
-    ],
-    verifyU2FKey: [
-      {
-        title: 'verifyU2FKey',
-        icon: 'check'
-      }
-    ],
-    delTOTPKey: [
-      {
-        title: 'deleteTOTPKey',
-        icon: 'trash'
-      }
-    ],
-    addTOTPKey: [
-      {
-        title: 'addTOTPKey',
-        icon: 'plus'
-      }
-    ],
-    verifyTOTPKey: [
-      {
-        title: 'verifyTOTPKey',
-        icon: 'check'
-      }
-    ],
     home: []
   };
 
@@ -171,6 +129,7 @@
           switch (typeof button.action) {
             case 'function':
               button.action($scope.currentNode, $scope);
+              $scope[button.action]();
               break;
             case 'string':
               $scope[button.action]();
@@ -189,84 +148,18 @@
         $scope.data = [];
         return $scope.updateTree2('', $scope.data, 0, 0);
       };
-      $scope.deleteU2FKey = function() {
+      $scope.delete2FA = function(type, epoch) {
+        var item;
+        item = angular.element("#data-" + epoch);
+        item.remove();
         $scope.waiting = true;
-        $http['delete'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=U2F").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
+        $http['delete'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?type=" + type + "&epoch=" + epoch).then(function(response) {
           return $scope.waiting = false;
         }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
           return $scope.waiting = false;
         });
         return $scope.showT = false;
       };
-      $scope.deleteTOTPKey = function() {
-        $scope.waiting = true;
-        $http['delete'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=TOTP").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        });
-        return $scope.showT = false;
-      };
-      $scope.addU2FKey = function() {
-        $scope.waiting = true;
-        $http['put'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=U2F").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        });
-        return $scope.showT = false;
-      };
-      $scope.addTOTPKey = function() {
-        $scope.waiting = true;
-        $http['put'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=TOTP").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        });
-        return $scope.showT = false;
-      };
-      $scope.verifyU2FKey = function() {
-        $scope.waiting = true;
-        $http['post'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=U2F").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        });
-        return $scope.showT = true;
-      };
-      $scope.verifyTOTPKey = function() {
-        $scope.waiting = true;
-        $http['post'](scriptname + "sfa/" + sessionType + "/" + $scope.currentSession.id + "?Key=TOTP").then(function(response) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        }, function(resp) {
-          $scope.currentSession = null;
-          $scope.currentScope.remove();
-          return $scope.waiting = false;
-        });
-        return $scope.showT = true;
-      };
       $scope.stoggle = function(scope) {
         var node;
         node = scope.$modelValue;
@@ -278,7 +171,7 @@
       $scope.displaySession = function(scope) {
         var sessionId, transformSession;
         transformSession = function(session) {
-          var _insert, _stToStr, attr, attrs, category, i, id, k, key, l, len, len1, len2, m, ref, ref1, res, subres, time, tmp, value;
+          var _insert, _stToStr, array, attr, attrs, category, epoch, i, id, k, key, len, len1, myDate, name, newDate, res, sfDevice, subres, time, title, value;
           _stToStr = function(s) {
             return s;
           };
@@ -330,12 +223,45 @@
             subres = [];
             for (i = 0, len = attrs.length; i < len; i++) {
               attr = attrs[i];
-              if (session[attr]) {
-                subres.push({
-                  title: attr,
-                  value: session[attr]
-                });
-                delete session[attr];
+              if (session[attr] && session[attr].match(/\w+/)) {
+                if (session[attr].match(/"type":\s*"(?:TOTP|U2F|UBK)"/)) {
+                  subres.push({
+                    title: "type",
+                    value: "name",
+                    sdate: "date"
+                  });
+                  array = JSON.parse(session[attr]);
+                  for (k = 0, len1 = array.length; k < len1; k++) {
+                    sfDevice = array[k];
+                    for (key in sfDevice) {
+                      value = sfDevice[key];
+                      if (key === 'type') {
+                        title = value;
+                      }
+                      if (key === 'name') {
+                        name = value;
+                      }
+                      if (key === 'epoch') {
+                        epoch = value;
+                        newDate = new Date(value * 1000);
+                        myDate = newDate.toLocaleString();
+                      }
+                    }
+                    subres.push({
+                      title: title,
+                      value: name,
+                      epoch: epoch,
+                      sdate: myDate
+                    });
+                  }
+                  delete session[attr];
+                } else {
+                  subres.push({
+                    title: attr,
+                    value: session[attr]
+                  });
+                  delete session[attr];
+                }
               }
             }
             if (subres.length > 0) {
@@ -345,62 +271,6 @@
               });
             }
           }
-          _insert('^openid', 'OpenID');
-          _insert('^notification_(.+)', '__notificationsDone__');
-          if (session._loginHistory) {
-            tmp = [];
-            if (session._loginHistory.successLogin) {
-              ref = session._loginHistory.successLogin;
-              for (k = 0, len1 = ref.length; k < len1; k++) {
-                l = ref[k];
-                tmp.push({
-                  t: l._utime,
-                  title: $scope.localeDate(l._utime),
-                  value: "Success (IP " + l.ipAddr + ")"
-                });
-              }
-            }
-            if (session._loginHistory.failedLogin) {
-              ref1 = session._loginHistory.failedLogin;
-              for (m = 0, len2 = ref1.length; m < len2; m++) {
-                l = ref1[m];
-                tmp.push({
-                  t: l._utime,
-                  title: $scope.localeDate(l._utime),
-                  value: l.error + " (IP " + l.ipAddr + ")"
-                });
-              }
-            }
-            delete session._loginHistory;
-            tmp.sort(function(a, b) {
-              return a.t - b.t;
-            });
-            res.push({
-              title: '__loginHistory__',
-              nodes: tmp
-            });
-          }
-          tmp = [];
-          for (key in session) {
-            value = session[key];
-            tmp.push({
-              title: key,
-              value: value
-            });
-          }
-          tmp.sort(function(a, b) {
-            if (a.title > b.title) {
-              return 1;
-            } else if (a.title < b.title) {
-              return -1;
-            } else {
-              return 0;
-            }
-          });
-          res.push({
-            title: '__attributesAndMacros__',
-            nodes: tmp
-          });
           return {
             _utime: time,
             id: id,
@@ -502,7 +372,7 @@
         } else {
           over = 0;
         }
-        return $http.get(scriptname + "sfa/" + sessionType + "?_session_uid=" + $scope.searchString + "*&groupBy=substr(_session_uid," + $scope.searchString.length + ")&U2FCheck=" + $scope.U2FCheck + "&TOTPCheck=" + $scope.TOTPCheck).then(function(response) {
+        return $http.get(scriptname + "sfa/" + sessionType + "?_session_uid=" + $scope.searchString + "*&groupBy=substr(_session_uid," + $scope.searchString.length + ")&U2FCheck=" + $scope.U2FCheck + "&TOTPCheck=" + $scope.TOTPCheck + "&UBKCheck=" + $scope.UBKCheck).then(function(response) {
           var data, i, len, n, ref;
           data = response.data;
           if (data.result) {
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js
index 247dd71cf..fccf5beff 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/2ndfa.min.js
@@ -1 +1 @@
-(function(){var c,d,f,g,h,a,e,i,b;b=function(j,k){$("#msg").html(window.translate(j));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+k);if(k==="positive"){k="success"}return $("#color").addClass("alert-"+k)};d=function(l,k,n){var m;console.log("Error",n);m=JSON.parse(l.responseText);if(m&&m.error){m=m.error.replace(/.* /,"");console.log("Returned error",m);return b(m,"warning")}};h=25;i={_whatToTrace:[function(k,j){return"groupBy=substr("+k+",1)"},function(k,j){return k+"="+j+"*&groupBy="+k},function(k,j){return k+"="+j}],_startTime:[function(k,j){return"groupBy=substr("+k+",8)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",10)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",11)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",12)"},function(k,j){return k+"="+j+"*&groupBy=_whatToTrace"},function(k,j,l){console.log(k);console.log(j);console.log(l);return l.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+j)}]};e={_whatToTrace:function(k,j,m,l){if(m===1){return k+"="+j+"*&groupBy=substr("+k+","+(m+l+1)+")"}else{return null}},ipAddr:function(k,j,m,l){if(m>0&&m<4){return k+"="+j+"*&groupBy=net("+k+","+(16*m+4*(l+1))+",2)"}else{return null}}};f="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};a={delU2FKey:[{title:"deleteU2FKey",icon:"trash"}],addU2FKey:[{title:"addU2FKey",icon:"plus"}],verifyU2FKey:[{title:"verifyU2FKey",icon:"check"}],delTOTPKey:[{title:"deleteTOTPKey",icon:"trash"}],addTOTPKey:[{title:"addTOTPKey",icon:"plus"}],verifyTOTPKey:[{title:"verifyTOTPKey",icon:"check"}],home:[]};g=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);g.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(r,j,k,l,o){var p,n,m,q;r.links=links;r.menulinks=menulinks;r.staticPrefix=staticPrefix;r.scriptname=scriptname;r.formPrefix=formPrefix;r.availableLanguages=availableLanguages;r.waiting=true;r.showM=false;r.showT=true;r.data=[];r.currentScope=null;r.currentSession=null;r.menu=a;r.searchString="";r.translateP=j.translateP;r.translate=j.translate;r.translateTitle=function(s){return j.translateField(s,"title")};q="global";r.menuClick=function(s){if(s.popup){window.open(s.popup)}else{if(!s.action){s.action=s.title}switch(typeof s.action){case"function":s.action(r.currentNode,r);break;case"string":r[s.action]();break;default:console.log(typeof s.action)}}return r.showM=false};r.search2FA=function(s){if(s){r.searchString=""}r.currentSession=null;r.data=[];return r.updateTree2("",r.data,0,0)};r.deleteU2FKey=function(){r.waiting=true;o["delete"](scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=U2F").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=false};r.deleteTOTPKey=function(){r.waiting=true;o["delete"](scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=TOTP").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=false};r.addU2FKey=function(){r.waiting=true;o.put(scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=U2F").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=false};r.addTOTPKey=function(){r.waiting=true;o.put(scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=TOTP").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=false};r.verifyU2FKey=function(){r.waiting=true;o.post(scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=U2F").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=true};r.verifyTOTPKey=function(){r.waiting=true;o.post(scriptname+"sfa/"+q+"/"+r.currentSession.id+"?Key=TOTP").then(function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false},function(s){r.currentSession=null;r.currentScope.remove();return r.waiting=false});return r.showT=true};r.stoggle=function(s){var t;t=s.$modelValue;if(t.nodes.length===0){r.updateTree(t.value,t.nodes,t.level,t.over,t.query,t.count)}return s.toggle()};r.displaySession=function(t){var u,s;s=function(v){var A,C,G,E,J,L,D,K,Q,I,M,z,y,H,w,B,P,O,x,N,F;C=function(R){return R};A=function(U,W){var S,T,R,V;R=[];T=new RegExp(U);for(S in v){V=v[S];if(S.match(T)&&V){R.push({title:S,value:V});delete v[S]}}if(R.length>0){return P.push({title:W,nodes:R})}};x=v._utime;D=v._session_id;for(Q in v){F=v[Q];if(!F){delete v[Q]}else{if(typeof v==="string"&&F.match(/; /)){v[Q]=F.split("; ")}if(typeof v[Q]!=="object"){if(f.match(new RegExp("\b"+Q+"\b"))){v[Q]="********"}else{if(Q.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){v[Q]=r.localeDate(F)}else{if(Q.match(/^(_startTime|_updateTime)$/)){v[Q]=C(F)}}}}}}P=[];for(J in c){E=c[J];O=[];for(L=0,M=E.length;L<M;L++){G=E[L];if(v[G]){O.push({title:G,value:v[G]});delete v[G]}}if(O.length>0){P.push({title:"__"+J+"__",nodes:O})}}A("^openid","OpenID");A("^notification_(.+)","__notificationsDone__");if(v._loginHistory){N=[];if(v._loginHistory.successLogin){w=v._loginHistory.successLogin;for(K=0,z=w.length;K<z;K++){I=w[K];N.push({t:I._utime,title:r.localeDate(I._utime),value:"Success (IP "+I.ipAddr+")"})}}if(v._loginHistory.failedLogin){B=v._loginHistory.failedLogin;for(H=0,y=B.length;H<y;H++){I=B[H];N.push({t:I._utime,title:r.localeDate(I._utime),value:I.error+" (IP "+I.ipAddr+")"})}}delete v._loginHistory;N.sort(function(S,R){return S.t-R.t});P.push({title:"__loginHistory__",nodes:N})}N=[];for(Q in v){F=v[Q];N.push({title:Q,value:F})}N.sort(function(S,R){if(S.title>R.title){return 1}else{if(S.title<R.title){return -1}else{return 0}}});P.push({title:"__attributesAndMacros__",nodes:N});return{_utime:x,id:D,nodes:P}};r.currentScope=t;u=t.$modelValue.session;o.get(scriptname+"sfa/"+q+"/"+u).then(function(v){return r.currentSession=s(v.data)});return r.showT=false};r.localeDate=function(t){var u;u=new Date(t*1000);return u.toLocaleString()};r.getLanguage=function(s){r.lang=s;r.form="white";r.init();return r.showM=false};m=function(t,s,u){var v;v=s.match(/#\/(\w+)/);q="global";if(v===null){r.type="_whatToTrace"}else{if(v[1].match(/^(persistent)$/)){q=RegExp.$1;r.type="_session_uid"}else{r.type=v[1]}}return r.init()};r.$on("$locationChangeSuccess",m);p=0;r.updateTree=function(A,u,s,x,z,w){var y,t,v;r.waiting=true;t=i[r.type]?i[r.type]:r.type==="_updateTime"?i._startTime:i._whatToTrace;y=t[s](r.type,A,z);if(w>h&&e[r.type]){if(v=e[r.type](r.type,A,s,x,z)){x++;y=v;s=s-1}else{x=0}}else{x=0}return o.get(scriptname+"sfa/"+q+"?"+y+"&U2FCheck="+r.U2FCheck+"&TOTPCheck="+r.TOTPCheck).then(function(C){var F,D,B,G,E;F=C.data;if(F.result){E=F.values;for(D=0,B=E.length;D<B;D++){G=E[D];p++;G.id="node"+p;if(s<t.length-1){G.nodes=[];G.level=s+1;G.query=y;G.over=x;if(r.type.match(/^(?:start|update)Time$/)){G.title=G.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}u.push(G)}if(A===""){r.total=F.total}}return r.waiting=false},function(B){return r.waiting=false})};r.updateTree2=function(A,u,s,x,z,w){var y,t,v;r.waiting=true;t=i[r.type]?i[r.type]:r.type==="_updateTime"?i._startTime:i._whatToTrace;y=t[s](r.type,A,z);if(w>h&&e[r.type]){if(v=e[r.type](r.type,A,s,x,z)){x++;y=v;s=s-1}else{x=0}}else{x=0}return o.get(scriptname+"sfa/"+q+"?_session_uid="+r.searchString+"*&groupBy=substr(_session_uid,"+r.searchString.length+")&U2FCheck="+r.U2FCheck+"&TOTPCheck="+r.TOTPCheck).then(function(C){var F,D,B,G,E;F=C.data;if(F.result){E=F.values;for(D=0,B=E.length;D<B;D++){G=E[D];p++;G.id="node"+p;if(s<t.length-1){G.nodes=[];G.level=s+1;G.query=y;G.over=x;if(r.type.match(/^(?:start|update)Time$/)){G.title=G.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}u.push(G)}if(A===""){r.total=F.total}}return r.waiting=false},function(B){return r.waiting=false})};r.init=function(){r.waiting=true;r.data=[];return l.all([j.init(r.lang),r.updateTree("",r.data,0,0)]).then(function(){return r.waiting=false},function(s){return r.waiting=false})};n=k.path().match(/^\/(\w+)/);return r.type=n?n[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,d,f,g,h,a,e,i,b;b=function(j,k){$("#msg").html(window.translate(j));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+k);if(k==="positive"){k="success"}return $("#color").addClass("alert-"+k)};d=function(l,k,n){var m;console.log("Error",n);m=JSON.parse(l.responseText);if(m&&m.error){m=m.error.replace(/.* /,"");console.log("Returned error",m);return b(m,"warning")}};h=25;i={_whatToTrace:[function(k,j){return"groupBy=substr("+k+",1)"},function(k,j){return k+"="+j+"*&groupBy="+k},function(k,j){return k+"="+j}],_startTime:[function(k,j){return"groupBy=substr("+k+",8)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",10)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",11)"},function(k,j){return k+"="+j+"*&groupBy=substr("+k+",12)"},function(k,j){return k+"="+j+"*&groupBy=_whatToTrace"},function(k,j,l){console.log(k);console.log(j);console.log(l);return l.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+j)}]};e={_whatToTrace:function(k,j,m,l){if(m===1){return k+"="+j+"*&groupBy=substr("+k+","+(m+l+1)+")"}else{return null}},ipAddr:function(k,j,m,l){if(m>0&&m<4){return k+"="+j+"*&groupBy=net("+k+","+(16*m+4*(l+1))+",2)"}else{return null}}};f="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],sfaTitle:["_2fDevices"]};a={home:[]};g=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);g.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(r,j,k,l,o){var p,n,m,q;r.links=links;r.menulinks=menulinks;r.staticPrefix=staticPrefix;r.scriptname=scriptname;r.formPrefix=formPrefix;r.availableLanguages=availableLanguages;r.waiting=true;r.showM=false;r.showT=true;r.data=[];r.currentScope=null;r.currentSession=null;r.menu=a;r.searchString="";r.translateP=j.translateP;r.translate=j.translate;r.translateTitle=function(s){return j.translateField(s,"title")};q="global";r.menuClick=function(s){if(s.popup){window.open(s.popup)}else{if(!s.action){s.action=s.title}switch(typeof s.action){case"function":s.action(r.currentNode,r);r[s.action]();break;case"string":r[s.action]();break;default:console.log(typeof s.action)}}return r.showM=false};r.search2FA=function(s){if(s){r.searchString=""}r.currentSession=null;r.data=[];return r.updateTree2("",r.data,0,0)};r.delete2FA=function(s,u){var t;t=angular.element("#data-"+u);t.remove();r.waiting=true;o["delete"](scriptname+"sfa/"+q+"/"+r.currentSession.id+"?type="+s+"&epoch="+u).then(function(v){return r.waiting=false},function(v){return r.waiting=false});return r.showT=false};r.stoggle=function(s){var t;t=s.$modelValue;if(t.nodes.length===0){r.updateTree(t.value,t.nodes,t.level,t.over,t.query,t.count)}return s.toggle()};r.displaySession=function(t){var u,s;s=function(v){var B,D,z,H,F,I,M,K,E,J,Q,L,A,w,R,y,P,C,N,x,O,G;D=function(S){return S};B=function(V,X){var T,U,S,W;S=[];U=new RegExp(V);for(T in v){W=v[T];if(T.match(U)&&W){S.push({title:T,value:W});delete v[T]}}if(S.length>0){return P.push({title:X,nodes:S})}};x=v._utime;E=v._session_id;for(Q in v){G=v[Q];if(!G){delete v[Q]}else{if(typeof v==="string"&&G.match(/; /)){v[Q]=G.split("; ")}if(typeof v[Q]!=="object"){if(f.match(new RegExp("\b"+Q+"\b"))){v[Q]="********"}else{if(Q.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){v[Q]=r.localeDate(G)}else{if(Q.match(/^(_startTime|_updateTime)$/)){v[Q]=D(G)}}}}}}P=[];for(I in c){F=c[I];N=[];for(K=0,L=F.length;K<L;K++){H=F[K];if(v[H]&&v[H].match(/\w+/)){if(v[H].match(/"type":\s*"(?:TOTP|U2F|UBK)"/)){N.push({title:"type",value:"name",sdate:"date"});z=JSON.parse(v[H]);for(J=0,A=z.length;J<A;J++){C=z[J];for(Q in C){G=C[Q];if(Q==="type"){O=G}if(Q==="name"){R=G}if(Q==="epoch"){M=G;y=new Date(G*1000);w=y.toLocaleString()}}N.push({title:O,value:R,epoch:M,sdate:w})}delete v[H]}else{N.push({title:H,value:v[H]});delete v[H]}}}if(N.length>0){P.push({title:"__"+I+"__",nodes:N})}}return{_utime:x,id:E,nodes:P}};r.currentScope=t;u=t.$modelValue.session;o.get(scriptname+"sfa/"+q+"/"+u).then(function(v){return r.currentSession=s(v.data)});return r.showT=false};r.localeDate=function(t){var u;u=new Date(t*1000);return u.toLocaleString()};r.getLanguage=function(s){r.lang=s;r.form="white";r.init();return r.showM=false};m=function(t,s,u){var v;v=s.match(/#\/(\w+)/);q="global";if(v===null){r.type="_whatToTrace"}else{if(v[1].match(/^(persistent)$/)){q=RegExp.$1;r.type="_session_uid"}else{r.type=v[1]}}return r.init()};r.$on("$locationChangeSuccess",m);p=0;r.updateTree=function(A,u,s,x,z,w){var y,t,v;r.waiting=true;t=i[r.type]?i[r.type]:r.type==="_updateTime"?i._startTime:i._whatToTrace;y=t[s](r.type,A,z);if(w>h&&e[r.type]){if(v=e[r.type](r.type,A,s,x,z)){x++;y=v;s=s-1}else{x=0}}else{x=0}return o.get(scriptname+"sfa/"+q+"?"+y+"&U2FCheck="+r.U2FCheck+"&TOTPCheck="+r.TOTPCheck).then(function(C){var F,D,B,G,E;F=C.data;if(F.result){E=F.values;for(D=0,B=E.length;D<B;D++){G=E[D];p++;G.id="node"+p;if(s<t.length-1){G.nodes=[];G.level=s+1;G.query=y;G.over=x;if(r.type.match(/^(?:start|update)Time$/)){G.title=G.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}u.push(G)}if(A===""){r.total=F.total}}return r.waiting=false},function(B){return r.waiting=false})};r.updateTree2=function(A,u,s,x,z,w){var y,t,v;r.waiting=true;t=i[r.type]?i[r.type]:r.type==="_updateTime"?i._startTime:i._whatToTrace;y=t[s](r.type,A,z);if(w>h&&e[r.type]){if(v=e[r.type](r.type,A,s,x,z)){x++;y=v;s=s-1}else{x=0}}else{x=0}return o.get(scriptname+"sfa/"+q+"?_session_uid="+r.searchString+"*&groupBy=substr(_session_uid,"+r.searchString.length+")&U2FCheck="+r.U2FCheck+"&TOTPCheck="+r.TOTPCheck+"&UBKCheck="+r.UBKCheck).then(function(C){var F,D,B,G,E;F=C.data;if(F.result){E=F.values;for(D=0,B=E.length;D<B;D++){G=E[D];p++;G.id="node"+p;if(s<t.length-1){G.nodes=[];G.level=s+1;G.query=y;G.over=x;if(r.type.match(/^(?:start|update)Time$/)){G.title=G.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}u.push(G)}if(A===""){r.total=F.total}}return r.waiting=false},function(B){return r.waiting=false})};r.init=function(){r.waiting=true;r.data=[];return l.all([j.init(r.lang),r.updateTree("",r.data,0,0)]).then(function(){return r.waiting=false},function(s){return r.waiting=false})};n=k.path().match(/^\/(\w+)/);return r.type=n?n[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
index ccc91c467..9485bdce4 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.js
@@ -94,7 +94,7 @@
   categories = {
     dateTitle: ['_utime', '_startTime', '_updateTime', '_lastAuthnUTime', '_lastSeen'],
     connectionTitle: ['ipAddr', '_timezone', '_url'],
-    authenticationTitle: ['_session_id', '_user', '_password', 'authenticationLevel'],
+    authenticationTitle: ['_session_id', '_user', '_password', 'authenticationLevel', '_2fDevices'],
     modulesTitle: ['_auth', '_userDB', '_passwordDB', '_issuerDB', '_authChoice', '_authMulti', '_userDBMulti'],
     saml: ['_idp', '_idpConfKey', '_samlToken', '_lassoSessionDump', '_lassoIdentityDump'],
     groups: ['groups', 'hGroups'],
diff --git a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
index 2d199aba4..20ea74448 100644
--- a/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
+++ b/lemonldap-ng-manager/site/htdocs/static/js/sessions.min.js
@@ -1 +1 @@
-(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteSession",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteSession=function(){p.waiting=true;return m["delete"](scriptname+"sessions/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false},function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false})};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
+(function(){var c,e,d,b,g,f,a;b=25;a={_whatToTrace:[function(i,h){return"groupBy=substr("+i+",1)"},function(i,h){return i+"="+h+"*&groupBy="+i},function(i,h){return i+"="+h}],ipAddr:[function(i,h){return"groupBy=net("+i+",16,1)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",32,2)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",48,3)"},function(i,h){if(!h.match(/:/)){h=h+"."}return i+"="+h+"*&groupBy=net("+i+",128,4)"},function(i,h){return i+"="+h+"&groupBy=_whatToTrace"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],_startTime:[function(i,h){return"groupBy=substr("+i+",8)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",10)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",11)"},function(i,h){return i+"="+h+"*&groupBy=substr("+i+",12)"},function(i,h){return i+"="+h+"*&groupBy=_whatToTrace"},function(i,h,j){console.log(i);console.log(h);console.log(j);return j.replace(/\&groupBy.*$/,"")+("&_whatToTrace="+h)}],doubleIp:[function(i,h){return i},function(i,h){return"_whatToTrace="+h+"&groupBy=ipAddr"},function(i,h,j){return j.replace(/\&groupBy.*$/,"")+("&ipAddr="+h)}]};f={_whatToTrace:function(i,h,k,j){if(k===1){return i+"="+h+"*&groupBy=substr("+i+","+(k+j+1)+")"}else{return null}},ipAddr:function(i,h,k,j){if(k>0&&k<4){return i+"="+h+"*&groupBy=net("+i+","+(16*k+4*(j+1))+",2)"}else{return null}}};e="_password";c={dateTitle:["_utime","_startTime","_updateTime","_lastAuthnUTime","_lastSeen"],connectionTitle:["ipAddr","_timezone","_url"],authenticationTitle:["_session_id","_user","_password","authenticationLevel","_2fDevices"],modulesTitle:["_auth","_userDB","_passwordDB","_issuerDB","_authChoice","_authMulti","_userDBMulti"],saml:["_idp","_idpConfKey","_samlToken","_lassoSessionDump","_lassoIdentityDump"],groups:["groups","hGroups"],ldap:["dn"],BrowserID:["_browserIdAnswer","_browserIdAnswerRaw"],OpenIDConnect:["_oidc_id_token","_oidc_OP","_oidc_access_token"]};g={session:[{title:"deleteSession",icon:"trash"}],home:[]};d=angular.module("llngSessionsExplorer",["ui.tree","ui.bootstrap","llApp"]);d.controller("SessionsExplorerCtrl",["$scope","$translator","$location","$q","$http",function(p,h,i,j,m){var n,l,k,o;p.links=links;p.menulinks=menulinks;p.staticPrefix=staticPrefix;p.scriptname=scriptname;p.formPrefix=formPrefix;p.availableLanguages=availableLanguages;p.waiting=true;p.showM=false;p.showT=true;p.data=[];p.currentScope=null;p.currentSession=null;p.menu=g;p.translateP=h.translateP;p.translate=h.translate;p.translateTitle=function(q){return h.translateField(q,"title")};o="global";p.menuClick=function(q){if(q.popup){window.open(q.popup)}else{if(!q.action){q.action=q.title}switch(typeof q.action){case"function":q.action(p.currentNode,p);break;case"string":p[q.action]();break;default:console.log(typeof q.action)}}return p.showM=false};p.deleteSession=function(){p.waiting=true;return m["delete"](scriptname+"sessions/"+o+"/"+p.currentSession.id).then(function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false},function(q){p.currentSession=null;p.currentScope.remove();return p.waiting=false})};p.stoggle=function(q){var r;r=q.$modelValue;if(r.nodes.length===0){p.updateTree(r.value,r.nodes,r.level,r.over,r.query,r.count)}return q.toggle()};p.displaySession=function(r){var s,q;q=function(t){var y,A,E,C,G,J,B,I,H,O,F,K,x,w,u,z,N,M,v,L,D;A=function(P){return P};y=function(S,U){var Q,R,P,T;P=[];R=new RegExp(S);for(Q in t){T=t[Q];if(Q.match(R)&&T){P.push({title:Q,value:T});delete t[Q]}}if(P.length>0){return N.push({title:U,nodes:P})}};v=t._utime;B=t._session_id;for(O in t){D=t[O];if(!D){delete t[O]}else{if(typeof t==="string"&&D.match(/; /)){t[O]=D.split("; ")}if(typeof t[O]!=="object"){if(e.match(new RegExp("\b"+O+"\b"))){t[O]="********"}else{if(O.match(/^(_utime|_lastAuthnUTime|_lastSeen|notification)$/)){t[O]=p.localeDate(D)}else{if(O.match(/^(_startTime|_updateTime)$/)){t[O]=A(D)}}}}}}N=[];for(G in c){C=c[G];M=[];for(J=0,K=C.length;J<K;J++){E=C[J];if(t[E]){M.push({title:E,value:t[E]});delete t[E]}}if(M.length>0){N.push({title:"__"+G+"__",nodes:M})}}y("^openid","OpenID");y("^notification_(.+)","__notificationsDone__");if(t._loginHistory){L=[];if(t._loginHistory.successLogin){u=t._loginHistory.successLogin;for(I=0,x=u.length;I<x;I++){F=u[I];L.push({t:F._utime,title:p.localeDate(F._utime),value:"Success (IP "+F.ipAddr+")"})}}if(t._loginHistory.failedLogin){z=t._loginHistory.failedLogin;for(H=0,w=z.length;H<w;H++){F=z[H];L.push({t:F._utime,title:p.localeDate(F._utime),value:F.error+" (IP "+F.ipAddr+")"})}}delete t._loginHistory;L.sort(function(Q,P){return Q.t-P.t});N.push({title:"__loginHistory__",nodes:L})}L=[];for(O in t){D=t[O];L.push({title:O,value:D})}L.sort(function(Q,P){if(Q.title>P.title){return 1}else{if(Q.title<P.title){return -1}else{return 0}}});N.push({title:"__attributesAndMacros__",nodes:L});return{_utime:v,id:B,nodes:N}};p.currentScope=r;s=r.$modelValue.session;m.get(scriptname+"sessions/"+o+"/"+s).then(function(t){return p.currentSession=q(t.data)});return p.showT=false};p.localeDate=function(q){var r;r=new Date(q*1000);return r.toLocaleString()};p.getLanguage=function(q){p.lang=q;p.form="white";p.init();return p.showM=false};k=function(r,q,s){var t;t=q.match(/#\/(\w+)/);o="global";if(t===null){p.type="_whatToTrace"}else{if(t[1].match(/^(persistent)$/)){o=RegExp.$1;p.type="_session_uid"}else{p.type=t[1]}}return p.init()};p.$on("$locationChangeSuccess",k);n=0;p.updateTree=function(y,s,q,v,x,u){var w,r,t;p.waiting=true;r=a[p.type]?a[p.type]:p.type==="_updateTime"?a._startTime:a._whatToTrace;w=r[q](p.type,y,x);if(u>b&&f[p.type]){if(t=f[p.type](p.type,y,q,v,x)){v++;w=t;q=q-1}else{v=0}}else{v=0}return m.get(scriptname+"sessions/"+o+"?"+w).then(function(A){var D,B,z,E,C;D=A.data;if(D.result){C=D.values;for(B=0,z=C.length;B<z;B++){E=C[B];n++;E.id="node"+n;if(q<r.length-1){E.nodes=[];E.level=q+1;E.query=w;E.over=v;if(p.type.match(/^(?:start|update)Time$/)){E.title=E.value.replace(/^(\d{8})(\d{2})(\d{2})$/,"$2:$3").replace(/^(\d{8})(\d{2})(\d)$/,"$2:$30").replace(/^(\d{8})(\d{2})$/,"$2h").replace(/^(\d{4})(\d{2})(\d{2})/,"$1-$2-$3")}}s.push(E)}if(y===""){p.total=D.total}}return p.waiting=false},function(z){return p.waiting=false})};p.init=function(){p.waiting=true;p.data=[];return j.all([h.init(p.lang),p.updateTree("",p.data,0,0)]).then(function(){return p.waiting=false},function(q){return p.waiting=false})};l=i.path().match(/^\/(\w+)/);return p.type=l?l[1]:"_whatToTrace"}])}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
index e0c2dc2e9..1411b61dd 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@@ -672,6 +672,7 @@
 "sessionStartedAt":"بدأت الجلسة",
 "sessionStorage":"تخزين الجلسات",
 "sessionTitle":"محتوى الجلسة",
+"sfaTitle":"Seconds Factors Authentication",
 "show":"عرض",
 "showHelp":"عرض المساعدة",
 "singleIP":"عنوان آي بي واحد لكل مستخدم",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
index 7da3947b2..831a98872 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@@ -664,7 +664,7 @@
 "security":"Security",
 "serverError":"Server error",
 "session":"session",
-"sessions":"Sessions",
+"sessions":"sessions",
 "session_s":"session(s)",
 "sessionDataToRemember":"Session data to store",
 "sessionDeleted":"The session was deleted",
@@ -672,6 +672,7 @@
 "sessionStartedAt":"Session started on",
 "sessionStorage":"Sessions Storage",
 "sessionTitle":"Session content",
+"sfaTitle":"Seconds Factors Authentication",
 "show":"Show",
 "showHelp":"Show help",
 "singleIP":"One IP only by user",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
index 8e3c2fbb4..855a2cd75 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@@ -664,7 +664,7 @@
 "security":"Sécurité",
 "serverError":"Erreur du serveur",
 "session":"session",
-"sessions":"Sessions",
+"sessions":"sessions",
 "session_s":"session(s)",
 "sessionDataToRemember":"Données de session à conserver",
 "sessionDeleted":"La session a été supprimée",
@@ -672,6 +672,7 @@
 "sessionStartedAt":"Session démarrée le ",
 "sessionStorage":"Stockage des sessions",
 "sessionTitle":"Contenu de la session",
+"sfaTitle":"Seconds Facteurs d'Authentification",
 "show":"Montrer",
 "showHelp":"Montrer l'aide",
 "singleIP":"Une seule session par couple utilisateur/IP",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
index 8f19bac19..2fc7dc15c 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@@ -672,6 +672,7 @@
 "sessionStartedAt":"La sessione è stata avviata",
 "sessionStorage":"Conservazione di sessioni",
 "sessionTitle":"Contenuto della sessione",
+"sfaTitle":"Seconds Factors Authentication",
 "show":"Mostra",
 "showHelp":"Mostra aiuto",
 "singleIP":"Solo un IP per utente",
diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
index cc25717e3..cb779d304 100644
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@@ -665,13 +665,14 @@
 "serverError":"Lỗi máy chủ",
 "session":"phiên",
 "sessions":"Phiên",
-"session_s":"session (s)",
+"session_s":"session(s)",
 "sessionDataToRemember":"Dữ liệu phiên để lưu trữ",
 "sessionDeleted":"Phiên đã bị xóa",
 "sessionParams":"Phiên",
 "sessionStartedAt":"Phiên bắt đầu lúc",
 "sessionStorage":"Sessions lưu trữ",
 "sessionTitle":"Nội dung phiên",
+"sfaTitle":"Seconds Factors Authentication",
 "show":"Hiển thị",
 "showHelp":"Hiển thị trợ giúp",
 "singleIP":"Chỉ một địa chỉ IP bởi người dùng",
diff --git a/lemonldap-ng-manager/site/templates/2ndfa.tpl b/lemonldap-ng-manager/site/templates/2ndfa.tpl
index 139369976..abbe73c79 100644
--- a/lemonldap-ng-manager/site/templates/2ndfa.tpl
+++ b/lemonldap-ng-manager/site/templates/2ndfa.tpl
@@ -16,9 +16,13 @@
             <form name="filterForm">
               <div class="form-check ">&nbsp;&nbsp;&nbsp;
                 <input type="checkbox" ng-model="U2FCheck" class="form-check-input"  ng-true-value="'2'" ng-false-value="'1'" ng-change="search2FA()"/>
-                <label class="form-check-label" for="U2FCheck">U2F</label>&nbsp;&nbsp;
+                <label class="form-check-label" for="U2FCheck">U2F</label>
+                &nbsp;&nbsp;
                 <input type="checkbox" ng-model="TOTPCheck" class="form-check-input" ng-true-value="'2'" ng-false-value="'1'" ng-change="search2FA()"/>
                 <label class="form-check-label" for="TOTPCheck">TOTP</label>
+                &nbsp;&nbsp;
+                <input type="checkbox" ng-model="UBKCheck" class="form-check-input" ng-true-value="'2'" ng-false-value="'1'" ng-change="search2FA()"/>
+                <label class="form-check-label" for="UBKCheck">UBK</label>
               </div>
             </form>
           </ul>
@@ -54,49 +58,7 @@
     </aside>
 
     <!-- Right(main) div -->
-    <div id="right" class="col-lg-8 col-md-8 col-sm-7 col-xs-12 scrollable" ng-class="{'hidden-xs':showT&&!showM}">
-      <!-- Menu buttons -->
-      
-      <div ng-if="currentSession && U2FCheck=='2' || currentSession && U2FCheck!='2' && TOTPCheck!='2'" class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
-
-        <div class="navbar-collapse" ng-class="{'collapse':!showM}" id="formmenu">
-          <ul ng-if="currentSession" class="nav navbar-nav">
-
-			<li ng-if="currentSession" ng-repeat="button in menu.delU2FKey" ng-include="'menubutton.html'"></li>
-			<li ng-if="currentSession" ng-repeat="button in menu.verifyU2FKey" ng-include="'menubutton.html'"></li>
-            <li ng-if="currentSession" ng-repeat="button in menu.addU2FKey" ng-include="'menubutton.html'"></li>
-            <li ng-if="currentSession===null" ng-repeat="button in menu.home" ng-include="'menubutton.html'"></li>
-            <li uib-dropdown class="visible-xs">
-              <a id="langmenu" name="menu" uib-dropdown-toggle data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Menu <span class="caret"></span></a>
-              <ul uib-dropdown-menu aria-labelled-by="langmenu" role="grid">
-                <li ng-repeat="link in links"><a href="{{link.target}}" role="row"><i ng-if="link.icon" class="glyphicon glyphicon-{{link.icon}}"></i> {{translate(link.title)}}</a></li>
-                <li ng-repeat="menulink in menulinks"><a href="{{menulink.target}}" role="row"><i ng-if="menulink.icon" class="glyphicon glyphicon-{{menulink.icon}}"></i> {{translate(menulink.title)}}</a></li>
-                <li ng-include="'languages.html'"></li>
-              </ul>
-            </li>
-          </ul>    
-        </div>
-      </div>
-      
-      <div ng-if="currentSession && TOTPCheck=='2'|| currentSession && U2FCheck!='2' && TOTPCheck!='2'" class="lmmenu navbar navbar-default" ng-class="{'hidden-xs':!showM}">
-        <div class="navbar-collapse" ng-class="{'collapse':!showM}" id="formmenu">
-          <ul ng-if="currentSession" class="nav navbar-nav">
-            <li ng-if="currentSession" ng-repeat="button in menu.delTOTPKey" ng-include="'menubutton.html'"></li>
-            <li ng-if="currentSession" ng-repeat="button in menu.verifyTOTPKey" ng-include="'menubutton.html'"></li>
-            <li ng-if="currentSession" ng-repeat="button in menu.addTOTPKey" ng-include="'menubutton.html'"></li>
-            <li ng-if="currentSession===null" ng-repeat="button in menu.home" ng-include="'menubutton.html'"></li>
-            <li uib-dropdown class="visible-xs">
-              <a id="langmenu" name="menu" uib-dropdown-toggle data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false">Menu <span class="caret"></span></a>
-              <ul uib-dropdown-menu aria-labelled-by="langmenu" role="grid">
-                <li ng-repeat="link in links"><a href="{{link.target}}" role="row"><i ng-if="link.icon" class="glyphicon glyphicon-{{link.icon}}"></i> {{translate(link.title)}}</a></li>
-                <li ng-repeat="menulink in menulinks"><a href="{{menulink.target}}" role="row"><i ng-if="menulink.icon" class="glyphicon glyphicon-{{menulink.icon}}"></i> {{translate(menulink.title)}}</a></li>
-                <li ng-include="'languages.html'"></li>
-              </ul>
-            </li>
-          </ul>
-        </div>
-      </div> 
-      
+    <div id="right" class="col-lg-8 col-md-8 col-sm-7 col-xs-12 scrollable" ng-class="{'hidden-xs':showT&&!showM}">    
       <div class="panel panel-default" ng-hide="currentSession===null">
         <div class="panel-heading">
           <h1 class="panel-title text-center">{{translate("sessionTitle")}} {{currentSession.id}}</h1>
@@ -123,10 +85,19 @@
         <tr ng-repeat="node in node.nodes" ng-include="'session_attr.html'"></tr>
       </table>
     </div>
-    <div ng-if="!node.nodes">
-      <th>{{translate(node.title)}}</th>
-      <td><tt>${{node.title}}</tt></td>
-      <td><span id="v-{{node.title}}">{{node.value}}</td>
+    <div ng-if="!node.nodes" id="data-{{node.epoch}}" ng-hide="isHidden">
+	      <th ng-if="node.title=='type'">{{translate(node.title)}}</th>
+	      <td ng-if="node.title!='type'">{{node.title}}</td>
+	      <th ng-if="node.title=='type'"><span id="v-{{node.value}}">{{translate(node.value)}}</span></th>
+	      <td ng-if="node.title!='type'"><span id="v-{{node.value}}">{{node.value}}</span></td>
+	      <th ng-if="node.title=='type'"><span id="v-{{node.sdate}}">{{translate(node.sdate)}}</span></th>
+	      <td ng-if="node.title!='type'" class="data-epoch"><span id="v-{{node.sdate}}">{{node.sdate}}</span></td>
+	      <td>
+			  <span ng-if="node.title=='TOTP' || node.title=='UBK' || node.title=='U2F'" class="link text-danger glyphicon glyphicon-minus-sign" ng-click="delete2FA(node.title, node.epoch)"></span>
+			  <!--
+			  <span ng-if="$last && ( node.title=='TOTP' || node.title=='UBK' || node.title=='U2F' )" class="link text-success glyphicon glyphicon-plus-sign" ng-click="menuClick({title:'newRule'})"></span>
+			  -->
+	      </td>
     </div>
   </script>
 
@@ -138,12 +109,14 @@
         </a>
         <span id="s-{{node.value}}" ng-click="stoggle(this)">{{node.title || node.value}} <span class="badge">{{node.count}}</span></span>
       </span>
+
       <span ng-if="node.session">
         <a class="btn btn-node btn-sm" ng-click="displaySession(this)">
           <span class="glyphicon glyphicon-eye-open"></span>
         </a>
         <span id="s-{{node.session}}" ng-click="displaySession(this)">{{localeDate(node.date)}}</span>
       </span>
+
     </div>
     <ol ui-tree-nodes="" ng-model="node.nodes" ng-class="{hidden: collapsed}">
       <li ng-repeat="node in node.nodes track by node.id" ui-tree-node ng-include="'nodes_renderer.html'" collapsed="true"></li>
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
index 6412cf404..ee215064a 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/Register/U2F.pm
@@ -162,14 +162,43 @@ sub run {
         elsif ( $err == 0 ) {
             return $self->p->sendError( $req, "noU2FKeyFound" );
         }
-        my $challenge = $req->datas->{crypter}->authenticationChallenge;
+
+        # Get a challenge (from first key)
+        my $data = eval {
+            from_json( $req->datas->{crypter}->[0]->authenticationChallenge );
+        };
+
+        if ($@) {
+            $self->logger->error( Crypt::U2F::Server::u2fclib_getError() );
+            return $self->p->sendError( $req, "U2F error: $error", 200 );
+        }
+
+        # Get registered keys
+        my @rk;
+        foreach ( @{ $req->datas->{crypter} } ) {
+            my $k = push @rk,
+              { keyHandle => $_->{keyHandle}, version => $data->{version} };
+
+            #{ keyHandle => $_->{keyHandle}, version => $challenge->{version} };
+
+        }
+
+        # Serialize datas
+        $data = to_json(
+            {
+                challenge      => $data->{challenge},
+                appId          => $data->{appId},
+                registeredKeys => \@rk
+            }
+        );
+
         return [
             200,
             [
                 'Content-Type'   => 'application/json',
-                'Content-Length' => length($challenge),
+                'Content-Length' => length($data),
             ],
-            [$challenge]
+            [$data]
         ];
     }
 
@@ -184,15 +213,35 @@ sub run {
         }
         my ( $err, $error ) = $self->loadUser($req);
         if ( $err == -1 ) {
-            return $self->p->sendError( $req, "U2F error: $error", 200 );
+            return $self->p->sendError( $req, "U2F loading error: $error", 500 );
         }
         elsif ( $err == 0 ) {
             return $self->p->sendError( $req, "noU2FKeyFound" );
         }
+
         $self->logger->debug("Get verify response $resp");
-        $req->datas->{crypter}->setChallenge($challenge);
-        my $res =
-          ( $req->datas->{crypter}->authenticationVerify($resp) ? 1 : 0 );
+        my $data = eval { JSON::from_json($resp) };
+        if ($@) {
+            $self->logger->error("U2F response error: $@");
+            return $self->p->sendError( $req, "U2FAnswerError" );
+        }
+        my $crypter;
+        foreach ( @{ $req->datas->{crypter} } ) {
+            $crypter = $_ if ( $_->{keyHandle} eq $data->{keyHandle} );
+        }
+        unless ($crypter) {
+            $self->userLogger->error("Unregistered U2F key");
+            return $self->p->sendError( $req, "U2FKeyUnregistered" );
+        }
+
+        if ( not $crypter->setChallenge($challenge) ) {
+            $self->logger->error(
+                $@ ? $@ : Crypt::U2F::Server::Simple::lastError() );
+
+            return $self->p->sendError( $req, "U2FServerError" );
+        }
+
+        my $res = ( $crypter->authenticationVerify($resp) ? 1 : 0 );
         return [
             200,
             [ 'Content-Type' => 'application/json', 'Content-Length' => 12, ],
@@ -216,7 +265,6 @@ sub run {
             [$challenge]
         ];
     }
-
     elsif ( $action eq 'delete' ) {
         my $epoch = $req->param('epoch');
 
@@ -266,14 +314,13 @@ sub run {
 sub loadUser {
     my ( $self, $req ) = @_;
     $self->logger->debug("Loading user U2F Devices ...");
-    my $uid     = $req->userData->{ $self->conf->{whatToTrace} };
-    my $session = $self->p->getPersistentSession($uid);
-
-    my $secret = '';
 
     # Read existing 2FDevices
     $self->logger->debug("Looking for 2F Devices ...");
-    my $_2fDevices;
+    my ( $kh, $uk, $_2fDevices );
+
+    my @u2fs = ();
+
     if ( $req->userData->{_2fDevices} ) {
         $_2fDevices = eval {
             from_json( $req->userData->{_2fDevices}, { allow_nonref => 1 } );
@@ -283,32 +330,56 @@ sub loadUser {
             return $self->p->sendError( $req, "Corrupted session", 500 );
         }
     }
-
     else {
         $self->logger->debug("No 2F Device found");
         $_2fDevices = [];
     }
 
     # Reading existing U2F keys
-    $self->logger->debug("Reading U2F keys if exists ...");
-    my @U2Fs = grep { $_->{type} =~ /U2F/s } @$_2fDevices;
-    my $kh   = $U2Fs[0]{_keyHandle};
-    my $uk   = $self->decode_base64url( $U2Fs[0]{_userKey} );
-    unless ( $kh and $uk ) {
-        $self->logger->debug("UTOP -> No U2F key found !!!");
+    foreach (@$_2fDevices) {
+        $self->logger->debug("Looking for registered U2F key(s) ...");
+        if ( $_->{type} eq 'U2F' ) {
+            unless ( $_->{_userKey} and $_->{_keyHandle} ) {
+                $self->logger->error(
+'Missing required U2F attributes in storage ($session->{_2fDevices})'
+                );
+                next;
+            }
+            $self->logger->debug( "Found U2F key -> _userKey = "
+                  . $_->{_userKey}
+                  . "/ _keyHandle = "
+                  . $_->{_keyHandle} );
+            $_->{_userKey} = $self->decode_base64url( $_->{_userKey} );
+            push @u2fs, $_;
+        }
+    }
+
+    # Manage multi u2f keys
+    my @crypters;
+    if (@u2fs) {
+        foreach (@u2fs) {
+            $kh = $_->{_keyHandle};
+            $uk = $_->{_userKey};
+            my $c = $self->crypter( keyHandle => $kh, publicKey => $uk );
+            if ($c) {
+				$self->logger->debug("kh & uk -> OK");
+                push @crypters, $c;
+            }
+            else {
+                $self->logger->error(
+                    'U2F error: ' . Crypt::U2F::Server::u2fclib_getError() );
+            }
+        }
+        unless (@crypters) {
+            return -1;
+        }
+        $req->datas->{crypter} = \@crypters;
+        return 1;
+    }
+    else {
+        $self->userLogger->info("U2F : user not registered");
         return 0;
     }
-    $self->logger->debug( "_userKey = " . $uk );
-
-    $req->datas->{crypter} = $self->crypter(
-        keyHandle => $kh,
-        publicKey => $uk
-    );
-    unless ( $req->datas->{crypter} ) {
-        my $error = Crypt::U2F::Server::Simple::lastError();
-        return ( -1, $error );
-    }
-    return 1;
 }
 
 1;
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
index fb23a64bb..bbed31a39 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/2F/U2F.pm
@@ -203,10 +203,12 @@ sub loadUser {
         }
         $self->logger->debug("2F Device(s) found");
 
+
+
         foreach (@$_2fDevices) {
             $self->logger->debug("Looking for registered U2F key(s) ...");
             if ( $_->{type} eq 'U2F' ) {
-                unless ( $_->{_userKey} and $_->{_userKey} ) {
+                unless ( $_->{_userKey} and $_->{_keyHandle} ) {
                     $self->logger->error(
 "Missing required U2F attributes in storage ($session->{_2fDevices})"
                     );
diff --git a/lemonldap-ng-portal/site/coffee/u2fregistration.coffee b/lemonldap-ng-portal/site/coffee/u2fregistration.coffee
index bd06d069c..250349911 100644
--- a/lemonldap-ng-portal/site/coffee/u2fregistration.coffee
+++ b/lemonldap-ng-portal/site/coffee/u2fregistration.coffee
@@ -67,12 +67,8 @@ verify = ->
 		error: displayError
 		success: (ch) ->
 			# 2 build response
-			request = [
-				keyHandle: ch.keyHandle
-				version: ch.version
-			]
 			setMsg 'touchU2fDevice', 'positive'
-			u2f.sign ch.appId, ch.challenge, request, (data) ->
+			u2f.sign ch.appId, ch.challenge, ch.registeredKeys, (data) ->
 				# Handle errors
 				if data.errorCode
 					setMsg 'unableToGetKey', 'warning'
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
index a7cc2b47e..3b610101d 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.js
@@ -1,4 +1,4 @@
-// Generated by CoffeeScript 1.9.3
+// Generated by CoffeeScript 1.10.0
 
 /*
 LemonLDAP::NG U2F registration script
@@ -82,15 +82,8 @@ LemonLDAP::NG U2F registration script
       dataType: 'json',
       error: displayError,
       success: function(ch) {
-        var request;
-        request = [
-          {
-            keyHandle: ch.keyHandle,
-            version: ch.version
-          }
-        ];
         setMsg('touchU2fDevice', 'positive');
-        return u2f.sign(ch.appId, ch.challenge, request, function(data) {
+        return u2f.sign(ch.appId, ch.challenge, ch.registeredKeys, function(data) {
           if (data.errorCode) {
             return setMsg('unableToGetKey', 'warning');
           } else {
diff --git a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
index 37f09fc29..bcf332e57 100644
--- a/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
+++ b/lemonldap-ng-portal/site/htdocs/static/common/js/u2fregistration.min.js
@@ -1 +1 @@
-(function(){var a,b,c,d;c=function(e,f){$("#msg").html(window.translate(e));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+f);if(f==="positive"){f="success"}return $("#color").addClass("alert-"+f)};a=function(f,e,h){var g;console.log("Error",h);g=JSON.parse(f.responseText);if(g&&g.error){g=g.error.replace(/.* /,"");console.log("Returned error",g);return c(g,"warning")}};b=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:a,success:function(e){var f;f=[{challenge:e.challenge,version:e.version}];c("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(e.appId,f,[],function(g){$("#u2fPermission").hide();if(g.errorCode){return c(g.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(g),challenge:JSON.stringify(e),keyName:$("#keyName").val()},dataType:"json",success:function(h){if(h.error){return c("u2fFailed","warning")}else{if(h.result){return c("yourKeyIsRegistered","positive")}}},error:a})}})}})};d=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:a,success:function(e){var f;f=[{keyHandle:e.keyHandle,version:e.version}];c("touchU2fDevice","positive");return u2f.sign(e.appId,e.challenge,f,function(g){if(g.errorCode){return c("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(g),challenge:e.challenge},dataType:"json",success:function(h){if(h.error){return c("u2fFailed","warning")}else{if(h.result){return c("yourKeyIsVerified","positive")}}},error:function(i,h,k){return console.log("error",k)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",b);$("#verify").on("click",d);return $("#goback").attr("href",portal)})}).call(this);
\ No newline at end of file
+(function(){var a,b,c,d;c=function(e,f){$("#msg").html(window.translate(e));$("#color").removeClass("message-positive message-warning alert-success alert-warning");$("#color").addClass("message-"+f);if(f==="positive"){f="success"}return $("#color").addClass("alert-"+f)};a=function(f,e,h){var g;console.log("Error",h);g=JSON.parse(f.responseText);if(g&&g.error){g=g.error.replace(/.* /,"");console.log("Returned error",g);return c(g,"warning")}};b=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/register",data:{},dataType:"json",error:a,success:function(e){var f;f=[{challenge:e.challenge,version:e.version}];c("touchU2fDevice","positive");$("#u2fPermission").show();return u2f.register(e.appId,f,[],function(g){$("#u2fPermission").hide();if(g.errorCode){return c(g.error,"warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/registration",data:{registration:JSON.stringify(g),challenge:JSON.stringify(e),keyName:$("#keyName").val()},dataType:"json",success:function(h){if(h.error){return c("u2fFailed","warning")}else{if(h.result){return c("yourKeyIsRegistered","positive")}}},error:a})}})}})};d=function(){return $.ajax({type:"POST",url:portal+"2fregisters/u/verify",data:{},dataType:"json",error:a,success:function(e){c("touchU2fDevice","positive");return u2f.sign(e.appId,e.challenge,e.registeredKeys,function(f){if(f.errorCode){return c("unableToGetKey","warning")}else{return $.ajax({type:"POST",url:portal+"2fregisters/u/signature",data:{signature:JSON.stringify(f),challenge:e.challenge},dataType:"json",success:function(g){if(g.error){return c("u2fFailed","warning")}else{if(g.result){return c("yourKeyIsVerified","positive")}}},error:function(h,g,i){return console.log("error",i)}})}})}})};$(document).ready(function(){$("#u2fPermission").hide();$("#register").on("click",b);$("#verify").on("click",d);return $("#goback").attr("href",portal)})}).call(this);
\ No newline at end of file
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/2fchoice.tpl b/lemonldap-ng-portal/site/templates/bootstrap/2fchoice.tpl
index 641adf0e3..b79104c61 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/2fchoice.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/2fchoice.tpl
@@ -15,7 +15,7 @@
     </form>
   </div>
 </div>
-
+<br>
 <div class="buttons">
   <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
     <span class="glyphicon glyphicon-home"></span>&nbsp;
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/2fregisters.tpl b/lemonldap-ng-portal/site/templates/bootstrap/2fregisters.tpl
index aeea0e421..6fa009088 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/2fregisters.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/2fregisters.tpl
@@ -28,8 +28,8 @@
       </tbody>
     </table>
     </div>
-    <br>
   </TMPL_IF>
+  <br>
   <div class="buttons"> 
     <TMPL_LOOP NAME="MODULES">
 	  &nbsp;&nbsp;
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl b/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
index 8096d8bc8..56d882623 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/ext2fcheck.tpl
@@ -20,9 +20,14 @@
       <span trspan="connect">Connect</span>
     </button>
   </div>
-
+  <br/>
+  <div class="buttons">
+  <a href="<TMPL_VAR NAME="PORTAL_URL">" class="btn btn-primary" role="button">
+    <span class="glyphicon glyphicon-home"></span>&nbsp;
+    <span trspan="goToPortal">Go to portal</span>
+  </a>
+  </div>
 </div>
-
 </main>
 
 <TMPL_INCLUDE NAME="footer.tpl">
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/totp2fregister.tpl b/lemonldap-ng-portal/site/templates/bootstrap/totp2fregister.tpl
index 5fd4d79d6..7a6f56848 100644
--- a/lemonldap-ng-portal/site/templates/bootstrap/totp2fregister.tpl
+++ b/lemonldap-ng-portal/site/templates/bootstrap/totp2fregister.tpl
@@ -49,6 +49,6 @@
   <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/totpregistration.min.js"></script>
 //else -->
   <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">bwr/qrious/dist/qrious.js"></script>
-  <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">/common/js/totpregistration.js"></script>
+  <script type="text/javascript" src="<TMPL_VAR NAME="STATIC_PREFIX">common/js/totpregistration.js"></script>
 <!-- //endif -->
 <TMPL_INCLUDE NAME="footer.tpl">