Qr code login

57 views
Skip to first unread message

Stefano Gargiulo

unread,
Mar 6, 2011, 9:25:28 AM3/6/11
to simple...@googlegroups.com

Hi,

In some slides around web i saw a screenshot showing the future benefits that switching to sso login (the upgrades possible at idp side) can apport to all federated apps.

One of this was the qr code login method:
Idp will just show a qr code image (a random seed) instead of the login form and user can take a shot his smartphone and, with an apps that organizaton can distribute, an app that embeds a secret Key (e.g his x.509 cert), he is able to obtain a session sending back an hashed token to the idp.

Now i ask you. Someone is working on this? (I will start to implement my own solution if not)

I like it because is a stronger login system that SMS one (more enterprises use it, and for istance italian law say that a strong login system is a login that can be completed only with a key that is physically owned by the user, and this includes cellphone ) and in addiction it is: Free,  easy to use and cool!

I think that this Will require memcached on SS IDP to share sessions. But do you think that can be implemented in 1.7? Or i should wait 2.0 with new session management code?

Best regards,
Stefano

Stefano Gargiulo

unread,
Mar 6, 2011, 9:27:48 AM3/6/11
to simple...@googlegroups.com

(Sorry for the typos but i'm writing via my android :)

Klaas Wierenga

unread,
Mar 6, 2011, 10:48:51 AM3/6/11
to simple...@googlegroups.com
Stefano,

SURFnet is working on this, check out the second half of the slides at:


Klaas

Sent from my iPad
--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To post to this group, send email to simple...@googlegroups.com.
To unsubscribe from this group, send email to simplesamlph...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/simplesamlphp?hl=en.

Niels van Dijk

unread,
Mar 6, 2011, 4:21:06 PM3/6/11
to simple...@googlegroups.com
Hi,

See here for more info and a demo:
<http://www.egeniq.com/projects/mobile-authentication/>

Cheers,
Niels

Ivo Jansch

unread,
Mar 8, 2011, 11:47:46 AM3/8/11
to simple...@googlegroups.com
Hi,

the video doesn't mention this detail, but we are actually using SimpleSamlPHP in this demo, so yes, this is definitely possible. Contact me if you want more details.

Greetings,
Ivo
--
Ivo Jansch
Egeniq
CEO / Co-founder

Stefano Gargiulo

unread,
Mar 9, 2011, 3:57:43 AM3/9/11
to i...@egeniq.com, simple...@googlegroups.com

Fantastic! 

If it will be released opensource as i read I will very happy to deploy it at GARR (italian NREN) where we just deployed  GarrSSO an IdP/federation bridge we deployed for a cloud of services we offer to the research community (from e-learning to network security scans) let me know if i can be an early tester.


PS.

Did you used some ajax push server like APE  or another long poll/cometd stuff to implement the callback? from the demo video i see that login at IdP is immediate after the phone reply to the challenge.


Best regards,

Stefano.

Il giorno 08/mar/2011 17:47, "Ivo Jansch" <i...@egeniq.com> ha scritto:

Hi,

the video doesn't mention this detail, but we are actually using SimpleSamlPHP in this demo, so yes, this is definitely possible. Contact me if you want more details.

Greetings,
Ivo



On Mar 6, 2011, at 10:21 PM, Niels van Dijk wrote:

> Hi,
>
> See here for more info and a demo:

>...

--
Ivo Jansch
Egeniq
CEO / Co-founder

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group....

Ivo Jansch

unread,
Mar 15, 2011, 5:00:26 AM3/15/11
to Stefano Gargiulo, simple...@googlegroups.com
Hi,

no we're using a simple ajax request polling mechanism. For high traffic needs this can always be replaced with something more efficient, but for most idps this is probably already sufficient.

Greetings,
Ivo
Reply all
Reply to author
Forward
0 new messages