OTP MFA
143 views
Skip to first unread message
Nouman Fallouh
May 23, 2016, 4:01:24 AM5/23/16
to cas-...@apereo.org
Hi
I'm reading in here: http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html
the following lines:
The kinds of required credentials are specified by naming the authentication handlers that accept them, for example,ldapHandlerand. Thus a service could be registered that imposes security constraints like the following:oneTimePasswordHandler
Only permit users with SSO sessions created from both a username/password and OTP token to access this service.
H
ow can I find such
oneTimePasswordHandler handler? or it's a one I should invent?
Is there any guided steps of how I can apply such scenario?
Regards,
Nouman Fallouh
May 25, 2016, 4:17:43 AM5/25/16
to Jonathan Bell, cas-...@apereo.org
Thanks Jonathan,
I've already worked around it by extending the UsernamePasswordCredential and a related database authentication handler.
Honestly, I'm looking for a solution using the CAS abilities without external modules and with minimum core modifications.
Regards,
On Mon, May 23, 2016 at 8:46 PM, Jonathan Bell <jb...@urqui.com> wrote:
Hi Nouman,
We here at URQUi have adapted our OTP software for CAS. Information and software can be found here: https://github.com/urqui/cas
Feel free to contact me if you have any questions about CAS/OTP and URQUi.
cheers
Jonathan.
web: http://urqui.com/
--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
Nouman Fallouh
May 30, 2016, 6:18:53 AM5/30/16
to cas-...@apereo.org, mmoa...@unicon.net
Hi,
Where can I find a guided steps of using the `RequiredHandlerAuthenticationPolicy`, where as I read in the documentation that:
This policy could be used to support a multi-factor authentication situation, for example, where username/password authentication is required but an additional OTP is optional.
Or at least what are the CAS components I should use, work on or modify?
Regards,
Misagh Moayyed
May 31, 2016, 8:43:40 AM5/31/16
to cas-...@apereo.org
What is it that you’re trying to do?
Nouman Fallouh
Jun 1, 2016, 3:11:57 AM6/1/16
to Misagh Moayyed, cas-...@apereo.org
Briefly, I want authentication system supports (username, password and optional otp), all these data are stored and managed in a database.
According to previous discussion here - since it was Jasig CAS, v3.5.x and v4.0.x - the solution was to customize a new credentials which supports OTP and then re-build all needed classes and components around it.
With new version, I would like a general guidelines about the best way for doing this with, is it by:
- as I did before, a custom authentication by extending one of the database handlers,
- using two handlers, database and custom OTP supports the new `OneTimePasswordCredential` class, with suitable policy,
- using two steps authentication, in the default login view: authenticates the username and password, if okay it presents custom view: authenticated the OTP if it's required.
- or any other way you would prefer.
Thanks in advance,
Regards,
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net.
Dmitriy Kopylenko
Jun 1, 2016, 6:25:20 AM6/1/16
to Nouman Fallouh, Misagh Moayyed, cas-...@apereo.org
I'm afraid that v4 of CAS does not natively support multi phased authentication transactions for several different authentication factors. Upcoming v5 does.
Best,
D.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com.
Dmitriy Kopylenko
Jun 1, 2016, 6:37:54 AM6/1/16
to Nouman Fallouh, Misagh Moayyed, cas-...@apereo.org
The following guide is for v5 which is not yet released: http://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication.html
D.
On Wed, Jun 1, 2016 at 06:25, Dmitriy Kopylenko <dkopy...@unicon.net> wrote:
I'm afraid that v4 of CAS does not natively support multi phased authentication transactions for several different authentication factors. Upcoming v5 does.Best,
D.
On Wed, Jun 1, 2016 at 03:11, Nouman Fallouh <noum...@gmail.com> wrote:
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com.
Nick Owen
Jun 1, 2016, 11:11:38 AM6/1/16
to Dmitriy Kopylenko, Nouman Fallouh, Misagh Moayyed, cas-...@apereo.org
Here's our doc on adding WiKID 2FA to CAS via radius:
https://www.wikidsystems.com/support/how-to/configuring-cas-on-ubuntu-for-two-factor-and-mutual-htttps-authentication-with-wikid/.
It includes validating the SSL cert of the CAS server for the user.
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464777467523-c4f2a988-6bf64042-bfe63ece%40unicon.net.
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
https://www.wikidsystems.com/support/how-to/configuring-cas-on-ubuntu-for-two-factor-and-mutual-htttps-authentication-with-wikid/.
It includes validating the SSL cert of the CAS server for the user.
--
Nick Owen
WiKID Systems, Inc.
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication
Nouman Fallouh
Jun 7, 2016, 3:27:52 AM6/7/16
to Nick Owen, Dmitriy Kopylenko, Misagh Moayyed, cas-...@apereo.org
Thanks Nick,
I'm in different case of yours, will continue customizing the authentication handler and it's components.
Regards,
Reply all
Reply to author
Forward
0 new messages