email addresses as usernames ?
32 views
Skip to first unread message
Rick Romero
Jan 9, 2015, 5:09:49 PM1/9/15
to priva...@googlegroups.com
Due to the realms being defined with @realm, is it possible to use an email address for the username?
Secondly, is it possible to have BOTH an email address with a realm?
So for example, I'd like to roll out 2FA to email users. I envision multiple possible realms: @webmail, @controlpanel, @imap, @pop, @smtp - a username could be havo...@gmail.com@imap. How would that work?
I'm just about to roll out privacyIDEA to VPN users (not email addresses) via Radius, and I really like it. Just wondering how I could apply it if my usernames are full email addresses...
Thanks,
Rick
Cornelius Kölbel
Jan 9, 2015, 5:49:51 PM1/9/15
to priva...@googlegroups.com
Hello Rick,
I always thought that it should work.
But I just realized, that there is a minor bug in the code, which does split
havo...@gmail.com@imap
into havokmon, gmail.com, imap and not
havo...@gmail.com, imap
Hm. Bad.
On which system are you running privacyidea?
I might release a patch...
Anyway, You could decide to not use the @ sign for realm splitting (if this is an option for for you)
Kind regards
Cornelius
I always thought that it should work.
But I just realized, that there is a minor bug in the code, which does split
havo...@gmail.com@imap
into havokmon, gmail.com, imap and not
havo...@gmail.com, imap
Hm. Bad.
On which system are you running privacyidea?
I might release a patch...
Anyway, You could decide to not use the @ sign for realm splitting (if this is an option for for you)
Kind regards
Cornelius
--
You received this message because you are subscribed to the Google Groups "privacyidea" group.
To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea...@googlegroups.com.
To post to this group, send email to priva...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/ee94c202-85c3-4836-a261-f0edbde116cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
-- Cornelius Kölbel corneliu...@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel
Rick Romero
Jan 12, 2015, 1:58:27 PM1/12/15
to priva...@googlegroups.com
Ok - For the email address usernames, I haven't even installed it yet. That's a whole other network from what I've already deployed.
I've already thought about maybe switching up the @ for % prior to sending auth request to privacyidea. The backend SQL does have to combine uid and domain anyways, but before I started I was just wondering what approach I should start with. The only problem with using % is using privacyidea's self-service, user's won't expect to use a % instead of @. But even so, I'm not sure I want to have users auth a 2nd time from the control panel, and I might just manage it all via HTTP requests....
Can the realm delimited be something other than @?
Still a lot to consider on this end... I'm not a python guy, I tried modifying a template and it didn't take, so any customizations to privacyIDEA would also be an uphill climb.
Thanks!
Rick
I've already thought about maybe switching up the @ for % prior to sending auth request to privacyidea. The backend SQL does have to combine uid and domain anyways, but before I started I was just wondering what approach I should start with. The only problem with using % is using privacyidea's self-service, user's won't expect to use a % instead of @. But even so, I'm not sure I want to have users auth a 2nd time from the control panel, and I might just manage it all via HTTP requests....
Can the realm delimited be something other than @?
Still a lot to consider on this end... I'm not a python guy, I tried modifying a template and it didn't take, so any customizations to privacyIDEA would also be an uphill climb.
Thanks!
Rick
Cornelius Kölbel
Jan 12, 2015, 3:06:04 PM1/12/15
to priva...@googlegroups.com
Hi Rick,
the @-sign can not be changed at the moment.
At the moment I am migrating privacyidea to another backend framework and another Web UI. So there is room for improvements and input.
But will still take a few month for productive use. I plan to release the draft of 2.0, which can be looked at to get an impression...
I just committed a patch (easy) that will allow to login like this to the master branch
https://github.com/privacyidea/privacyidea/commit/e2067e999e800c999d33be4b387ff798f046f81a
If you are ready I can pack a version 1.5.1.
Which templates do you need to change?
The templates do not have much python. They are in fact html with the mako templating language.
Kind regards
Cornelius
the @-sign can not be changed at the moment.
At the moment I am migrating privacyidea to another backend framework and another Web UI. So there is room for improvements and input.
But will still take a few month for productive use. I plan to release the draft of 2.0, which can be looked at to get an impression...
I just committed a patch (easy) that will allow to login like this to the master branch
https://github.com/privacyidea/privacyidea/commit/e2067e999e800c999d33be4b387ff798f046f81a
If you are ready I can pack a version 1.5.1.
Which templates do you need to change?
The templates do not have much python. They are in fact html with the mako templating language.
Kind regards
Cornelius
To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/0002fd08-fd9c-42dc-940f-b58bdff48892%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Rick Romero
Jan 12, 2015, 3:32:38 PM1/12/15
to priva...@googlegroups.com
Awesome. I don't need it yet, so don't worry about spending any more time on it. If 1.51 isn't released, I'll take a look at the build process before asking you.
I don't need any templates changed, I just made a title change it see if it would take - I really didn't spend any time on it.
I still have to figure out the best way to integrate it into my site before the '@' even comes into play.
Thanks for your time!
Rick
I don't need any templates changed, I just made a title change it see if it would take - I really didn't spend any time on it.
I still have to figure out the best way to integrate it into my site before the '@' even comes into play.
Thanks for your time!
Rick
Reply all
Reply to author
Forward
0 new messages