Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics


Chronological Thread 
  • From: Christopher Bongaarts <>
  • To:
  • Cc: Chad La Joie <>
  • Subject: Re: [Shib-Dev] Shib WG Topics
  • Date: Mon, 04 Apr 2011 12:10:52 -0500
  • Organization: University of Minnesota

Tom Scavo wrote:

Since mod_authn_otp supports many token types (http://bit.ly/gTc5re),
various soft tokens should work as well, including the Google
Authenticator (http://bit.ly/9bP3Zb). This suggests it might be
possible to add 2-factor SAML-based authentication to Google Apps.

Google doesn't care what authentication method you use, so if you have an IdP like ours that returns different AuthnContextClassRefs depending on whether 2-factor was used, people can use 2-factor (as I did when logging in this morning) but we cannot force its use. Ideally, there would be some mechanism to, on a per-user or group basis, require a particular AuthnContext on the Google side. I'm not going to hold my breath.

If one had an IdP that *only* did 2-factor, Google would happily accept that. Nothing's stopping you from doing that today (perhaps with mod_authn_otp + the RemoteUser LoginHandler).

--
%% Christopher A. Bongaarts %%

%%
%% OIT - Identity Management %% http://umn.edu/~cab %%
%% University of Minnesota %% +1 (612) 625-1809 %%



Archive powered by MHonArc 2.6.16.

Top of Page