Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Shib WG Topics

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Shib WG Topics


Chronological Thread 
  • From: Tom Scavo <>
  • To:
  • Cc: Christopher Bongaarts <>, Chad La Joie <>
  • Subject: Re: [Shib-Dev] Shib WG Topics
  • Date: Mon, 4 Apr 2011 14:28:45 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=DZ1ojogyxgDa3NOxatkseeo3pDMNJCH5NgINeuB0Dd31rrROTzZtwzvc1ST7ka2lAX mxAvFPgfBrOhxxDVesNUBXNQJ4flJn1QHTfg6AThcR+07RlFyVs9AeyDzQhKQ9GrtMF4 cCG7DKr9iMrG6gWZ4MlovgRKmBUx9/82zP94o=
On Mon, Apr 4, 2011 at 1:10 PM, Christopher Bongaarts
<>
wrote:
> Tom Scavo wrote:
>
>> Since mod_authn_otp supports many token types (http://bit.ly/gTc5re),
>> various soft tokens should work as well, including the Google
>> Authenticator (http://bit.ly/9bP3Zb). This suggests it might be
>> possible to add 2-factor SAML-based authentication to Google Apps.
>
> Google doesn't care what authentication method you use

Sorry, I meant to imply that there are some interesting client-side
apps that could leverage this type of OTP, including the Google
Authenticator and the app from Egeniq referenced earlier in the
thread.

> If one had an IdP that *only* did 2-factor, Google would happily accept
> that.  Nothing's stopping you from doing that today (perhaps with
> mod_authn_otp + the RemoteUser LoginHandler).

As I understand it, that's precisely how Fredrik's handler works.

Tom

Archive powered by MHonArc 2.6.16.

Top of Page