shibboleth-dev - Re: [Shib-Dev] [PATCH] Multi-factor authentication
Subject: Shibboleth Developers
List archive
- From: Etienne Dysli <>
- To:
- Subject: Re: [Shib-Dev] [PATCH] Multi-factor authentication
- Date: Thu, 14 Apr 2011 16:55:38 +0200
On 27/01/11 20:55, Fredrik Thulin wrote:
> What say you? All feedback welcome! Testers and collaborators even more so.
Hi Fredrik,
I've tried your module and it's nice. :) Here are some technical remarks.
> handler.xml :
> <!-- Multi factor authentication login handler -->
> <ph:LoginHandler xsi:type="ph:MultiFactorAuth"
Your patch says "ph:MultiFactor" but the right type is the one here
"ph:MultiFactorAuth".
> jaasConfigurationLocation="file:///local/shibboleth/idp/conf/login.config">
Again your patch gives a different file name ("mf-login.config"). In my
experience, this didn't work: the standard UsernamePassword LoginHandler
would load it too (why?) and try to validate an OTP without having one
(only 2 fields in the login form). I've worked around this by changing
the jaasConfigName so that UsernamePassword and MultiFactorAuth don't
use the same and having only one config file. Thus I have in login.config:
ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
...
};
ShibMultiFactorAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
...
com.yubico.jaas.YubikeyLoginModule required
...
};
> /* second factor */
> com.yubico.jaas.YubikeyLoginModule required
> clientId="4711";
Am I supposed to use this clientId? (it works, but...) If not, how can I
get one?
Regards,
Etienne
Attachment:
signature.asc
Description: OpenPGP digital signature
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/14/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Fredrik Thulin, 04/14/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/15/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Fredrik Thulin, 04/15/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Brent Putman, 04/15/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/18/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Brent Putman, 04/18/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/18/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Brent Putman, 04/18/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/18/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/15/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Fredrik Thulin, 04/14/2011
Archive powered by MHonArc 2.6.16.