Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] [PATCH] Multi-factor authentication

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [PATCH] Multi-factor authentication


Chronological Thread 
  • From: Etienne Dysli <>
  • To:
  • Subject: Re: [Shib-Dev] [PATCH] Multi-factor authentication
  • Date: Thu, 14 Apr 2011 16:55:38 +0200

On 27/01/11 20:55, Fredrik Thulin wrote:
> What say you? All feedback welcome! Testers and collaborators even more so.

Hi Fredrik,

I've tried your module and it's nice. :) Here are some technical remarks.

> handler.xml :
> <!-- Multi factor authentication login handler -->
> <ph:LoginHandler xsi:type="ph:MultiFactorAuth"

Your patch says "ph:MultiFactor" but the right type is the one here
"ph:MultiFactorAuth".

> jaasConfigurationLocation="file:///local/shibboleth/idp/conf/login.config">

Again your patch gives a different file name ("mf-login.config"). In my
experience, this didn't work: the standard UsernamePassword LoginHandler
would load it too (why?) and try to validate an OTP without having one
(only 2 fields in the login form). I've worked around this by changing
the jaasConfigName so that UsernamePassword and MultiFactorAuth don't
use the same and having only one config file. Thus I have in login.config:

ShibUserPassAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
...
};

ShibMultiFactorAuth {
edu.vt.middleware.ldap.jaas.LdapLoginModule required
...

com.yubico.jaas.YubikeyLoginModule required
...
};

> /* second factor */
> com.yubico.jaas.YubikeyLoginModule required
> clientId="4711";

Am I supposed to use this clientId? (it works, but...) If not, how can I
get one?

Regards,
Etienne

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.16.

Top of Page