Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] [PATCH] Multi-factor authentication

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [PATCH] Multi-factor authentication


Chronological Thread 
  • From: Etienne Dysli <>
  • To:
  • Subject: Re: [Shib-Dev] [PATCH] Multi-factor authentication
  • Date: Fri, 15 Apr 2011 11:21:45 +0200

On 14/04/11 19:40, Fredrik Thulin wrote:
> Sorry, I can't find this anywhere in my current sources which gets me
> a bit worried - have you actually tried the first version that was a
> patch to the IdP? The thread you replied in kind of indicates that.

Yes, I tried the patch.

> Chad La Joie advised me to turn the patch into an extension instead,
> which I did. The extension is much better documented (at
> https://wiki.shibboleth.net/confluence/x/aYBC).

Great! An extension is easier to deploy. I'll try it.
I missed that link... (I searched the list for your posts but someone
else posted the link.) :/

> Neat! That might be a better way to do it in general too - even more
> so if it is the only way to actually use the standard UsernamePassword
> login handler together with the MultiFactor one. Please update the
> wiki page yourself if you want to.

Yeah this is clearer. I also need to be able to use both login handlers
because multi-factor won't become our default authentication method (not
soon at least).

I still have no idea why the UsernamePassword LoginHandler loads another
module's configuration.

> You can get a unique id at https://upgrade.yubico.com/getapikey/ - it
> is really only needed if you don't use HTTPS to connect to the
> validation server.

I see no reason not to use HTTPS. :) Validation fails if one doesn't
supply a clientId though (even over HTTPS).

Do you plan to develop more methods of checking the user <-> YubiKey
mapping? LDAP would be ideal for me.

Regards,
Etienne

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.16.

Top of Page