shibboleth-dev - Re: [Shib-Dev] [PATCH] Multi-factor authentication

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [PATCH] Multi-factor authentication

From: Fredrik Thulin <>
To: Etienne Dysli <>
Cc:
Subject: Re: [Shib-Dev] [PATCH] Multi-factor authentication
Date: Fri, 15 Apr 2011 14:44:30 +0200

This is starting to feel off-topic for the Shibboleth list, so let's
take it off list after this.

On Fri, Apr 15, 2011 at 11:21 AM, Etienne Dysli
<>
wrote:
...
>> You can get a unique id at https://upgrade.yubico.com/getapikey/ - it
>> is really only needed if you don't use HTTPS to connect to the
>> validation server.
>
> I see no reason not to use HTTPS. :) Validation fails if one doesn't
> supply a clientId though (even over HTTPS).

I know, although the reasoning predates me.

> Do you plan to develop more methods of checking the user <-> YubiKey
> mapping? LDAP would be ideal for me.

I was going to, but got stuck on finding a suitable attribute for
storing the YubiKey public id.

I'd prefer a generic schema for authentication tokens, but I'm no LDAP
expert and can't really say if that is viable or not.
The very same thing is discussed on the AuthHub project mailing list right
now.

/Fredrik

Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/14/2011
- Re: [Shib-Dev] [PATCH] Multi-factor authentication, Fredrik Thulin, 04/14/2011
  - Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/15/2011
    - Re: [Shib-Dev] [PATCH] Multi-factor authentication, Fredrik Thulin, 04/15/2011
    - Re: [Shib-Dev] [PATCH] Multi-factor authentication, Brent Putman, 04/15/2011
      - Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/18/2011
        
        Re: [Shib-Dev] [PATCH] Multi-factor authentication, Brent Putman, 04/18/2011
        
        Re: [Shib-Dev] [PATCH] Multi-factor authentication, Etienne Dysli, 04/18/2011

List archive

Re: [Shib-Dev] [PATCH] Multi-factor authentication