MFA : Google Authenticator and Shibboleth IDP 3.x

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

MFA : Google Authenticator and Shibboleth IDP 3.x

Amit Dongaonkar
Hello Users,
Wondering if anyone has integrated google authenticator with Shib IDP for providing MFA.

Thanks and Regards,

Amit Dongaonkar

Snr. Technical Architect Lead

o: (248) 284-4035 m: (248) 385-6033

40850 Grand River Ave #100, Novi, MI 48375

www.nitssolutions.com


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

image001.png (14K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: MFA : Google Authenticator and Shibboleth IDP 3.x

Shibboleth - Users mailing list
hi,

Wondering if anyone has integrated google authenticator with Shib IDP for providing MFA.

have you tried the Shibboleth-IdP3-TOTP-Auth extension?


alan


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: MFA : Google Authenticator and Shibboleth IDP 3.x

Joseph Fischetti

There’s also my fork (https://github.com/joeFischetti/Shibboleth-IdP3-TOTP-Auth) which strips out all of additional seed storage and utilizes encrypted attributes in another store (like your LDAP).  The seeds are accessed via an attribute lookup like anything else.

 

I haven’t looked at it in many many months.  I’ve never even attempted to port it forward to IdP 4.

 

From: users <[hidden email]> on behalf of Alan Buxey via users <[hidden email]>
Reply-To: Shib Users <[hidden email]>
Date: Friday, January 8, 2021 at 8:54 AM
To: Shib Users <[hidden email]>
Cc: Alan Buxey <[hidden email]>
Subject: Re: MFA : Google Authenticator and Shibboleth IDP 3.x

 

[EXTERNAL EMAIL]

hi,

 

Wondering if anyone has integrated google authenticator with Shib IDP for providing MFA.

 

have you tried the Shibboleth-IdP3-TOTP-Auth extension?

 

 

alan


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: MFA : Google Authenticator and Shibboleth IDP 3.x

Amit Dongaonkar
Hi Alan and Joseph,
Thanks for your responses.
 Joseph, any plans to port this to 4.x?

Thanks and Regards,

Amit Dongaonkar

Snr. Technical Architect Lead

o: (248) 284-4035 m: (248) 385-6033

40850 Grand River Ave #100, Novi, MI 48375

www.nitssolutions.com



On Fri, Jan 8, 2021 at 9:00 AM Joseph Fischetti <[hidden email]> wrote:

There’s also my fork (https://github.com/joeFischetti/Shibboleth-IdP3-TOTP-Auth) which strips out all of additional seed storage and utilizes encrypted attributes in another store (like your LDAP).  The seeds are accessed via an attribute lookup like anything else.

 

I haven’t looked at it in many many months.  I’ve never even attempted to port it forward to IdP 4.

 

From: users <[hidden email]> on behalf of Alan Buxey via users <[hidden email]>
Reply-To: Shib Users <[hidden email]>
Date: Friday, January 8, 2021 at 8:54 AM
To: Shib Users <[hidden email]>
Cc: Alan Buxey <[hidden email]>
Subject: Re: MFA : Google Authenticator and Shibboleth IDP 3.x

 

[EXTERNAL EMAIL]

hi,

 

Wondering if anyone has integrated google authenticator with Shib IDP for providing MFA.

 

have you tried the Shibboleth-IdP3-TOTP-Auth extension?

 

 

alan

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]

image001.png (14K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: MFA : Google Authenticator and Shibboleth IDP 3.x

Cantor, Scott E.
On 1/8/21, 9:51 AM, "users on behalf of Amit Dongaonkar" <[hidden email] on behalf of [hidden email]> wrote:

>     Joseph, any plans to port this to 4.x?

There's already a plugin largely done for 4.1 that I based in part on that work.

None of this is usable in practice, you need a management tool/process for enrollment and token management, and we are not going to do that. It's ok for testing or for simple low-volume needs internally to a small set of IT staff.

There are no standard ways to do any of that. We can't just build half a solution so there can't be a solution unless we build one or assume the use of a specific tool. PrivacyIdea is the most likely choice but we haven't done that integration yet. There are third party projects that have.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to [hidden email]