Here's our doc on adding WiKID 2FA to CAS via radius: https://www.wikidsystems.com/support/how-to/configuring-cas-on-ubuntu-for-two-factor-and-mutual-htttps-authentication-with-wikid/. It includes validating the SSL cert of the CAS server for the user.
On Wed, Jun 1, 2016 at 6:37 AM, Dmitriy Kopylenko <[email protected]> wrote: > The following guide is for v5 which is not yet released: > http://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication.html > > D. > On Wed, Jun 1, 2016 at 06:25, Dmitriy Kopylenko <[email protected]> > wrote: > > I'm afraid that v4 of CAS does not natively support multi phased > authentication transactions for several different authentication factors. > Upcoming v5 does. > > Best, > D. > > On Wed, Jun 1, 2016 at 03:11, Nouman Fallouh <[email protected]> wrote: > > Briefly, I want authentication system supports (username, password and > optional otp), all these data are stored and managed in a database. > > According to previous discussion here - since it was Jasig CAS, v3.5.x and > v4.0.x - the solution was to customize a new credentials which supports OTP > and then re-build all needed classes and components around it. > > With new version, I would like a general guidelines about the best way for > doing this with, is it by: > > as I did before, a custom authentication by extending one of the database > handlers, > using two handlers, database and custom OTP supports the new > `OneTimePasswordCredential` class, with suitable policy, > using two steps authentication, in the default login view: authenticates the > username and password, if okay it presents custom view: authenticated the > OTP if it's required. > or any other way you would prefer. > > Thanks in advance, > Regards, > > > > On Tue, May 31, 2016 at 3:43 PM, Misagh Moayyed <[email protected]> wrote: >> >> What is it that you’re trying to do? >> >> From: Nouman Fallouh [mailto:[email protected]] >> Sent: Monday, May 30, 2016 3:19 AM >> To: [email protected]; [email protected] >> Subject: Re: Fwd: [cas-user] OTP MFA >> >> Hi, >> >> Where can I find a guided steps of using the >> `RequiredHandlerAuthenticationPolicy`, where as I read in the documentation >> that: >> >> This policy could be used to support a multi-factor authentication >> situation, for example, where username/password authentication is required >> but an additional OTP is optional. >> >> Or at least what are the CAS components I should use, work on or modify? >> >> Regards, >> >> On Wed, May 25, 2016 at 11:17 AM, Nouman Fallouh <[email protected]> >> wrote: >> >> Thanks Jonathan, >> >> I've already worked around it by extending the UsernamePasswordCredential >> and a related database authentication handler. >> >> Honestly, I'm looking for a solution using the CAS abilities without >> external modules and with minimum core modifications. >> >> Regards, >> >> On Mon, May 23, 2016 at 8:46 PM, Jonathan Bell <[email protected]> wrote: >> >> Hi Nouman, >> >> We here at URQUi have adapted our OTP software for CAS. Information and >> software can be found here: https://github.com/urqui/cas >> >> Feel free to contact me if you have any questions about CAS/OTP and URQUi. >> >> cheers >> Jonathan. >> >> web: http://urqui.com/ >> >> >> ---------- Forwarded message ---------- >> From: Nouman Fallouh <[email protected]> >> Date: Mon, May 23, 2016 at 4:01 AM >> Subject: [cas-user] OTP MFA >> To: [email protected] >> >> Hi >> >> I'm reading in here: >> http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html >> >> the following lines: >> >> The kinds of required credentials are specified by naming the >> authentication handlers that accept them, for example, ldapHandler and >> >> oneTimePasswordHandler. Thus a service could be registered that imposes >> security constraints like the following: >> >> Only permit users with SSO sessions created from both a username/password >> and OTP token to access this service. >> >> H >> >> ow can I find such >> >> oneTimePasswordHandler >> >> handler? or it's a one I should invent? >> >> Is there any guided steps of how I can apply such scenario? >> >> Regards, >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com. >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net. >> >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464777467523-c4f2a988-6bf64042-bfe63ece%40unicon.net. > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- -- Nick Owen WiKID Systems, Inc. http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAJC4ZaoPw2ZUqteRq58636W7aYZ66DZixqw%3DoA3B7sy5kLR9Ug%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
