Marvin, can you please send me more information about your 2 factors auth implementation for CAS ?
Thx. a lot Mike > Date: Thu, 29 Apr 2010 15:09:31 -0400 > From: [email protected] > Subject: Re: [cas-user] CAS and Two factor authentication > To: [email protected] > > > i think 2 factor authentication means, 2-way ssl, that is client certificate > > verification and ssl. > > That is mutual authentication, not 2-factor. 2-factor authentication > is a means by which a _user_ presents two credentials (e.g. hardware > security token and password) instead of just one (password) to > authenticate. > > This inquiry comes at a very fortuitous time as there is a lot of work > going on in this area right now. There is work at present to add > support for multi-factor authentication into CAS; > http://www.ja-sig.org/wiki/display/CAS/Multi-Factor+Authentication is > a good page to follow for developments in this area. As to working > implementations, Unicon helped (IIRC) University of California at > Berkeley to customize CAS to achieve this. Hopefully someone from > Unicon will speak up here on further details. > > We have achieved what we consider 2-factor auth here at Virginia Tech > by setting up CAS for optional SSL/X.509 client auth using an Aladdin > eToken security token containing the cert and private key. The user > must possess the token (something you have) and know the private key > password (something you know) to authenticate. This is relatively > easy to do with CAS out of the box; I can elaborate further on the > implementation if you're interested. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > _________________________________________________________________ Live connected. Get Hotmail & Messenger on your phone. http://go.microsoft.com/?linkid=9724462 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
