Greetings: I've been playing with CAS and have documented how to configure CAS for our two-factor authentication system using radius with support for mutual https authentication. The result is here: http://www.wikidsystems.com/support/wikid-support-center/how-to/configuring-cas-on-ubuntu-for-two-factor-authentication-with-wikid.
The mutual auth functionality thwarts network-based MiTM attacks by validating the SSL CAS host cert for the user. If the validation fails, they get an error rather than the OTP. Using radius means using our commercial edition. However, I suspect someone in the CAS community could easily create a java authentication module via our api: http://www.wikidsystems.com/downloads/network-clients and we would appreciate the contribution. Please let me know if you have any questions. Congrats on a great product. Sincerely, Nick -- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
