I'm curious if anyone has integrated any form of Two factor authentication into Cas.
We're using a cert on a hardware token, which is strictly two-factor. Most discussions on this topic, however, want to accept two factors on the login form. I believe that's your use case as well.
I'm looking to try and add validation of Token based - OATH HOTP Compliant devices into the logon process.... I've already drastically manipulated the CAS web flow to suit our requirements (adding password expiry checking, user policy check and password reset process etc..).... So I think I have a pretty good understanding of where within CAS I would need to start investigating the feasibility of adding some sort of two factor.
The problem is that CAS requires some changes to some core components. In particular, the AuthenticationManager components need to accept an array or collection of credentials. We worked this out a while back and it's slated for the 4.0 release [1], but that has no target ship date. (I'd estimate Q4 2012 or Q1 2013.) If you're interested in that work, please see the following branches: https://github.com/serac/cas/tree/cas4-lppe https://github.com/Jasig/cas/tree/feature-cas4api M [1] https://wiki.jasig.org/display/CAS/CAS+Roadmap -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
