Hi James. Would be nice to track your progress on this project. We have also engaged with the two factor HOTP token CAS extention project recently. The great place to share some code ideas, snippets, etc. would be Github gists. I'm also planning to put some prototype working code as we go along into: https://github.com/Unicon/cas-addons
Also, FWIW, for the OTP token generation and validation, there is a Java "reference implementation", so one would not re-invent the wheel in this area: https://github.com/link-nv/oath Cheers, Dmitriy. On Tue, Apr 3, 2012 at 9:50 AM, James Parry <[email protected]> wrote: > Thanks Marvin. > > I'll take a look at the code this evening and see how it works. > > Indeed a Cert on a token would be my preferred option. > However unfortunately the end devices don't have any usb connectivity or > smart card readers due to physical security constraints. > > I've been looking at RFC 4226. > http://tools.ietf.org/html/rfc4226 > > Think this is likely to be best option making my own implementing of the > standard and trying to add/merge it into Cas. > But as you said I probably need to manipulate and extend a lot of the Core > code until Cas 4 is released and then revisit my implementation at a later > date in order to be able to upgrade. > > > Anyone else any two factor other than certificate based? > > > James Parry > Senior Software Engineer > > MegaNexus Limited > > -----Original Message----- > From: Marvin S. Addison [mailto:[email protected]] > Sent: 03 April 2012 14:16 > To: [email protected] > Subject: Re: [cas-user] Two Factor Authentication > > >> I'm curious if anyone has integrated any form of Two factor >> authentication into Cas. > > We're using a cert on a hardware token, which is strictly two-factor. > Most discussions on this topic, however, want to accept two factors on > the login form. I believe that's your use case as well. > >> I'm looking to try and add validation of Token based - OATH HOTP >> Compliant devices into the logon process.... >> >> I've already drastically manipulated the CAS web flow to suit our >> requirements (adding password expiry checking, user policy check and >> password reset process etc..).... >> So I think I have a pretty good understanding of where within CAS I >> would need to start investigating the feasibility of adding some sort >> of two factor. > > The problem is that CAS requires some changes to some core components. > In particular, the AuthenticationManager components need to accept an > array or collection of credentials. We worked this out a while back and > it's slated for the 4.0 release [1], but that has no target ship date. > (I'd estimate Q4 2012 or Q1 2013.) If you're interested in that work, > please see the following branches: > > https://github.com/serac/cas/tree/cas4-lppe > https://github.com/Jasig/cas/tree/feature-cas4api > > M > > [1] https://wiki.jasig.org/display/CAS/CAS+Roadmap > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
