Hi Andrew Thanks for your answer. As a matter of fact I had no idea that cosign caches already satisfied factors.
With that knowledge and some changes in cosign.js it's possible to implement the desired behavior. My google-auth factor exits with status OK when authenticated user has no google auth configured or when OTP is correct. In the UI I specify factors which should only be displayed when there was a successful kerberos-auth. This results in a nice workflow where user first enters login and password and then receives a screen with just the token field because there is a factor missing. Maybe this sounds a little bit hacky. Thanks again! Maybe you find the time to answer three more questions? 1) Is there any way to bypass the logout verification screen? I really don't need verification when I redirect the user from a service logout script to central logout. 2) I haven't already tried (because my setup is not ready) but is it possible to authenticate against kerberos using email-addresses? I don't need the friend feature. But I expect the friend factor to steal the credentials if login is an email-address. 3) Is there a possibility to make the google-auth factor required for all services and not just the ones which define it inside the filter. Regards, Florian On 8 January 2013 17:01, Andrew Mortensen <and...@weblogin.org> wrote: > Hi Florian. You're right: what you describe is currently not possible in > cosign. That doesn't mean it won't be, though. As a matter of fact, there's > work underway at a university to add a feature to cosign that matches your > scenario almost exactly. There's a chance this will be available in the > relatively near future. Your input would be helpful as this feature is > shaped. > > Cosign's multifactor login support is more flexible than you might think. > If a user logs in first, either simply by visiting the login page or by > visiting a protected service requiring only one factor, and the user > subsequently visits a service requiring additional factors, the weblogin > server will demand only the factor(s) that have not yet been authenticated. > > andrew > > > > On Jan 8, 2013, at 7:03 AM, Florian Mueller <flo2muel...@gmail.com> wrote: > > > Hi all, > > > > I have set up kerberos and cosign to work correctly with username and > password. Now I'd > > like to setup two-factor authentication using google authenticator. > > > > The setup should be like this: > > > > 1) User is presented a login page with just username & password on it > > 2) User enters correct credentials > > 2.1) An additional factor gets called which determines the required > two-factor method > > for the user via LDAP or similar (database). > > 3) User is presented a login page with just the form field for > auth-token. > > 4) User enters correct token and is authenticated. > > > > Is it possible to achieve this? ATM I only see the possibility to enable > the two-factor > > auth based on CosignRequiresFactor and the user has to post all data > (user, password, token) > > inside one request, which is not handy when authentication methods may > differ between users. > > > > Is there any way I can get something like this to work or is cosign the > wrong tool for such > > a setup? > > > > Regards, > > Florian > > > ------------------------------------------------------------------------------ > > Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS > > and more. Get SQL Server skills now (including 2012) with LearnDevNow - > > 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > > SALE $99.99 this month only - learn more at: > > > http://p.sf.net/sfu/learnmore_122512_______________________________________________ > > Cosign-discuss mailing list > > Cosign-discuss@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/cosign-discuss > > > > ------------------------------------------------------------------------------ > Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS > and more. Get SQL Server skills now (including 2012) with LearnDevNow - > 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts. > SALE $99.99 this month only - learn more at: > http://p.sf.net/sfu/learnmore_122512 > _______________________________________________ > Cosign-discuss mailing list > Cosign-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/cosign-discuss >
------------------------------------------------------------------------------ Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery and much more. Keep your Java skills current with LearnJavaNow - 200+ hours of step-by-step video tutorials by Java experts. SALE $49.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122612
_______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss