Re: two factor authentication

[Jānis Andersons | Files . fm / Failiem . lv]

I tried that, but only thing is that users still can login using "local 
login"

JA
On 06/04/2017 16:11, Simon Weller wrote:
So, could you use the existing auth plugins and then use a broker such as 
keycloak to manage your dual factor?

Here's a good article on the saml plugin:
http://www.shapeblue.com/saml2-cloudstack/

- Si

Simon Weller/615-312-6068

-----Original Message-----
From: Jānis Andersons | Files.fm / Failiem.lv [anders...@files.fm]
Received: Thursday, 06 Apr 2017, 8:06AM
To: users@cloudstack.apache.org [users@cloudstack.apache.org]
Subject: Re: two factor authentication

Well its the only one that I could find in google. I wrote them an
email, but haven't received any response .
And it was compiled against libraries from CloudStack 3.0.2

And there is no information about two factor authentication except WikID
plugin.

I looked around cloudstack code and found ../cloud.core.callbacks.js and
as I understand I have to set global variable g_loginResponse to the
JSON response.
And then ../CloudStack.js    will check the session, to bypass login screen.
Will try this, but I doubt that I will get it to work.

JA

On 06/04/2017 15:27, Rafael Weingärtner wrote:
I have never heard of this plugin before. Have you tried to get some help
on that plugin community?
It does not say for which version of ACS it requires.

Just for clarification, did you try to login before using the plugin? Did
it work?


On Thu, Apr 6, 2017 at 6:58 AM, Jānis Andersons | Files.fm / Failiem.lv <
anders...@files.fm> wrote:

As I didn't got any response and couldn't set up wikid for ACS 4.8.0 2fa,
I figure out, that I can try to login with api, for example:
(...8080/client/api.jsp), set session parameters, after everything is ok
and redirect to ...8080/client/

When login with API, I get response : "User: admin in domain 1 has
successfully logged in" and after redirect all session parameters are still
ok.

But everithing fails on:
===START===  192.168.0.252 -- GET command=listCapabilities&respo
nse=json&_=1491408768692
2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
(catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
writing api response

The same happens without redirecting and retrieving session parameters on
8080/client/index.jsp

Still would appreciate any info about two factor authentication.

JA


On 03/04/2017 18:37, anders...@files.fm wrote:

Hi,

Has anyone have some tips how to implement two factor authentication in
ACS 4.8.0?
I have looked at this: https://www.wikidsystems.com/s
upport/how-to/how-to-add-wikid-two-factor-authentication-to-
cloudstack-manager/
But it seems to bee for older version, I guess.
Also I have considered to change GUI, but I don't think that wold be a
good idea.