Hi Rohit, this sounds awesome and for me it is a absolute +1, as in my organization this is a major concern with cloudstack atm.
Regarding the puprosed " general-purpose 2FA plugins": I would suggest to exchange the PIN - option against another type of factor, as as far i am aware a user genarated PIN would also "count" as a "knowledge" factor. Maybe one could use the already implemented functions for generating ssh-keypairs to create kind of a "token" which a user needs to present on login (simply saining generate an dedicated key-pair for login purposes to the web-ui / cmk). The admins then could choose on how to provide the token for the users or where to store them. Instead of using "ssh-keys" maybe a certificate / pki approach would also be usefull, as many of using organizations have already some kind of PKI environment running. So Admins could deploy a root-cert for the domain and provide user-certs for authentification / validation. Looking forward to this excitement feature! Regards, Chris Am Mo., 29. Nov. 2021 um 11:49 Uhr schrieb Rohit Yadav < rohit.ya...@shapeblue.com>: > All, > > During CCC21 hackathon, I explored the feasibility of a 2FA framework and > a TOTP (time-based OTP) plugin that can be used with Google Authenticator, > MS Authenticator, Authy etc. > > I've used ideas of TOTP based 2FA PoC to put together a design doc for > discussion: > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/2FA+Framework+and+Plugins > > Kindly review and share your feedback. Thanks. > > > Regards. > > > >
