Two factor authentication for shibboleth

McAlvin, Eric emcalvin at
Fri Feb 15 15:37:22 EST 2013

I have successfully configured RSA SecurID on my Shibboleth idP.  It looks like this:

Apache HTTPD 2.x  (proxypass for /idp that goes to Tomcat)
RSA SecurID Web Agent for Apache HTTPD that is configured to protect /idp/Authn/RemoteUser
Apache Tomcat 6.x
Shibboleth idP configured to use REMOTE_USER as described @ 

The RSA SecurID Web Agent (which is free, of course you need the backend RSA SecurID infrastructure), sets the REMOTE_USER environment variable. 
Shibboleth idP still resolves the attributes from whatever data source you choose (LDAP, Active Directory, MYSQL, etc..) keying off the REMOTE_USER..

-----Original Message-----
From: users-bounces at [mailto:users-bounces at] On Behalf Of Jared Hoffman
Sent: Friday, February 15, 2013 3:05 PM
To: users at
Subject: Two factor authentication for shibboleth

Has anyone had any experience integrating Shibboleth with two factor
authentication? The two vendors we are looking at, which claim they
can work with shibboleth, are RSA and Safe-Net. If you have any
experience with these and shibboleth, please let me know if you have
been able to make it work.



Jared Hoffman
System Manager
Kenyon College
hoffmanj at
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list