Two factor authentication for shibboleth
McAlvin, Eric
emcalvin at bnl.gov
Fri Feb 15 15:37:22 EST 2013
I have successfully configured RSA SecurID on my Shibboleth idP. It looks like this:
Apache HTTPD 2.x (proxypass for /idp that goes to Tomcat)
RSA SecurID Web Agent for Apache HTTPD that is configured to protect /idp/Authn/RemoteUser
Apache Tomcat 6.x
Shibboleth idP configured to use REMOTE_USER as described @ https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthRemoteUser
The RSA SecurID Web Agent (which is free, of course you need the backend RSA SecurID infrastructure), sets the REMOTE_USER environment variable.
Shibboleth idP still resolves the attributes from whatever data source you choose (LDAP, Active Directory, MYSQL, etc..) keying off the REMOTE_USER..
-----Original Message-----
From: users-bounces at shibboleth.net [mailto:users-bounces at shibboleth.net] On Behalf Of Jared Hoffman
Sent: Friday, February 15, 2013 3:05 PM
To: users at shibboleth.net
Subject: Two factor authentication for shibboleth
Has anyone had any experience integrating Shibboleth with two factor
authentication? The two vendors we are looking at, which claim they
can work with shibboleth, are RSA and Safe-Net. If you have any
experience with these and shibboleth, please let me know if you have
been able to make it work.
Thanks!
Jared
--
Jared Hoffman
System Manager
Kenyon College
hoffmanj at kenyon.edu
740.427.5948
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list