Two factor authentication for shibboleth
mike.wiseman at utoronto.ca
Tue Feb 19 14:02:43 EST 2013
> Has anyone had any experience integrating Shibboleth with two factor authentication?
> The two vendors we are looking at, which claim they can work with shibboleth, are
> RSA and Safe-Net. If you have any experience with these and shibboleth, please let
> me know if you have been able to make it work.
We are planning to deploy the X.509 login handler and use the SafeNet 5100 device (formerly eToken?). We've done some dev testing and configuration that included using the email address of the cert to do the LDAP lookup but need to firm up a few things such as whether to run two user interface pages - one for username/pw, the other for X.509. We'll also be agreeing on the cert extensions, instead of depending on the email address as the unique identifier, we'll pick a more persistent value.
Manager, Information Security
Information + Technology Services
University of Toronto
More information about the users