Two factor authentication for shibboleth

Mike Wiseman mike.wiseman at
Tue Feb 19 14:02:43 EST 2013

> Has anyone had any experience integrating Shibboleth with two factor authentication?
> The two vendors we are looking at, which claim they can work with shibboleth, are
> RSA and Safe-Net. If you have any experience with these and shibboleth, please let
> me know if you have been able to make it work.
> Thanks!
> Jared

We are planning to deploy the X.509 login handler and use the SafeNet 5100 device (formerly eToken?). We've done some dev testing and configuration that included using the email address of the cert to do the LDAP lookup but need to firm up a few things such as whether to run two user interface pages - one for username/pw, the other for X.509. We'll also be agreeing on the cert extensions, instead of depending on the email address as the unique identifier, we'll pick a more persistent value.


Mike Wiseman
Manager, Information Security
Information + Technology Services
University of Toronto


More information about the users mailing list