Shibboleth MFA questions

Cantor, Scott cantor.2 at osu.edu
Mon May 22 16:22:42 EDT 2017


> Configuration and scripting examples would be very much appreciated, yes.

I can't give you examples or even an outline for requirements I only vaguely understand at this point. I appreciate why that is, but it doesn't put us on the necessary footing for me to try to answer. The best I can do is say that I need to understand the sequence of behavior you're looking for.
 
> Basically, I need require some resources, on how and where to start -
> examples are often quite helpful in understanding how an API works and
> how it's used.

And they are very expensive to produce and maintain. We have a budget of zero for this.
 
> Cert-based authn should be a common
> task to do, and plenty of information should be around for that - so I
> figured. But it seems, that's not neccessarily the case, even for
> standard MFA usage. Now, there's the the additional task of 'marrying'
> U2F and x509auth.

Certificates are not at all common, but adding anything else takes it from "very rare but basically straightforward" to "very advanced with requirements specific to you". There's no "normal" here. Normal is a password.

If what you're asking about is how to do *both* X.509 and then U2F, that wasn't clear to me, but if that's the case, then I need to know basically what Stefan asked, how do you intend the system to obtain the identity of token holder from the certificate? Specifically.

Scripting the system to run both those methods is reasonably straightforward with the MFA feature.

-- Scott



More information about the users mailing list