Storing data (ip address) to database after successful login.
Greg Haverkamp
gahaverkamp at lbl.gov
Wed Sep 29 21:13:05 UTC 2021
If it's sufficient to save the browser, rather than the IP address, our
approach in our OTP module is to store a cookie, using the IdP's own cookie
management tools. It's nice not having to worry about backend storage.
(The downside is, it's Shibboleth-only, and some users get confused
about the connection between this and their desktop MFA logins.)
Greg
On Wed, Sep 29, 2021 at 7:56 AM Arnaud Houdelette <
arnaud.houdelette at normandie-univ.fr> wrote:
> Hi there.
>
> I'm currently in the process of enabling MFA for our institution (on IDP
> 4.1).
>
> To limit the hassle on my 'angry' users, i'd like to ask for second factor
> only when the connecting IP address is not on a dynamic (expiring)
> allowlist.
>
> I already found how to use a static whitelist with
> conf/authn/mfa-authn-config.xml checkSecondFactor script.
>
> I intend to load the address list from a database (sqlite) with the
> attribute resolver...
>
> but where in the auth process should I write the sucessful login IP in the
> database ?
>
>
> --
> Arnaud Houdelette
> Administrateur des infrastructures systèmes et réseaux
> Normandie Université
>
> --
> For Consortium Member technical support, see
> https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20210929/e92f5824/attachment.htm>
More information about the users
mailing list