idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:52:09+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/60-RM-3711-MR-Force re-authentication2020-01-14T10:52:09+01:00Etienne Dysli Metref-RM-3711-MR-Force re-authenticationSupport forcing re-authentication in the MFA/OTP flow.
*(from redmine: issue id 3711, created on 2016-06-29)*Support forcing re-authentication in the MFA/OTP flow.
*(from redmine: issue id 3711, created on 2016-06-29)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/21-RM-3653-MR-Verify user identity on enrollment2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3653-MR-Verify user identity on enrollmentAs a university account administrator,
I want to verify user's identities before they can use 2FA,
so that I can provide a stronger verification level to applications
using 2FA.
→ process independent of Shibboleth
*(from redmine: ...As a university account administrator,
I want to verify user's identities before they can use 2FA,
so that I can provide a stronger verification level to applications
using 2FA.
→ process independent of Shibboleth
*(from redmine: issue id 3653, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/20-RM-3652-MR-MFA over RADIUS2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3652-MR-MFA over RADIUSAs a VPN gateway operator,
I want to authenticate 2FA users over RADIUS,
so that both users with or without 2FA are authenticated over the same
protocol.
→ RADIUS authentication is independent of Shibboleth
*(from redmine: issue i...As a VPN gateway operator,
I want to authenticate 2FA users over RADIUS,
so that both users with or without 2FA are authenticated over the same
protocol.
→ RADIUS authentication is independent of Shibboleth
*(from redmine: issue id 3652, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/19-RM-3651-MR-IdP configuration for MFA2020-01-14T10:51:24+01:00Etienne Dysli Metref-RM-3651-MR-IdP configuration for MFAAs an IdP operator,
I want to provide a 2FA login flow,
so that SPs can get stronger authentication.
*(from redmine: issue id 3651, created on 2016-04-13)*As an IdP operator,
I want to provide a 2FA login flow,
so that SPs can get stronger authentication.
*(from redmine: issue id 3651, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/18-RM-3650-MR-MFA only to validate sensitive actions2020-01-14T10:51:23+01:00Etienne Dysli Metref-RM-3650-MR-MFA only to validate sensitive actionsAs a SP-protected web application operator,
I want to be able to use 2FA only to validate sensitive user actions,
so that sensitive actions are strongly protected and users are not
required to use 2FA all the time.
→ handled by the ...As a SP-protected web application operator,
I want to be able to use 2FA only to validate sensitive user actions,
so that sensitive actions are strongly protected and users are not
required to use 2FA all the time.
→ handled by the application which must request stronger authentication
to Shibboleth when it needs it
*(from redmine: issue id 3650, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/17-RM-3649-MR-MFA for whole SP2020-01-14T10:51:23+01:00Etienne Dysli Metref-RM-3649-MR-MFA for whole SPAs a SP-protected web application operator,
I want to force users to authenticate with two factors,
so that their account and the personal information it contains are
better protected.
*(from redmine: issue id 3649, created on 2016...As a SP-protected web application operator,
I want to force users to authenticate with two factors,
so that their account and the personal information it contains are
better protected.
*(from redmine: issue id 3649, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/16-RM-3648-MR-Password recovery2020-01-14T10:51:22+01:00Etienne Dysli Metref-RM-3648-MR-Password recoveryAs a university student,
I want to be able to reset my password using a 2FA-protected online
self-service,
so that my password cannot be changed by others.
→ process independent of Shibboleth
*(from redmine: issue id 3648, created...As a university student,
I want to be able to reset my password using a 2FA-protected online
self-service,
so that my password cannot be changed by others.
→ process independent of Shibboleth
*(from redmine: issue id 3648, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/15-RM-3647-MR-Won't use personal device2020-01-14T10:51:22+01:00Etienne Dysli Metref-RM-3647-MR-Won't use personal deviceAs a reluctant university staff,
I want the University to give me the means to access protected
resources,
so that I can access SPs requiring 2FA without using my own personal
device.
→ process independent of Shibboleth (physical to...As a reluctant university staff,
I want the University to give me the means to access protected
resources,
so that I can access SPs requiring 2FA without using my own personal
device.
→ process independent of Shibboleth (physical token?)
*(from redmine: issue id 3647, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/14-RM-3646-MR-Backup access2020-01-14T10:51:21+01:00Etienne Dysli Metref-RM-3646-MR-Backup accessAs a regular 2FA user temporarily unable to use my second factor,
I want to be granted a fallback access for a limited period of time,
so that I can access SPs requiring 2FA.
→ process independent of Shibboleth (helpdesk-provided OT...As a regular 2FA user temporarily unable to use my second factor,
I want to be granted a fallback access for a limited period of time,
so that I can access SPs requiring 2FA.
→ process independent of Shibboleth (helpdesk-provided OTP)
*(from redmine: issue id 3646, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/13-RM-3645-MR-Choose second factor on IdP2020-01-14T10:51:21+01:00Etienne Dysli Metref-RM-3645-MR-Choose second factor on IdPAs a user authenticating on the IdP,
I want to be able to choose the second authentication factor,
so that I can use the most convenient method for me.
*(from redmine: issue id 3645, created on 2016-04-13)*As a user authenticating on the IdP,
I want to be able to choose the second authentication factor,
so that I can use the most convenient method for me.
*(from redmine: issue id 3645, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/12-RM-3644-MR-SMS OTP support2020-01-14T10:51:20+01:00Etienne Dysli Metref-RM-3644-MR-SMS OTP supportAs a university staff with only a mobile phone (no smart phone),
I want to receive an OTP via SMS when authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3644, created on 2016-04-13)*As a university staff with only a mobile phone (no smart phone),
I want to receive an OTP via SMS when authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3644, created on 2016-04-13)*https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/11-RM-3643-MR-Google Authenticator support2020-01-14T10:51:20+01:00Etienne Dysli Metref-RM-3643-MR-Google Authenticator supportAs a university staff with a smart phone,
I want to use the Google Authenticator mobile application when
authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3643, created on 2016-04-13)*As a university staff with a smart phone,
I want to use the Google Authenticator mobile application when
authenticating on the IdP,
so that I can access SPs requiring 2FA.
*(from redmine: issue id 3643, created on 2016-04-13)*