idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:52:05+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/56-RM-3703-MR-modify simple flow view to display username2020-01-14T10:52:05+01:00Etienne Dysli Metref-RM-3703-MR-modify simple flow view to display username
*(from redmine: issue id 3703, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* parent #3695
*(from redmine: issue id 3703, created on 2016-06-15, closed on 2016-08-04)*
* Relations:
* parent #3695Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/57-RM-3704-MR-find a good Java library for RADIUS2020-01-14T10:52:07+01:00Etienne Dysli Metref-RM-3704-MR-find a good Java library for RADIUSfallback to executing radclient as first step
*(from redmine: issue id 3704, created on 2016-06-15, closed on 2016-08-23)*
* Relations:
* parent #3696fallback to executing radclient as first step
*(from redmine: issue id 3704, created on 2016-06-15, closed on 2016-08-23)*
* Relations:
* parent #3696Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/58-RM-3705-MR-Wire OTP extraction bean in simple flow2020-01-14T10:52:08+01:00Etienne Dysli Metref-RM-3705-MR-Wire OTP extraction bean in simple flowbetween view state and validation action state
need to mock the HTTP request in tests
*(from redmine: issue id 3705, created on 2016-06-15, closed on 2016-09-08)*
* Relations:
* parent #3740between view state and validation action state
need to mock the HTTP request in tests
*(from redmine: issue id 3705, created on 2016-06-15, closed on 2016-09-08)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/59-RM-3706-MR-Modify validation action to validate OTPs against fake RADIUS val...2020-01-14T10:52:09+01:00Etienne Dysli Metref-RM-3706-MR-Modify validation action to validate OTPs against fake RADIUS validator serviceneeds an "OTP verifier" interface to hide RADIUS
*(from redmine: issue id 3706, created on 2016-06-15, closed on 2016-09-09)*
* Relations:
* parent #3737needs an "OTP verifier" interface to hide RADIUS
*(from redmine: issue id 3706, created on 2016-06-15, closed on 2016-09-09)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/61-RM-3712-MR-Document Apache directives around authNContextClass2020-01-14T10:52:10+01:00Etienne Dysli Metref-RM-3712-MR-Document Apache directives around authNContextClassDocument Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*Document Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*w28Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/62-RM-3719-MR-Document RADIUS conversation2020-01-14T10:52:11+01:00Etienne Dysli Metref-RM-3719-MR-Document RADIUS conversationWrite down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696Write down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/63-RM-3721-MR-Login flow with one screen?2020-01-14T10:52:12+01:00Etienne Dysli Metref-RM-3721-MR-Login flow with one screen?If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, c...If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, created on 2016-07-13, closed on 2016-11-28)*nexthttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/64-RM-3722-MR-Button to send SMS OTP2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3722-MR-Button to send SMS OTPButton on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*Button on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*w48https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/65-RM-3723-MR-Token enrollment procedure2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3723-MR-Token enrollment procedureDescribe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*Describe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/66-RM-3724-MR-Token replacement procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3724-MR-Token replacement procedureDescribe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*Describe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/67-RM-3725-MR-Token revocation procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3725-MR-Token revocation procedureDescribe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*Describe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/68-RM-3731-MR-Update installation instructions2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3731-MR-Update installation instructionsNew: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694New: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/70-RM-3735-MR-Add TinyRadius to the Maven build2020-01-14T10:52:16+01:00Etienne Dysli Metref-RM-3735-MR-Add TinyRadius to the Maven buildprobably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737probably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/71-RM-3737-MR-Verify OTPs over RADIUS2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3737-MR-Verify OTPs over RADIUSCopied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, ...Copied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, created on 2016-08-24, closed on 2016-09-19)*
* Relations:
* child #3706
* child #3735
* child #3741
* child #3742w38Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/72-RM-3739-MR-New action bean to extract OTP from HTTP request2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3739-MR-New action bean to extract OTP from HTTP requestJust like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
fo...Just like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
form.
*(from redmine: issue id 3739, created on 2016-09-06, closed on 2016-09-07)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/73-RM-3740-MR-Read OTP from simple flow form2020-01-14T10:52:18+01:00Etienne Dysli Metref-RM-3740-MR-Read OTP from simple flow formThe simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739The simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739w36Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/74-RM-3741-MR-New bean: OTP validator service2020-01-14T10:52:19+01:00Etienne Dysli Metref-RM-3741-MR-New bean: OTP validator serviceinterface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737interface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/75-RM-3742-MR-Implement OTP validator service using TinyRadius2020-01-14T10:52:20+01:00Etienne Dysli Metref-RM-3742-MR-Implement OTP validator service using TinyRadiusUse `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Use `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/76-RM-3747-MR-Improve error handling in simple flow2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3747-MR-Improve error handling in simple flowwrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757wrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757w42Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/78-RM-3749-MR-Rename simple flow2020-01-14T10:52:22+01:00Etienne Dysli Metref-RM-3749-MR-Rename simple flowThe "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*The "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*w48Etienne Dysli MetrefEtienne Dysli Metref