idpv3-mfa issueshttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues2020-01-14T10:52:10+01:00https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/61-RM-3712-MR-Document Apache directives around authNContextClass2020-01-14T10:52:10+01:00Etienne Dysli Metref-RM-3712-MR-Document Apache directives around authNContextClassDocument Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*Document Apache directives provided by mod\_shib for requesting a given
authNContextClass and verifying that a session was initiated with that
class.
*(from redmine: issue id 3712, created on 2016-06-29, closed on 2016-07-13)*w28Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/62-RM-3719-MR-Document RADIUS conversation2020-01-14T10:52:11+01:00Etienne Dysli Metref-RM-3719-MR-Document RADIUS conversationWrite down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696Write down which RADIUS messages are used/expected in the conversation
to verify one OTP.
*(from redmine: issue id 3719, created on 2016-07-13, closed on 2016-08-23)*
* Relations:
* parent #3696https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/63-RM-3721-MR-Login flow with one screen?2020-01-14T10:52:12+01:00Etienne Dysli Metref-RM-3721-MR-Login flow with one screen?If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, c...If the flow with two screens is not satisfactory, implement everything
in one step i.e. password and OTP in the same form. Must make a copy of
the existing Password flow and add the second factor in it.
*(from redmine: issue id 3721, created on 2016-07-13, closed on 2016-11-28)*nexthttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/64-RM-3722-MR-Button to send SMS OTP2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3722-MR-Button to send SMS OTPButton on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*Button on the login form that triggers sending a SMS OTP.
Send "sms" as password in Access-Request packet.
*(from redmine: issue id 3722, created on 2016-07-13, closed on 2016-11-25)*w48https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/65-RM-3723-MR-Token enrollment procedure2020-01-14T10:52:13+01:00Etienne Dysli Metref-RM-3723-MR-Token enrollment procedureDescribe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*Describe how users can get a new token (first time).
*(from redmine: issue id 3723, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/66-RM-3724-MR-Token replacement procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3724-MR-Token replacement procedureDescribe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*Describe how users can have their token replaced.
*(from redmine: issue id 3724, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/67-RM-3725-MR-Token revocation procedure2020-01-14T10:52:14+01:00Etienne Dysli Metref-RM-3725-MR-Token revocation procedureDescribe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*Describe how tokens can be revoked.
*(from redmine: issue id 3725, created on 2016-07-13, closed on 2016-09-19)*w38https://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/68-RM-3731-MR-Update installation instructions2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3731-MR-Update installation instructionsNew: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694New: project must be built to get a JAR to install.
*(from redmine: issue id 3731, created on 2016-07-26, closed on 2016-07-26)*
* Relations:
* parent #3694Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/69-RM-3734-MR-Refactor TinyRadius2020-01-14T10:52:15+01:00Etienne Dysli Metref-RM-3734-MR-Refactor TinyRadiusThe code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*The code is old (Java 1.4 or earlier) and could benefit from modern Java
features like type safety (generics) and enums. Moreover, it has no
tests.
*(from redmine: issue id 3734, created on 2016-08-23)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/70-RM-3735-MR-Add TinyRadius to the Maven build2020-01-14T10:52:16+01:00Etienne Dysli Metref-RM-3735-MR-Add TinyRadius to the Maven buildprobably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737probably via a git subtree
*(from redmine: issue id 3735, created on 2016-08-23, closed on 2016-09-12)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/71-RM-3737-MR-Verify OTPs over RADIUS2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3737-MR-Verify OTPs over RADIUSCopied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, ...Copied from \#3696.
Make the "simple" flow verify OTPs by contacting the authentication
server over RADIUS. No SMS support yet.
- send Access-Request
- expect Access-Accept
What happens on errors?
*(from redmine: issue id 3737, created on 2016-08-24, closed on 2016-09-19)*
* Relations:
* child #3706
* child #3735
* child #3741
* child #3742w38Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/72-RM-3739-MR-New action bean to extract OTP from HTTP request2020-01-14T10:52:17+01:00Etienne Dysli Metref-RM-3739-MR-New action bean to extract OTP from HTTP requestJust like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
fo...Just like
`net.shibboleth.idauthn.impl.ExtractUsernamePasswordFromFormRequest`.
Should add a new context containing the OTP under the
`AuthenticationContext`.
Obviously, should be executed right after the view state displaying the
form.
*(from redmine: issue id 3739, created on 2016-09-06, closed on 2016-09-07)*
* Relations:
* parent #3740Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/73-RM-3740-MR-Read OTP from simple flow form2020-01-14T10:52:18+01:00Etienne Dysli Metref-RM-3740-MR-Read OTP from simple flow formThe simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739The simple flow should read the OTP field from its form view.
*(from redmine: issue id 3740, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* child #3705
* child #3739w36Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/74-RM-3741-MR-New bean: OTP validator service2020-01-14T10:52:19+01:00Etienne Dysli Metref-RM-3741-MR-New bean: OTP validator serviceinterface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737interface + mock for tests
*(from redmine: issue id 3741, created on 2016-09-07, closed on 2016-09-08)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/75-RM-3742-MR-Implement OTP validator service using TinyRadius2020-01-14T10:52:20+01:00Etienne Dysli Metref-RM-3742-MR-Implement OTP validator service using TinyRadiusUse `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Use `org.tinyradius.util.RadiusClient` or write a better client?
*(from redmine: issue id 3742, created on 2016-09-07, closed on 2016-09-15)*
* Relations:
* parent #3737Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/76-RM-3747-MR-Improve error handling in simple flow2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3747-MR-Improve error handling in simple flowwrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757wrong OTP ->sends SAML error to SP, not ideal...
Submitting a wrong OTP should loop back to the OTP form.
*(from redmine: issue id 3747, created on 2016-09-19, closed on 2016-11-01)*
* Relations:
* child #3755
* child #3757w42Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/77-RM-3748-MR-Rewrite RadiusClient to handle multiple requests2020-01-14T10:52:21+01:00Etienne Dysli Metref-RM-3748-MR-Rewrite RadiusClient to handle multiple requestsRewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 374...Rewrite RadiusClient to be able to handle multiple requests at the same
time. Currently, it uses only one socket (source port) to send and
receive requests and access to the socket is synchronised (serial).
*(from redmine: issue id 3748, created on 2016-09-19)*nextEtienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/78-RM-3749-MR-Rename simple flow2020-01-14T10:52:22+01:00Etienne Dysli Metref-RM-3749-MR-Rename simple flowThe "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*The "simple" flow is no longer simple. Find a better name and rename
every reference.
*(from redmine: issue id 3749, created on 2016-09-19, closed on 2016-11-28)*w48Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/79-RM-3751-MR-Use the InCommon MFA Profile2020-01-14T10:52:22+01:00Etienne Dysli Metref-RM-3751-MR-Use the InCommon MFA ProfileReplace the development authentication context class
`https://mfa-dev.ed.switch.ch/idp/mfa/simple` with the InCommon MFA
Profile `http://id.incommon.org/assurance/mfa`. This offers better
interoperability when moving to production.
Repl...Replace the development authentication context class
`https://mfa-dev.ed.switch.ch/idp/mfa/simple` with the InCommon MFA
Profile `http://id.incommon.org/assurance/mfa`. This offers better
interoperability when moving to production.
Replace in:
- <s>`conf/authn/general-authn.xml` (Puppet config)</s>
- <s>`README.md`</s>
- <s>`index.html` (on mfa-dev)</s>
- <s>Apache config (Hiera)</s>
*(from redmine: issue id 3751, created on 2016-09-20, closed on 2016-11-28)*w48Etienne Dysli MetrefEtienne Dysli Metrefhttps://gitlab.switch.ch/etienne.dysli-metref/idpv3-mfa/-/issues/80-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP form2020-01-14T10:52:23+01:00Etienne Dysli Metref-RM-3755-MR-Submitting a wrong OTP should loop back to the OTP formadd a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747add a transition on InvalidCredentials
*(from redmine: issue id 3755, created on 2016-09-22, closed on 2016-09-22)*
* Relations:
* parent #3747Etienne Dysli MetrefEtienne Dysli Metref