|
|
# Technology Watch #
|
|
|
|
|
|
[[https://spaces.internet2.edu/display/MIPWG/MFA+Interoperability+Profile+Working+Group+Home|MFA Interoperability Profile Working Group]]
|
|
|
[MFA Interoperability Profile Working Group](https://spaces.internet2.edu/display/MIPWG/MFA+Interoperability+Profile+Working+Group+Home)
|
|
|
> The mission of the working group is to develop and document requirements for creating and implementing an interoperability profile to allow the community to leverage MFA provided by an InCommon Identity Provider by allowing SPs to rely on a standard syntax and semantics regarding MFA.
|
|
|
[[https://github.com/korteke/Shibboleth-IdP3-TOTP-Auth|Shibboleth-IdP3-TOTP-Auth]]
|
|
|
[Shibboleth-IdP3-TOTP-Auth](https://github.com/korteke/Shibboleth-IdP3-TOTP-Auth)
|
|
|
> Google authenticator authentication module for Shibboleth IdP v3.
|
|
|
> Works conjunction with the User/Password flow. This module first calls authn/Password flow and after that flow is completed it asks token code from the user. User can also register a new token with this module.
|
|
|
> Uses External LDAP, MongoDB(EXPERIMENTAL!) or Static for seed fetching.
|
|
|
|
|
|
[[https://github.com/biancini/IdP3-TwoFactor|IdP3-TwoFactor]]
|
|
|
[IdP3-TwoFactor](https://github.com/biancini/IdP3-TwoFactor)
|
|
|
> Two Factor authentication module example for Shibboleth IdP v3. The module doesn't do anything complex, just confront the token provided by the user during login with a constant token in the idp.properties configuration file.
|
|
|
> This module is intended to show how the login process for Shibboleth could be modified to include custom modules during login.
|
|
|
|
|
|
[[https://wiki.shibboleth.net/confluence/x/jwBSAQ|The Multi-Context Broker (MCB)]]
|
|
|
[The Multi-Context Broker (MCB)](https://wiki.shibboleth.net/confluence/x/jwBSAQ)
|
|
|
> The Multi-Context Broker Model can be used to orchestrate among multiple authentication contexts and methods based on user certifications and relying party requests. The following articles describe how the Multi-Context Broker Model can be configured in Identity Provider 3.
|
|
|
|
|
|
[[https://github.com/Ratler/shibboleth-mfa-u2f-auth|Shibboleth U2F Authentication Plugin]]
|
|
|
[Shibboleth U2F Authentication Plugin](https://github.com/Ratler/shibboleth-mfa-u2f-auth)
|
|
|
> U2F multi-factor authentication plugin for Shibboleth IdPv3.
|
|
|
|
|
|
[[https://github.com/Unicon/shib-mfa-duo-auth|Shibboleth Duo Security Authentication Module]]
|
|
|
[Shibboleth Duo Security Authentication Module](https://github.com/Unicon/shib-mfa-duo-auth)
|
|
|
> DuoSecurity multifactor authentication plugin for the Shibboleth identity provider
|
|
|
|
|
|
[[https://github.com/opendnssec/SoftHSMv2|SoftHSM version 2]] secure key storage (in case IdP needs to store keys)
|
|
|
[SoftHSM version 2](https://github.com/opendnssec/SoftHSMv2) secure key storage (in case IdP needs to store keys)
|
|
|
> A potential problem with the use of the PKCS#11 interface is that it might limit the wide spread use of OpenDNSSEC, since a potential user might not be willing to invest in a new hardware device. To counter this effect, OpenDNSSEC is providing a software implementation of a generic cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is designed to meet the requirements of OpenDNSSEC, but can also work together with other cryptographic products because of the PKCS#11 interface.
|
|
|
|
|
|
[[https://wiki.shibboleth.net/confluence/display/IDP30/Contributions+and+Extensions|IdP3 wiki: Contributions and Extensions]]
|
|
|
[IdP3 wiki: Contributions and Extensions](https://wiki.shibboleth.net/confluence/display/IDP30/Contributions+and+Extensions)
|
|
|
|
|
|
[[http://2-fa.info/]]
|
|
|
http://2-fa.info/
|
|
|
> Information collection on 2-fa authentication: definitions, standards, selection criteria, products and solutions. |