On 13/06/2016 12:18, Cornelius Kölbel wrote:
In reality, cost and vendor support for our most exposed apps (Office 365, web-based SAML/Shibboleth auth) will matter hugely.
Oups, we left the RADIUS track. ;-)
Kind of. I see a RADIUS backend as a perfectly acceptable way of integrating multiple token types; either by having one backend isolate the token-type details from the frontends, or having multiple backends behind a proxy that knows which user goes to which backend. So I think RADIUS is a hugely useful tool for doing OTP. This doesn't mean standards like TOTP and HOTP aren't important as well; they're complementary, not contradictory.
Are you bound to a certain IdP like ADFS? Have you implemented
That's a complicated question. Like a lot of enterprises we have multiple paths to authenticate, some legacy, some newer, and a mix of web- and other protocols. Since it's not RADIUS related, I won't go into it here, but thanks for the pointers.