Freeradius and 2 Factor Authentication
Cornelius Kölbel
cornelius.koelbel at netknights.it
Mon Jun 13 13:18:07 CEST 2016
Am Montag, den 13.06.2016, 11:46 +0100 schrieb Phil Mayers:
> On 12/06/2016 19:30, Cornelius Kölbel wrote:
>
> >> We've looked at this in detail, and there are about 250 people in our
> >> organisation of 30k+ that could justify a hard token.
> >
> > So you should choose a solution, where you can combine soft tokens, text
> > messages, OTPs via email *argh* and hardware tokens, just as you wish.
> > This would make the best sense for your scenario.
>
> Ideally yes. So I'm very supportive of the idea of a standard set of
> protocols that can integrate all of the above.
>
> In reality, cost and vendor support for our most exposed apps (Office
> 365, web-based SAML/Shibboleth auth) will matter hugely.
Oups, we left the RADIUS track. ;-)
Are you bound to a certain IdP like ADFS? Have you implemented
shibboleth? E.g. SimpleSAMLphp has a bunch of plugins that authenticate
an 2FA backend. I think they have a native yubikey plugin. But there is
also a privacyIDEA plugin. You can manage all kind of tokens in
privacyIDEA (Disclaimer: I am developing this 2FA auth backend, which
supports hardware HOTP/TOTP, smartphones, yubikey, sms, email...).
Usually you will only have to get support/SLA for such a setup.
Of course there a lot of plugins/connectors for ADFS, too. Which might
result in more licenses costs.
Here is a video, where you can even use U2F tokens (under certain
conditions)
https://www.youtube.com/watch?v=0VKFGSAlL80
--
Cornelius Kölbel
cornelius.koelbel at netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160613/6dbf71ff/attachment.sig>
More information about the Freeradius-Users
mailing list