2FA : two authentication that follow each other with a simple access-request
dclavier at i-tracing.com
Mon Aug 6 18:10:05 CEST 2018
I am trying to configure two-factor authentication with FreeRadius. I followed the devoted wiki page : https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy and it works well :
-> Firstly, a user send an access-request and he authenticates against LDAP
-> If his credentials are valid, he gets an access-challenge with a state attribute
-> The user resend the same access-request with the state token and a push notification is sent on his phone.
-> After accepting the push, user gets an Accept-Access
However, since I use a push notification for second authentication, I don't really need that user to send a second access-request. In fact, I just need to proxy the user to the push service for second authentication. So I am wondering if it is possible to launch second authentication after the LDAP authentication succeeded without user action, so without challenge answer.For example, is it possible to request a proxy server from the authenticate block, when ldap return ok ?
I did not find anything about two authentication that follow each other with a simple access-request.
I thank you in advance for your help,
More information about the Freeradius-Users