2FA : two authentication that follow each other with a simple access-request

Denis CLAVIER dclavier at i-tracing.com
Mon Aug 6 18:10:05 CEST 2018


I am trying to configure two-factor authentication with FreeRadius. I followed the devoted wiki page : https://wiki.freeradius.org/guide/2FA-Active-Directory-plus-Proxy and it works well :
	-> Firstly, a user send an access-request and he authenticates against LDAP
	-> If his credentials are valid, he gets an access-challenge with a state attribute
	-> The user resend the same access-request with the state token and a push notification is sent on his phone.
	-> After accepting the push, user gets an Accept-Access 

However, since I use a push notification for second authentication, I don't really need that user to send a second access-request. In fact, I just need to proxy the user to the push service for second authentication. So I am wondering if it is possible to launch second authentication after the LDAP authentication succeeded without user action, so without challenge answer.For example, is it possible to request a proxy server from the authenticate block, when ldap return ok ?

I did not find anything about two authentication that follow each other with a simple access-request.

I thank you in advance for your help,



More information about the Freeradius-Users mailing list