Briefly, I want authentication system supports (username, password and optional otp), all these data are stored and managed in a database.
According to previous discussion here - since it was Jasig CAS, v3.5.x and v4.0.x - the solution was to customize a new credentials which supports OTP and then re-build all needed classes and components around it. With new version, I would like a general guidelines about the best way for doing this with, is it by: 1. as I did before, a custom authentication by extending one of the database handlers, 2. using two handlers, database and custom OTP supports the new `OneTimePasswordCredential` class, with suitable policy, 3. using two steps authentication, in the default login view: authenticates the username and password, if okay it presents custom view: authenticated the OTP if it's required. 4. or any other way you would prefer. Thanks in advance, Regards, On Tue, May 31, 2016 at 3:43 PM, Misagh Moayyed <[email protected]> wrote: > What is it that you’re trying to do? > > > > *From:* Nouman Fallouh [mailto:[email protected]] > *Sent:* Monday, May 30, 2016 3:19 AM > *To:* [email protected]; [email protected] > *Subject:* Re: Fwd: [cas-user] OTP MFA > > > > Hi, > > Where can I find a guided steps of using the > `RequiredHandlerAuthenticationPolicy`, > where as I read in the documentation that: > > > > This policy could be used to support a multi-factor authentication > situation, for example, where username/password authentication is required > but an additional OTP is optional. > > > > > > > > Or at least what are the CAS components I should use, work on or modify? > > > > Regards, > > > > On Wed, May 25, 2016 at 11:17 AM, Nouman Fallouh <[email protected]> > wrote: > > Thanks Jonathan, > > > > I've already worked around it by extending the UsernamePasswordCredential > and a related database authentication handler. > > Honestly, I'm looking for a solution using the CAS abilities without > external modules and with minimum core modifications. > > > > Regards, > > > > On Mon, May 23, 2016 at 8:46 PM, Jonathan Bell <[email protected]> wrote: > > Hi Nouman, > > We here at URQUi have adapted our OTP software for CAS. Information and > software can be found here: https://github.com/urqui/cas > > Feel free to contact me if you have any questions about CAS/OTP and URQUi. > > cheers > Jonathan. > > web: http://urqui.com/ > > > ---------- Forwarded message ---------- > From: *Nouman Fallouh* <[email protected]> > Date: Mon, May 23, 2016 at 4:01 AM > Subject: [cas-user] OTP MFA > To: [email protected] > > Hi > > I'm reading in here: > http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html > > the following lines: > > > > The kinds of required credentials are specified by naming the > authentication handlers that accept them, for example, ldapHandler and > > > > oneTimePasswordHandler. Thus a service could be registered that imposes > security constraints like the following: > > *Only permit users with SSO sessions created from both a username/password > and OTP token to access this service.* > > > > H > > ow can I find such > > > > oneTimePasswordHandler > > handler? or it's a one I should invent? > > > > Is there any guided steps of how I can apply such scenario? > > > > Regards, > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > > > > > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
