Thanks Nick, I'm in different case of yours, will continue customizing the authentication handler and it's components.
Regards, On Wed, Jun 1, 2016 at 6:11 PM, Nick Owen <[email protected]> wrote: > Here's our doc on adding WiKID 2FA to CAS via radius: > > https://www.wikidsystems.com/support/how-to/configuring-cas-on-ubuntu-for-two-factor-and-mutual-htttps-authentication-with-wikid/ > . > It includes validating the SSL cert of the CAS server for the user. > > On Wed, Jun 1, 2016 at 6:37 AM, Dmitriy Kopylenko <[email protected]> > wrote: > > The following guide is for v5 which is not yet released: > > > http://apereo.github.io/cas/development/installation/Configuring-Multifactor-Authentication.html > > > > D. > > On Wed, Jun 1, 2016 at 06:25, Dmitriy Kopylenko <[email protected]> > > wrote: > > > > I'm afraid that v4 of CAS does not natively support multi phased > > authentication transactions for several different authentication factors. > > Upcoming v5 does. > > > > Best, > > D. > > > > On Wed, Jun 1, 2016 at 03:11, Nouman Fallouh <[email protected]> > wrote: > > > > Briefly, I want authentication system supports (username, password and > > optional otp), all these data are stored and managed in a database. > > > > According to previous discussion here - since it was Jasig CAS, v3.5.x > and > > v4.0.x - the solution was to customize a new credentials which supports > OTP > > and then re-build all needed classes and components around it. > > > > With new version, I would like a general guidelines about the best way > for > > doing this with, is it by: > > > > as I did before, a custom authentication by extending one of the database > > handlers, > > using two handlers, database and custom OTP supports the new > > `OneTimePasswordCredential` class, with suitable policy, > > using two steps authentication, in the default login view: authenticates > the > > username and password, if okay it presents custom view: authenticated the > > OTP if it's required. > > or any other way you would prefer. > > > > Thanks in advance, > > Regards, > > > > > > > > On Tue, May 31, 2016 at 3:43 PM, Misagh Moayyed <[email protected]> > wrote: > >> > >> What is it that you’re trying to do? > >> > >> From: Nouman Fallouh [mailto:[email protected]] > >> Sent: Monday, May 30, 2016 3:19 AM > >> To: [email protected]; [email protected] > >> Subject: Re: Fwd: [cas-user] OTP MFA > >> > >> Hi, > >> > >> Where can I find a guided steps of using the > >> `RequiredHandlerAuthenticationPolicy`, where as I read in the > documentation > >> that: > >> > >> This policy could be used to support a multi-factor authentication > >> situation, for example, where username/password authentication is > required > >> but an additional OTP is optional. > >> > >> Or at least what are the CAS components I should use, work on or modify? > >> > >> Regards, > >> > >> On Wed, May 25, 2016 at 11:17 AM, Nouman Fallouh <[email protected]> > >> wrote: > >> > >> Thanks Jonathan, > >> > >> I've already worked around it by extending the > UsernamePasswordCredential > >> and a related database authentication handler. > >> > >> Honestly, I'm looking for a solution using the CAS abilities without > >> external modules and with minimum core modifications. > >> > >> Regards, > >> > >> On Mon, May 23, 2016 at 8:46 PM, Jonathan Bell <[email protected]> wrote: > >> > >> Hi Nouman, > >> > >> We here at URQUi have adapted our OTP software for CAS. Information and > >> software can be found here: https://github.com/urqui/cas > >> > >> Feel free to contact me if you have any questions about CAS/OTP and > URQUi. > >> > >> cheers > >> Jonathan. > >> > >> web: http://urqui.com/ > >> > >> > >> ---------- Forwarded message ---------- > >> From: Nouman Fallouh <[email protected]> > >> Date: Mon, May 23, 2016 at 4:01 AM > >> Subject: [cas-user] OTP MFA > >> To: [email protected] > >> > >> Hi > >> > >> I'm reading in here: > >> > http://apereo.github.io/cas/4.2.x/installation/Configuring-Multifactor-Authentication.html > >> > >> the following lines: > >> > >> The kinds of required credentials are specified by naming the > >> authentication handlers that accept them, for example, ldapHandler and > >> > >> oneTimePasswordHandler. Thus a service could be registered that imposes > >> security constraints like the following: > >> > >> Only permit users with SSO sessions created from both a > username/password > >> and OTP token to access this service. > >> > >> H > >> > >> ow can I find such > >> > >> oneTimePasswordHandler > >> > >> handler? or it's a one I should invent? > >> > >> Is there any guided steps of how I can apply such scenario? > >> > >> Regards, > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "CAS Community" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> To post to this group, send email to [email protected]. > >> Visit this group at > >> https://groups.google.com/a/apereo.org/group/cas-user/. > >> To view this discussion on the web visit > >> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxb4w5T7oj%2Bism8GbDKET-omLRykDh3asjewdaWE3iGw8A%40mail.gmail.com > . > >> For more options, visit https://groups.google.com/a/apereo.org/d/optout > . > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "CAS Community" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> To post to this group, send email to [email protected]. > >> Visit this group at > >> https://groups.google.com/a/apereo.org/group/cas-user/. > >> To view this discussion on the web visit > >> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/029301d1bb3a%240addcb60%2420996220%24%40unicon.net > . > >> > >> For more options, visit https://groups.google.com/a/apereo.org/d/optout > . > > > > > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > > To view this discussion on the web visit > > > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxY3xNUAEPruoBUVkajuMS-5WbYm%3DWFvuZbRk0m7rjo8bw%40mail.gmail.com > . > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "CAS Community" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > To post to this group, send email to [email protected]. > > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > > To view this discussion on the web visit > > > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1464777467523-c4f2a988-6bf64042-bfe63ece%40unicon.net > . > > > > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > > -- > -- > Nick Owen > WiKID Systems, Inc. > http://www.wikidsystems.com > Commercial/Open Source Two-Factor Authentication > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAOEgFxYkLDR9PAQFnRncdhM-PFOgg__eAyKTF-YF670g08V%3Dew%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
