Coder Social home page Coder Social logo

idp3-twofactor's Introduction

Overview

Two Factor authentication module example for Shibboleth IdP v3. The module doesn't do anything complex, just confront the token provided by the user during login with a constant token in the idp.properties configuration file.

This module is intended to show how the login process for Shibboleth could be modified to include custom modules during login.

Installation

The installation for this module goes as follows:

  1. copy all files in the IDP_HOME folder to your $IDP_HOME folder

  2. build the webapp so that the new jar developed will be added to the libraries for the webapplication by executing the command $IDP_HOME/bin/build.sh

  3. edit idp.properties located at $IDP_HOME/conf/idp.properties, adding the following to the bottom of the file:

    twofactor.token = 123456789

  4. edit conditions-flow.xml located at $IDP_HOME/flows/authn/conditions/conditions-flow.xml, adding the following to the top of the <action-state id="ValidateUsernamePassword"> section:

    <!-- Enable Two-Factor Authentication -->
<evaluate expression="ValidateUsernamePassword" />
<evaluate expression="'twofactor'" />
<transition on="twofactor" to="TwoFactorAuth" />
<!-- End Two-Factor Authentication -->

    also, add the following just before the closing </flow> tag:

    <subflow-state id="TwoFactorAuth" subflow="authn/twofactor">
    <input name="calledAsSubflow" value="true" />
    <transition on="proceed" to="proceed" />
</subflow-state>

  5. edit general-authn.xml located at $IDP_HOME/conf/authn/general-authn.xml to add the new authentication context for requesting a token:

    <bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
     p:passiveAuthenticationSupported="true"
     p:forcedAuthenticationSupported="true">
    <property name="supportedPrincipals">
        <list>
            <bean parent="shibboleth.SAML2AuthnContextClassRef"
                c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
            <bean parent="shibboleth.SAML2AuthnContextClassRef"
                c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
            <bean parent="shibboleth.SAML2AuthnContextClassRef"
                c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Token" />
            <bean parent="shibboleth.SAML1AuthenticationMethod"
                c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
        </list>
    </property>
</bean>

  6. restart your application server.

idp3-twofactor's People

Contributors

biancini avatar

Stargazers

Francesco Malvezzi avatar

Watchers

James Cloos avatar Chris Bahrami avatar avatar

Forkers

futureti splashx

idp3-twofactor's Issues

the plugin is broken?

The first password authentication part passes, however the next flow (twofactor-authn-flow.xml) fails.

Trackback from main idp process (debug mode):

2016-12-12 08:22:48,737 - ERROR [org.springframework.webflow.execution.ActionExecutionException:76] - 
org.springframework.webflow.execution.ActionExecutionException: Exception thrown executing [AnnotatedAction@3667f1d1 targetAction = [EvaluateAction@3bbfadd4 expression = T(it.reti.integrations.TwoFactorAuthentication).instance(environment.getProperty('twofactor.token', ''), usernamePasswordContext.getUsername()), resultExpression = flowScope.twofactor], attributes = map[[empty]]] in state 'null' of flow 'authn/twofactor' -- action execution attributes were 'map[[empty]]'
	at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:60)
Caused by: org.springframework.binding.expression.EvaluationException: An ELException occurred getting the value for expression 'T(it.reti.integrations.TwoFactorAuthentication).instance(environment.getProperty('twofactor.token', ''), usernamePasswordContext.getUsername())' on context [class org.springframework.webflow.engine.impl.RequestControlContextImpl]
	at org.springframework.binding.expression.spel.SpringELExpression.getValue(SpringELExpression.java:92)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1011E:(pos 48): Method call: Attempted to call method getUsername() on null context object
	at org.springframework.expression.spel.ast.MethodReference.throwIfNotNullSafe(MethodReference.java:144)

Environment:
Ubuntu 16.4
IdP version 3.3.0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.