Skip to content

Sepiidae/duo_shibboleth

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
twofactor-login-handler
twofactor-login-handler
 
 
README.md
README.md
 
 

Repository files navigation

Overview

duo_shibboleth - Duo two-factor authentication components for Shibboleth

What is here:

  • twofactor-login-handler - Duo two-factor authentication login handler for Shibboleth 2

Installation:

* git pull https://github.com/sepiidae/duo_shibboleth.git duo_shibboleth
* cd twofactor-login-handler
* mvn package
* cp target/twofactor-login-handler-0.2.jar ~/$SHIB_INSTALLER/lib/
* cd $SHIB_INSTALLER

Add the following to $SHIB_INSTALLEr/src/main/webapp/WEB-INF/web.xml

TwoFactorRemoteLoginHandler edu.fau.shibboleth.idp.twofactor.TwoFactorRemoteUserAuthServlet authnMethod urn:fau.edu:ac:classes:PasswordProtectedTransport:duo 5 TwoFactorRemoteLoginHandler /Authn/DuoRemoteUser
  • Configure your RemoteUser service to protect /Authn/DuoRemoteUser

Example CAS: CAS Authentication Filter org.jasig.cas.client.authentication.AuthenticationFilter casServerLoginUrl https://sso.sepiidae.com/cas/login serverName idp.sepiidae.com

CAS Authentication Filter /Authn/RemoteUser CAS Authentication Filter /Authn/DuoRemoteUser CAS Validation Filter org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter casServerUrlPrefix https://sso.sepiidae.com/cas/login redirectAfterValidation true serverName idp.sepiidae.com CAS Validation Filter /Authn/RemoteUser CAS Validation Filter /Authn/DuoRemoteUser CAS HttpServletRequest Wrapper Filter org.jasig.cas.client.util.HttpServletRequestWrapperFilter CAS HttpServletRequest Wrapper Filter /Authn/RemoteUser CAS HttpServletRequest Wrapper Filter /Authn/DuoRemoteUser
  • Configure your login handlers ** This example configures Shibboleth to only respond to urn:fau.edu:ac:classes:PasswordProtectedTransport:duo authentication requests.

<ph:LoginHandler xsi:type="ph:RemoteUser"> ph:AuthenticationMethodurn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod> ph:AuthenticationMethodurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod> </ph:LoginHandler>

<ph:LoginHandler xsi:type="twofactor:TwoFactorLogin" remoteUser="true" authenticationServletURL="/Authn/DuoRemoteUser" skey="BJPmSeBFgcuIlZpkHRAwiZHVWxM5tTQUeAojrEZA" ikey="DIRQ0JX71OYE0YMI7SW7" akey="jdfjk3r8u9df39834289fd8vd89r8234ihdfhjdfsjh2r3jh23uidfuh32h2r3wea9032hj3c034fa2" host="api-3c034fa2.duosecurity.com"> ph:AuthenticationMethodurn:fau.edu:ac:classes:PasswordProtectedTransport:duo</ph:AuthenticationMethod> </ph:LoginHandler>

About

Duo two-factor authentication for Shibboleth

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Java 100.0%