Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alternate login methods #1745

Open
MisterTechnik opened this issue Sep 15, 2020 · 8 comments
Open

Alternate login methods #1745

MisterTechnik opened this issue Sep 15, 2020 · 8 comments

Comments

@MisterTechnik
Copy link

What about adding alternate options to log into your account, like USB Security Keys or using some third-party apps that support the use of your phone / iPad / NoteBook to let you into your account (e.g. The Google thing where you get a window on your phone to press "yes, it's me", some other also support similar, DUO Mobile maybe, I'm not quite sure)

@krono
Copy link

krono commented Oct 26, 2020

I second this.

This is especially useful for First- and Second-graders, who will very likely not be able to remember Both Username and Password.

@JustusFluegel
Copy link

JustusFluegel commented Dec 15, 2020

maybe something like webauthn or u2f?

Webauthn would support for example windows hello facial recognition or fingerprint sensors ( trough windows hello ).

I am currently in 10th grade and I would really like to secure my account using a second factor ( my Yubikey 5 NFC ).
Maybe I can create a PR for that if that would be appreciated.

@janrenz
Copy link
Contributor

janrenz commented Jan 17, 2021

Hi, I would fully support different login methods and would be happy to help on any community contribution here and support you on a PR.
However from the strategic side we engage the federal States to have centralized IDMs systems like we do have in Thueringa, so all login related stuff should be part of these IDMs and not of the Schul-Cloud in the midterm.

@krono
Copy link

krono commented Jan 17, 2021

Makes a lot of sense.
I hope you all got some advisoral influence there :)

@krono
Copy link

krono commented Jan 17, 2022

sad this is closed without comment :(

@MLuderich
Copy link

Since this issue was quite old and sort of had an culmination, I figured it could be closed. I can give an update on our plans in this regard though and then we'll see, if it should be kept open.

For 3 of our 5 instances, we have (Thuringia, Brandenburg) or will have (Lower Saxony) a state-wide IDM solution that takes care of of authentication. Mid-term this will be oAuth2/OIDC for all of them. Currently, Thuringia (CAS) and Brandenburg (LDAP-S) use other protocols. Users on these instances will completely depend on the login solutions provided by these systems.

For the other two instances, we are in the process of building an IDM solution based on an off-the-shelf Keycloak with a user management with user/role/group service on top. We will check which login solutions Keycloak allows for. We certainly want to implement 2FA and I would be open to discuss this with the community once we are at a stage to share.

I for now will keep the issue open. Please let me know if this is wanted.

@MLuderich MLuderich reopened this Jan 17, 2022
@krono
Copy link

krono commented Jan 17, 2022

Thanks, @MLuderich, this explanation makes sense.

Looking forward to a solution, (preferable sth. Yubikey), but whatever works) :)

@Loki-Afro
Copy link
Member

@krono although not impossible webauthn, and therefore yubikey and similar are not currently developed.
however can be done using keycloak https://keycloak.ch/keycloak-tutorials/tutorial-webauthn/ however we are still far off.
https://github.com/hpi-schul-cloud/erwin-idm that would be the future repo for this kinda request btw.

in the meantime .. what i am doing is using pass, password manager that encrypts the secrets using gpg, my gpg private key is on my yubikey (you can find dozens of tutorials for that nowadays)
although not the same and definitely not for everyone, but gives great flexibility

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants