Multi-factor Login Handler for Shibboleth IdP.
Clone or download
klali Merge pull request #2 from peter-/master
Update documentation URLs and versions tested
Latest commit 95a248c Jan 17, 2014
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.settings init, break out from previous patch to Shibboleth IdP. Feb 4, 2011
examples
src/main
.classpath init, break out from previous patch to Shibboleth IdP. Feb 4, 2011
.gitignore init, break out from previous patch to Shibboleth IdP. Feb 4, 2011
.project
LICENSE.txt init, break out from previous patch to Shibboleth IdP. Feb 4, 2011
NOTICE
README
pom.xml Update pom.xml to work with changed shibboleth URLs and IdP version b… Jan 15, 2014

README

MultiFactor Login Handler for use with the Shibboleth IdP.

See https://wiki.shibboleth.net/confluence/display/SHIB2/Multi+Factor+Login+Handler
( or https://wiki.shibboleth.net/confluence/x/aYBC ) for installation instructions.

This version has been successfully tested with Shibboleth IdP versions 2.2.1
and 2.4.0, using the JAAS modules from yubico-validation-client 2.0.2-SNAPSHOT.

What is special with this Login Handler? Two things :

  1) It collects multiple authentication factors from the login servlet.

     Besides the j_username and j_password collected by the regular
     UsernamePassword login handler, we also collect
     j_tokens[0] .. j_tokens[n].

     See MultiFactorAuthLoginServlet.service().

  2) We convey all these collected factors to JAAS modules by calling the
     JAAS modules PasswordCallback.setPassword() muliple times, with
     j_password coming last (to provide some compatibility with single-
     factor JAAS modules).

     If the JAAS module wants to get more than the first factor, it must
     pass us a PasswordCallback capable of accumulating factors in
     setPassword().

     See MultiAuthCallbackHandler.handle().

See com.yubico.jaas.MultiValuePasswordCallback for an example of a multi-
factor capable PasswordCallback.

Currently known Multi Factor JAAS modules :

  com.yubico.jaas.YubikeyLoginModule	  for YubiKey OTPs
  com.yubico.jaas.HttpOathOtpLoginModule  for OATH token validations