Duo Security Integration #70
Conversation
|
Hi Mark, Thanks for this request. I need to think about what is the best way for our users to use Duo Security though... are you on the dradis-devel mailing list? Regards, |
|
I am now :) |
|
Mark, Sorry this is taking a bit longer than usual. As you know (from dradis-devel) we need to figure out the best way to split our plugins into gems. I believe that the duosecurity would be an ideal candidate for this type of gemified plugin architecture. There is some work on this front on the dradis 3.x branch. Will keep you posted when we're ready to integrate. |
|
Fair enough! Thanks for keeping me updated and looking forward to helping out when ready. |
|
Should we close this down :)? Did you ever end up building in an authentication framework that I could leverage to build this in more elegantly? |
|
Hey Mark, I don't think we should. It is a nice reminder that there is work to be done. We definitely don't have a 'pluggable authentication' architecture yet, but we've made some progress on the 3.x branch. All the old authentication bits and pieces are under core/ and will end up in the dradis-core gem. But we could extract the authentication components into a separate gem and create a dradis-auth-forms one and a dradis-auth-duo one. But there is work to be done in terms of allowing that flexibility. I'm not sure if you have the bandwidth or would be interested in working on that sort of thing... Otherwise we can leave this open until the day we have the pluggable authentication sorted and then we can review what needs to happen in order to integrate with duo. Sorry for the delay in getting back to you! |
|
I'm all for it! I'm over at Duo Security now so I have a new vested interest, haha. Let us know how we can help and we'll wait for any updates! Thanks! |
|
I'm not sure what would be the best way forward. Are you in dradis-devel? Maybe we should take it there. I think that we may be able to draw some inspiration from the architecture of other projects: But I really don't know for sure. We'd need create hooks into the session controllers, figure out a way to provide a consistent authentication experience both through Duo and through the forms-based module, etc. |
|
I just added myself to the list. I guess my question would hinge on: how extensible do you want this to be? Also, do you want to do this for the entirety of the authentication system or just to allow for secondary factor authentication? |
|
lol |
Provides Duo Security functionality into Dradis which provides additional user authentication in addition to the shared password. Was written with the intention that it only be enabled if the user configures config/duo.yml parameters, otherwise it sits dormant.
Part #1 - Regular password authentication -> http://imgur.com/0Tw0q
Part #2 - Prompt for Duo Security desired method of 2nd factor -> http://imgur.com/NrY9y
Part #3 - Confirmation (after authenticating to Duo via Push App) -> http://imgur.com/bHbDu
Part #4 - Editing Dradis, showing my username as logged-in -> http://imgur.com/n166s
More about Duo Security can be found at http://www.duosecurity.com/ ; account is free for up to 10 users. Not sure this is something you guys want to have directly implemented, but works for some of us desiring a more robust authentication mechanism. Cheers!