All geek questions in one place

Apache Tomcat - two-factor authentication

I am trying to integrate a two-factor authentication solution with a mail server hosted on Apache Tomcat. The application currently uses forms-based authentication, and the user enters the username and password and authenticates with openLDAP as the back end.

We need the following:

1). User enters their Un and PWD
2). The request is "intercepted" and placed in "hold"
3). Once pwd (OTP) is generated and sent as SMS to the user.
4). The user sees a new page with an OTP input field.
5). User enters their OTP sent as SMS
6). OTP is checked, and if true, the "held" request in step "2" is redirected for further authentication

The problem is that I do not have access to the source code of the mail server application.

I can achieve something very similar in IIS (Microsoft) using the ISAPI filter, but you need to know how to achieve this in Apache?

I look at Valve / Filter and SAML lines, but I don’t know how and where to go.

+4
source share
2 answers

I contacted the guys from logintc for their two-factor credentials and decided to use my 2-factor using my applications. Check them out.

https://cloud.logintc.com

LoginTC platform services are free for less than 1000 users. So great.

I followed the instructions at this url: https://cloud.logintc.com/help/developers

Basically, I created an administrator account for my domain in the logintc cloud control panel. I then used server-side authentication instructions to enable my Apache site using the logintc button, and added a code snippet on my authentication page.

My users download the logintc application from the Appstore, Android or Blackberry trading platforms, I give them a verification code and create my credential token in the application using the PIN code (the same as in ATMs)

It takes only 1 hour to set up. My users are notified out of range to unlock their credentials with a PIN and bingo, they reach 2FA.

You have to check them out

+1
source

I would suggest using the old OpenSSO with Sun's OpenAM.

It has a filter / agent that can be deployed to apache. It has very good support for multi-factor authentication, including SMS authentication module.

0
source

Source: https://habr.com/ru/post/1446169/

More articles:


All Articles