This system is a free and open source two factor implementation. It will go live at Penn in summer 2013.
It is a generic architecture based on the OATH time-based or sequential (TOTP or HOTP) OATH open algorithm. This gives users the choice of using free smart-phone applications like Google Authenticator (which has no dependencies on Google services), or hardward tokens like yubikey, safeid, etc.
The parts of the project are:
Two Factor Web Service: this is integrated from the authentication system to check two factor codes from users.
Two Factor UI: allows end users to optin, manage their two factor secret and devices, print out scratch codes (if their phone isnt available), get a text of voice call of a temporary code (if their phone isnt available), opt out a colleague who has delegated that authority to them (if they are having problems), see audits, etc. There is also an admin console so administrators can manage users.
Two Factor Client: Java library and command line utility for checking codes (uses the web service)
PAM: Pluggable authentication module to integrate two factor on *nix servers
Cosign integration: in the cosign base integrates cosign authentication server with Open Two Factor
Has features such as "trusted browser" so the user does not have to enter their code as often.
Initial Committers
mchyzer
Technology Overview
Java. Rest JSON/XML web services. J2EE UI, DOJO components, jquery, hibernate, jakarta, etc. Some code is leveraged from the Grouper project. The WS and UI are in a java webapp. The database can be Oracle, Mysql, or Postgres.
Community Description
University of Pennsylvania
JASIG Relationships
Can be easily integrated with CAS
Benefits to Higher Education
Multi-factor authentication stengthens credentials and prevents security breaches. This free system will be easy to install, customize and administer.
References
The main doc page isnt public right now, but here are some videos...
http://www.youtube.com/watch?v=radVQr-Cbdc
http://www.youtube.com/watch?v=imPTIBcW0gU
http://www.youtube.com/watch?v=SRWj9U_nGTs
http://www.youtube.com/watch?v=0LOTu5jylwg
Activity
Show:
SusanBramhall
October 8, 2013 at 2:31 PM
Apereo will talk to Chris about how to proceed with incubation.
This system is a free and open source two factor implementation. It will go live at Penn in summer 2013.
It is a generic architecture based on the OATH time-based or sequential (TOTP or HOTP) OATH open algorithm. This gives users the choice of using free smart-phone applications like Google Authenticator (which has no dependencies on Google services), or hardward tokens like yubikey, safeid, etc.
The parts of the project are:
Two Factor Web Service: this is integrated from the authentication system to check two factor codes from users.
Two Factor UI: allows end users to optin, manage their two factor secret and devices, print out scratch codes (if their phone isnt available), get a text of voice call of a temporary code (if their phone isnt available), opt out a colleague who has delegated that authority to them (if they are having problems), see audits, etc. There is also an admin console so administrators can manage users.
Two Factor Client: Java library and command line utility for checking codes (uses the web service)
PAM: Pluggable authentication module to integrate two factor on *nix servers
Cosign integration: in the cosign base integrates cosign authentication server with Open Two Factor
Has features such as "trusted browser" so the user does not have to enter their code as often.