4

I am trying to integrate a two factor authentication solution with a mail server that is hosted on Apache Tomcat. Right now the app is using form based authentication and the user enters his user name and password and is authenticated against openLDAP as back end.

What we want is the following -

1). User enters his Un and PWD
2). The request is "intercepted" and put on "hold"
3). A one time pwd (OTP) is generated and sent as SMS to the user.
4). The user sees a new page with a box to enter that OTP.
5). The user enters his/her OTP sent as SMS
6). The OTP is verified and if true the "held" request in step "2" is forwarded for further authentication

The trouble is that I have no access to source code of the mail server app.

I can achieve something very similar in IIS(Microsoft) using an ISAPI filter, but need to know how to achieve this in Apache?

I am looking on the lines of Valve/Filter and SAML, but have no clue how and where to progress.

Adinia
  • 3,722
  • 5
  • 40
  • 58
user1826116
  • 405
  • 1
  • 5
  • 15

2 Answers2

1

I contacted the logintc guys for their 2-factor credential and resolved my 2-factor using their apps. Check them out.

https://cloud.logintc.com

The LoginTC platform services are free for under 1,000 users. So that's great.

I followed the instructions from this URL: https://cloud.logintc.com/help/developers

Basically, I created an admin account for my domain in the logintc cloud control panel. Then I used the Server-Side Authentication instructions to enable my Apache website with the logintc button, and added the code snippet in my authentication page.

My users download the logintc app from Appstore, Android or Blackberry marketplaces, I issue them a Confirmation Code and they create their credential token in the app with a PIN (same as ATM cards)

The whole thing takes less than 1 hour to configure. My users get an out-of-band notification to unlock their credential with the PIN, and bingo, they achieve 2FA.

You must check them out

Community
  • 1
  • 1
Joe Chandlerey
  • 11
  • 1
  • 1
    Any chance you can provide a couple examples of how you resolved your issue, just for the sake of having it for reference should the link you provided ever go down? – chris Nov 16 '12 at 21:51
0

I would suggest using OpenAM former OpenSSO from Sun

It has a filter/agent that can be deployed on apache And it has very good support for multi-factor authentication including SMS authentication module.

Stefan Rasmusson
  • 5,445
  • 3
  • 21
  • 48