ESUP-OTP: an open source multi-factor authentication provider for CAS (Lightning talk at Open Apereo 2021 ) [23 février 2022]

 Description

Out of the box, Apereo CAS supports several multifactor authentication (MFA) providers : Duo Security, Twilio Authy, Acceptto, YubiKey, WiKID, FIDO, Swivel Secure, Google Authenticator, ... Most of them are not open-source, are expensive (fee per user and per month) and are not self-hosted.

The ESUP-Portail consortium proposes an alternative named ESUP-OTP which implements several methods for generating single-use passwords: SMS, Time-based One-Time Password (TOTP), random code list, mobile push notifications and use of NFC tag. ESUP-OTP is fully open source (MIT License) and free.

This project consists of 4 applications:
> esup-otp-api: a restful api to generate, send and verify one-time codes.
> esup-otp-manager: the web user interface to manage esup-otp-api. It allows end-users to edit their authentication preferences and admins to configure the platform, assist users having lost/forgotten their mobile phone and provide them an emergency access code, etc.
> esup-otp-cas: the module to be embedded in CAS to make esup-OTP MFA work with CAS.
> esup-otp-push: a mobile application used as an additional authentication factor using push notifications. This application is known as Esup-Auth on Google Play Store and will soon be available on the AppStore for iOS devices. All the source code can be found on the Esup-Portail's Github repository.

In this Lightning Talk, we will try to convince you that ESUP-OTP is a(n) (in)credible open source alternative for doing MFA with the Apereo CAS project!

Mots clés : 2021 21 android apereo application authentication cas conference esup-otp ios lightning lightning talk mfa mobile multi-factor oa21 open open apereo otp presentation talk

 Informations

 Téléchargements

 Intégrer/Partager

Réseaux sociaux

 Options
Cocher cette case pour lancer la lecture automatiquement.
Cocher cette case pour lire la vidéo en boucle.
Cocher la case pour indiquer le début de lecture souhaité.
 Intégrer dans une page web
 Partager le lien
qrcode

Commentaires