IdentityServer / IdentityServer2

[deprecated] Thinktecture IdentityServer is a light-weight security token service built with .NET 4.5, MVC 4, Web API and WCF.
Other
409 stars 291 forks source link

RSA Multi Factor Authentication #809

Closed kiernoz closed 10 years ago

kiernoz commented 10 years ago

This is a very generic question (and probably more related to ADFS) but I was hoping that maybe you came across something similar in the past. Basically I have Active Directory and Identity Server setup as "Claims Trust Providers" in ADFS v3.0. Everything works fine.

I have enabled "Multi-Factor Authentication" on ADFS using RSA SecurID Authentication. When I log in to ADFS using Active Directory account, I am redirected to a page asking for PIN after successful login. However when I log in using Identity Server account, I am just redirected back to relying party and no PIN is required. Any suggestions are greatly appreciated.

brockallen commented 10 years ago

The 2fa is a function of the identity provider. If you want 2fa in IdentityServer it is customizable.

kiernoz commented 10 years ago

Brock,

I was under the impression that ADFS 3.0 allows for configuring Multi-Factor provider outside of identity provider:

http://blogs.msdn.com/b/ramical/archive/2014/01/30/under-the-hood-tour-on-multi-factor-authentication-in-ad-fs-part-1-policy.aspx

brockallen commented 10 years ago

Not sure -- you'd have to contact Microsoft or ask on the ADFS support forums.

kiernoz commented 10 years ago

Brock,

Thanks for such a quick response. You mentioned that Identity Server can be customized to support 2-factor authentication. Do you have any references on how to do that?

Regards, Kamil

brockallen commented 10 years ago

Not for IdentityServer v2. We're working on IdentityServer v3 and we have a better extensibility model in the new version (with many samples).

kiernoz commented 10 years ago

I see. Thanks again for all your help!

vdeshpande123 commented 9 years ago

Is Multi Factor Authentication supported in IdentityServer v3? If so can you point me to API documentation or a sample?

brockallen commented 9 years ago

It's possible via a custom user service. See the docs over in that repo.

vdeshpande123 commented 9 years ago

I looked into the docs of custom user service and it appears that this can be achieved using partial login. Is that what you meant? On Dec 30, 2014 10:37 PM, Brock Allen notifications@github.com wrote:It's possible via a custom user service. See the docs over in that repo.

—Reply to this email directly or view it on GitHub.

brockallen commented 9 years ago

Wrong repo for this question.