DUO as 2FA Solution for GeoMapFish

[ponceta]

Who requested this new feature?

Ville de Pully @ponceta

Is your feature request related to a problem?

Yes (maintenance issue if the DUO support remains as a code extension as it is yet)

Describe the solution you'd like

Support DUO as 2FA Solution for GeoMapFish

Additional information or points to watch out for

EDIT 27.10.2022: Requires technical functionality "pluggable authentication"

Pully and Yverdon financed 2FA for GeoMapFish in version 2.5. Generic 2FA Authentication was developed and integrated to GeoMapFish

Due to technical reasons, it seems that the 2FA support using DUO was never integrated : https://github.com/camptocamp/demo_geomapfish/pull/115/files /!\This is an old Pull request, several changes have been added to fix some issues do not base any integration on it /!\

It is therefore used as a custom code extension and not maintained on the project level.

About DUO

DUO is a professional solution for second factor authentication (2FA) https://guide.duo.com/

How it works :

1. The user enters its GeoMapFish username and password
2. The user is prompt to have either a push request or an sms to his mobile
3. The user confirm its authentication on his mobile by push or entering the sms code

Option : On declared secured networks or for specific user groups, this 2FA authentication can be bypassed if needed.

[ponceta]

Ping @monodo if you have any comments or suggestion to this functionnality.