nemesifier
commented
2 years ago @mfoxworthy it's probable that you can implement that in your own project without touching OpenWISP Users.
Django, the framework OpenWISP is built with, has the concept of pluggable apps. Each OpenWISP Module is a django app.
We implemented SAML in OpenWISP RADIUS for allowing to authenticate in captive portals using SAML, in that case we had to write some code to make the integration between OpenWISP RADIUS and OpenWISP WiFi Login Pages to work, but if you need to allow users to authenticate and access the admin, most probably it's not needed to write code, infact I do have some deployments which implement SAML, Oauth or LDAP to allow administrators to log in with a pre-existing account which has 2FA enabled.
Just add the pluggable app of your choices to your project settings, follow its documentation, do the testing and refinement until you get it working.
okraits
mfoxworthy
My company is seriously looking at this as a potential configuration management platform and a huge consideration is security. We usually don't consider products that don't provide SAML or MFA. I love this platform so I want to see it be successful. This would be a huge feature.
I read about https://github.com/MicroPyramid/django-mfa
I am not a Django expert but I am willing to help integrate this is someone with a bit more experience will help me along.
Thanks.