[cf-dev] Write custom MFA connector/provider

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Write custom MFA connector/provider

Rashmi Singh
Hello,
I was looking at the MFA Providers and it looks like currently only Google authenticator is supported. I need an MFA support but not Google authenticator. Is it possible to write a custom authenticator /MFA connector on UAA that we can then integrate with our TokenValidator? We have our own Authentication server that supports different types of authentication like OTP, grid based, etc and we would like to integrate UAA with that. What would be preferred is that we do the normal username/password authentication on UAA and then for the second factor, instead of using Google Authenticator, we have our custom provider/connector that we can integrate with our token validator/server for authentication. Is it possible to make changes in the UAA code and write a provider to achieve this?
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8196) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Write custom MFA connector/provider

Sree Tummidi
Hi Rashmi,

We only have support for google authenticator at this time. The best way to integrate an existing MFA to UAA is through federation like SAML/OIDC. In this case the entire auth flow is delegated to the external provider.


Thanks,
Sree Tummidi
Sr. Manager, Product Management
Pivotal Cloud Foundry


On Thu, Jul 26, 2018 at 1:44 PM, Rashmi Singh <[hidden email]> wrote:
Hello,
I was looking at the MFA Providers and it looks like currently only Google authenticator is supported. I need an MFA support but not Google authenticator. Is it possible to write a custom authenticator /MFA connector on UAA that we can then integrate with our TokenValidator? We have our own Authentication server that supports different types of authentication like OTP, grid based, etc and we would like to integrate UAA with that. What would be preferred is that we do the normal username/password authentication on UAA and then for the second factor, instead of using Google Authenticator, we have our custom provider/connector that we can integrate with our token validator/server for authentication. Is it possible to make changes in the UAA code and write a provider to achieve this?


_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#8197) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Your Subscription | [hidden email] | Unsubscribe [[hidden email]]

_._,_._,_