You need to do this in keystone, since horizon doesn't maintain any user data. BTW you need keystone v3 to do this. V2 authentication is not pluggable
1) Add an auth plugin -- say OTP
2) Implement OTP functionality ( https://github.com/nathforge/pyotp )
3) Horizon needs to get username/pwd + otp value for login and pass it to keystone
4) Now your request to keystone will include 2 methods .
{ "auth": {
"identity": {
"methods": ["password" , "OTP"],
"password": {
"user": {
"name": "admin",
"domain": { "id": "default" },
"password": "adminpwd"
}
},
"OTP" : {
"otp_value" : "342342343"
}
}
}
}'
This should give you a rough idea
In addition to Haneef Ali's answer, those documentation might be of interest:
Time-based One-time Password (TOTP)
https://docs.openstack.org/keystone/l...
Multi-Factor Authentication (MFA)
https://docs.openstack.org/keystone/l...
Configuring MFA
Asked: 2014-11-12 05:54:40 -0600
Seen: 2,346 times
Last updated: Aug 30 '20
