how to implement 2-factor authentication in Horizon?

asked 2014-11-12 05:54:40 -0500

New-stack gravatar image

updated 2014-11-12 08:40:50 -0500

smaffulli gravatar image

hi people, somebody have experience about 2 factor authentication in horzion? I'm interesting to implement in my test environment...

some suggestion about how to start ? ^_^

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
2

answered 2014-11-12 13:35:29 -0500

updated 2014-11-12 13:37:32 -0500

You need to do this in keystone, since horizon doesn't maintain any user data. BTW you need keystone v3 to do this. V2 authentication is not pluggable

1) Add an auth plugin -- say OTP

2) Implement OTP functionality ( https://github.com/nathforge/pyotp )

3) Horizon needs to get username/pwd + otp value for login and pass it to keystone

4) Now your request to keystone will include 2 methods .

{ "auth": {
    "identity": {
      "methods": ["password" , "OTP"],
      "password": {
        "user": {
          "name": "admin",
          "domain": { "id": "default" },
          "password": "adminpwd"
        }
      },
      "OTP" : {
         "otp_value" : "342342343"
      }

    }
  }
}'

This should give you a rough idea

edit flag offensive delete link more
0

answered 2020-08-30 17:34:59 -0500

updated 2020-08-30 17:59:01 -0500

In addition to Haneef Ali's answer, those documentation might be of interest:

Time-based One-time Password (TOTP)

https://docs.openstack.org/keystone/l...

Multi-Factor Authentication (MFA)

https://docs.openstack.org/keystone/l...

Configuring MFA

https://docs.openstack.org/keystone/l...

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-11-12 05:54:40 -0500

Seen: 2,129 times

Last updated: Aug 30