N Factor Authentication in Openstack

asked 2015-12-10 18:04:51 -0600

I am researching whether it is possible to inject more layers of security into Openstack. The end result should be any number of authentication layers (configurable) between the user and accessing the Horizon dashboard. I am very new to Openstack so I wanted to ask if this is possible, and if so, how to go about it. Here is something I have tried:

  • Making a custom plugin under keystone.auth.plugins.customAuth.CustomAuth and enabling that method in the Keystone configuration. I was able to copy and paste the code from the password auth plugin, change a few lines, and verify it worked. I am unsure how to string together authentication plugins in keystone such after it is done with customAuth, it will redirect to another page and apply customAuth2.

In the end, I think if I can intercept the redirect to the horizon dashboard and redirect to another page instead that would satisfy my requirements. Are there any good sources of information for how to do this?

edit retag flag offensive close merge delete