Hey Andrew, You mentioned it in one of your blog posts ( http://bogott.net/unspecified/?p=2344) the Keystone team recently added TOTP auth support for users that exist in an SQL backend. You can read the initial specification here: http://specs.openstack.org/openstack/keystone-specs/specs/mitaka/totp-auth.html and the documentation: http://docs.openstack.org/developer/keystone/auth-totp.html TOTP auth will be available in Mitaka and we plan on building on it for the Newton release for better 2FA. I assume some of the work you did and our current TOTP auth likely overlaps, the horizon support may still be very useful. stevemar From: Andrew Bogott <abogott at wikimedia.org> To: openstack at lists.openstack.org Date: 2016/03/07 03:28 AM Subject: Re: [Openstack] Horizon with 2fa? For future googlers: We wrote an hotp keystone plugin and I hacked up support for a third field in the Horizon login screen. Details and code for the keystone plugin are here: http://bogott.net/unspecified/?p=2344 And, for the Horizon interface changes, here: http://bogott.net/unspecified/?p=2356 All are welcome to reuse our code; I'm also happy to hear from anyone about how I should have done it instead. -Andrew On 2/29/16 10:23 AM, Andrew Bogott wrote: > I require two-factor authentication for users who have permissions > to create and delete instances in Nova. Since we're in the process of > migrating from our custom webUI to Horizon, I need to add an > additional field (totp token) to the Horizon login screen and get that > value passed to keystone. > > It should be a fairly straightforward hack -- but, before I dive > in, I'm thinking that surely I'm not the first person to need this. > Can anyone who has already implemented 2fa in Horizon give me a few > pointers, or tell me what approach you took? > > Thanks! > > -Andrew _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack at lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160307/1957e945/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: graycol.gif Type: image/gif Size: 105 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160307/1957e945/attachment.gif>
