You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by an...@files.fm on 2017/04/03 15:37:09 UTC
two factor authentication
Hi,
Has anyone have some tips how to implement two factor authentication in
ACS 4.8.0?
I have looked at this:
https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-cloudstack-manager/
But it seems to bee for older version, I guess.
Also I have considered to change GUI, but I don't think that wold be a
good idea.
--
JA
Re: two factor authentication
Posted by "Jānis Andersons | Files.fm / Failiem.lv" <an...@files.fm>.
I tried that, but only thing is that users still can login using "local
login"
JA
On 06/04/2017 16:11, Simon Weller wrote:
> So, could you use the existing auth plugins and then use a broker such as keycloak to manage your dual factor?
>
> Here's a good article on the saml plugin:
> http://www.shapeblue.com/saml2-cloudstack/
>
> - Si
>
> Simon Weller/615-312-6068
>
> -----Original Message-----
> From: Jnis Andersons | Files.fm / Failiem.lv [andersons@files.fm]
> Received: Thursday, 06 Apr 2017, 8:06AM
> To: users@cloudstack.apache.org [users@cloudstack.apache.org]
> Subject: Re: two factor authentication
>
> Well its the only one that I could find in google. I wrote them an
> email, but haven't received any response .
> And it was compiled against libraries from CloudStack 3.0.2
>
> And there is no information about two factor authentication except WikID
> plugin.
>
> I looked around cloudstack code and found ../cloud.core.callbacks.js and
> as I understand I have to set global variable g_loginResponse to the
> JSON response.
> And then ../CloudStack.js will check the session, to bypass login screen.
> Will try this, but I doubt that I will get it to work.
>
> JA
>
> On 06/04/2017 15:27, Rafael Weingrtner wrote:
>> I have never heard of this plugin before. Have you tried to get some help
>> on that plugin community?
>> It does not say for which version of ACS it requires.
>>
>> Just for clarification, did you try to login before using the plugin? Did
>> it work?
>>
>>
>> On Thu, Apr 6, 2017 at 6:58 AM, Jnis Andersons | Files.fm / Failiem.lv <
>> andersons@files.fm> wrote:
>>
>>> As I didn't got any response and couldn't set up wikid for ACS 4.8.0 2fa,
>>> I figure out, that I can try to login with api, for example:
>>> (...8080/client/api.jsp), set session parameters, after everything is ok
>>> and redirect to ...8080/client/
>>>
>>> When login with API, I get response : "User: admin in domain 1 has
>>> successfully logged in" and after redirect all session parameters are still
>>> ok.
>>>
>>> But everithing fails on:
>>> ===START=== 192.168.0.252 -- GET command=listCapabilities&respo
>>> nse=json&_=1491408768692
>>> 2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
>>> (catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
>>> writing api response
>>>
>>> The same happens without redirecting and retrieving session parameters on
>>> 8080/client/index.jsp
>>>
>>> Still would appreciate any info about two factor authentication.
>>>
>>> JA
>>>
>>>
>>> On 03/04/2017 18:37, andersons@files.fm wrote:
>>>
>>>> Hi,
>>>>
>>>> Has anyone have some tips how to implement two factor authentication in
>>>> ACS 4.8.0?
>>>> I have looked at this: https://www.wikidsystems.com/s
>>>> upport/how-to/how-to-add-wikid-two-factor-authentication-to-
>>>> cloudstack-manager/
>>>> But it seems to bee for older version, I guess.
>>>> Also I have considered to change GUI, but I don't think that wold be a
>>>> good idea.
>>>>
>>>>
>
RE: two factor authentication
Posted by Simon Weller <sw...@ena.com>.
So, could you use the existing auth plugins and then use a broker such as keycloak to manage your dual factor?
Here's a good article on the saml plugin:
http://www.shapeblue.com/saml2-cloudstack/
- Si
Simon Weller/615-312-6068
-----Original Message-----
From: Jānis Andersons | Files.fm / Failiem.lv [andersons@files.fm]
Received: Thursday, 06 Apr 2017, 8:06AM
To: users@cloudstack.apache.org [users@cloudstack.apache.org]
Subject: Re: two factor authentication
Well its the only one that I could find in google. I wrote them an
email, but haven't received any response .
And it was compiled against libraries from CloudStack 3.0.2
And there is no information about two factor authentication except WikID
plugin.
I looked around cloudstack code and found ../cloud.core.callbacks.js and
as I understand I have to set global variable g_loginResponse to the
JSON response.
And then ../CloudStack.js will check the session, to bypass login screen.
Will try this, but I doubt that I will get it to work.
JA
On 06/04/2017 15:27, Rafael Weingärtner wrote:
> I have never heard of this plugin before. Have you tried to get some help
> on that plugin community?
> It does not say for which version of ACS it requires.
>
> Just for clarification, did you try to login before using the plugin? Did
> it work?
>
>
> On Thu, Apr 6, 2017 at 6:58 AM, Jānis Andersons | Files.fm / Failiem.lv <
> andersons@files.fm> wrote:
>
>> As I didn't got any response and couldn't set up wikid for ACS 4.8.0 2fa,
>> I figure out, that I can try to login with api, for example:
>> (...8080/client/api.jsp), set session parameters, after everything is ok
>> and redirect to ...8080/client/
>>
>> When login with API, I get response : "User: admin in domain 1 has
>> successfully logged in" and after redirect all session parameters are still
>> ok.
>>
>> But everithing fails on:
>> ===START=== 192.168.0.252 -- GET command=listCapabilities&respo
>> nse=json&_=1491408768692
>> 2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
>> (catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
>> writing api response
>>
>> The same happens without redirecting and retrieving session parameters on
>> 8080/client/index.jsp
>>
>> Still would appreciate any info about two factor authentication.
>>
>> JA
>>
>>
>> On 03/04/2017 18:37, andersons@files.fm wrote:
>>
>>> Hi,
>>>
>>> Has anyone have some tips how to implement two factor authentication in
>>> ACS 4.8.0?
>>> I have looked at this: https://www.wikidsystems.com/s
>>> upport/how-to/how-to-add-wikid-two-factor-authentication-to-
>>> cloudstack-manager/
>>> But it seems to bee for older version, I guess.
>>> Also I have considered to change GUI, but I don't think that wold be a
>>> good idea.
>>>
>>>
>
Re: two factor authentication
Posted by "Jānis Andersons | Files.fm / Failiem.lv" <an...@files.fm>.
Well its the only one that I could find in google. I wrote them an
email, but haven't received any response .
And it was compiled against libraries from CloudStack 3.0.2
And there is no information about two factor authentication except WikID
plugin.
I looked around cloudstack code and found ../cloud.core.callbacks.js and
as I understand I have to set global variable g_loginResponse to the
JSON response.
And then ../CloudStack.js will check the session, to bypass login screen.
Will try this, but I doubt that I will get it to work.
JA
On 06/04/2017 15:27, Rafael Weing�rtner wrote:
> I have never heard of this plugin before. Have you tried to get some help
> on that plugin community?
> It does not say for which version of ACS it requires.
>
> Just for clarification, did you try to login before using the plugin? Did
> it work?
>
>
> On Thu, Apr 6, 2017 at 6:58 AM, J\u0101nis Andersons | Files.fm / Failiem.lv <
> andersons@files.fm> wrote:
>
>> As I didn't got any response and couldn't set up wikid for ACS 4.8.0 2fa,
>> I figure out, that I can try to login with api, for example:
>> (...8080/client/api.jsp), set session parameters, after everything is ok
>> and redirect to ...8080/client/
>>
>> When login with API, I get response : "User: admin in domain 1 has
>> successfully logged in" and after redirect all session parameters are still
>> ok.
>>
>> But everithing fails on:
>> ===START=== 192.168.0.252 -- GET command=listCapabilities&respo
>> nse=json&_=1491408768692
>> 2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
>> (catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
>> writing api response
>>
>> The same happens without redirecting and retrieving session parameters on
>> 8080/client/index.jsp
>>
>> Still would appreciate any info about two factor authentication.
>>
>> JA
>>
>>
>> On 03/04/2017 18:37, andersons@files.fm wrote:
>>
>>> Hi,
>>>
>>> Has anyone have some tips how to implement two factor authentication in
>>> ACS 4.8.0?
>>> I have looked at this: https://www.wikidsystems.com/s
>>> upport/how-to/how-to-add-wikid-two-factor-authentication-to-
>>> cloudstack-manager/
>>> But it seems to bee for older version, I guess.
>>> Also I have considered to change GUI, but I don't think that wold be a
>>> good idea.
>>>
>>>
>
Re: two factor authentication
Posted by Rafael Weingärtner <ra...@gmail.com>.
I have never heard of this plugin before. Have you tried to get some help
on that plugin community?
It does not say for which version of ACS it requires.
Just for clarification, did you try to login before using the plugin? Did
it work?
On Thu, Apr 6, 2017 at 6:58 AM, Jānis Andersons | Files.fm / Failiem.lv <
andersons@files.fm> wrote:
> As I didn't got any response and couldn't set up wikid for ACS 4.8.0 2fa,
> I figure out, that I can try to login with api, for example:
> (...8080/client/api.jsp), set session parameters, after everything is ok
> and redirect to ...8080/client/
>
> When login with API, I get response : "User: admin in domain 1 has
> successfully logged in" and after redirect all session parameters are still
> ok.
>
> But everithing fails on:
> ===START=== 192.168.0.252 -- GET command=listCapabilities&respo
> nse=json&_=1491408768692
> 2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
> (catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
> writing api response
>
> The same happens without redirecting and retrieving session parameters on
> 8080/client/index.jsp
>
> Still would appreciate any info about two factor authentication.
>
> JA
>
>
> On 03/04/2017 18:37, andersons@files.fm wrote:
>
>> Hi,
>>
>> Has anyone have some tips how to implement two factor authentication in
>> ACS 4.8.0?
>> I have looked at this: https://www.wikidsystems.com/s
>> upport/how-to/how-to-add-wikid-two-factor-authentication-to-
>> cloudstack-manager/
>> But it seems to bee for older version, I guess.
>> Also I have considered to change GUI, but I don't think that wold be a
>> good idea.
>>
>>
>
--
Rafael Weingärtner
Re: two factor authentication
Posted by "Jānis Andersons | Files.fm / Failiem.lv" <an...@files.fm>.
As I didn't got any response and couldn't set up wikid for ACS 4.8.0
2fa, I figure out, that I can try to login with api, for example:
(...8080/client/api.jsp), set session parameters, after everything is ok
and redirect to ...8080/client/
When login with API, I get response : "User: admin in domain 1 has
successfully logged in" and after redirect all session parameters are
still ok.
But everithing fails on:
===START=== 192.168.0.252 -- GET
command=listCapabilities&response=json&_=1491408768692
2017-04-05 19:12:43,686 ERROR [c.c.a.ApiServlet]
(catalina-exec-15:ctx-6d580ae4) (logid:d7f0e94b) unknown exception
writing api response
The same happens without redirecting and retrieving session parameters
on 8080/client/index.jsp
Still would appreciate any info about two factor authentication.
JA
On 03/04/2017 18:37, andersons@files.fm wrote:
> Hi,
>
> Has anyone have some tips how to implement two factor authentication
> in ACS 4.8.0?
> I have looked at this:
> https://www.wikidsystems.com/support/how-to/how-to-add-wikid-two-factor-authentication-to-cloudstack-manager/
>
> But it seems to bee for older version, I guess.
> Also I have considered to change GUI, but I don't think that wold be a
> good idea.
>