Feature #22627
open
Support 2FA in Foreman web UI
Updated by Ondřej Pražák almost 7 years ago
- Subject changed from Support 2FA in Foreman web UI to Support 2FA in Foreman web UI
- Category set to Authentication
- Priority changed from High to Normal
Updated by Marek Hulán almost 7 years ago
Isn't this already possible through FreeIPA? If you configure FreeIPA as external authentication, you use FreeIPA 2FA there. See https://www.theforeman.org/manuals/1.16/index.html#5.7ExternalAuthentication for more details. I think we shouldn't implement the solution as part of Foreman codebase
Updated by Ondřej Pražák almost 7 years ago
If this is possible with FreeIPA, then I think we can close.
Updated by Kodiak Firesmith over 6 years ago
Ondřej Pražák wrote:
If this is possible with FreeIPA, then I think we can close.
Hello! I'm piling onto this 2FA RFE as a Satellite 6.3 customer to say that FreeIPA cannot always be counted on as a solution for bringing 2FA into Satellite.
US GOVT DFARS requirements require putting services like Satellite into 2FA authentication, and for that we need to use existing tools (Duo, RADIUS) which is integrated with our Active Directory infra. We do not have the option of deploying FreeIPA.
Updated by Marek Hulán over 6 years ago
- Triaged set to No
If this is configurable in active directory, could you use transparently active directory as Foreman LDAP auth source? Or you could configure Apache module to take care of $authentication and set REMOTE_USER, then just use external auth source for users. Would that help?
Updated by Steve Vogt over 4 years ago
I have to echo Kodiak's sentiments. 2FA is essential to using Foreman in many environments. I don't think it is right to assume users are using ipa and it doesn't seem like it would be that hard to implement something like radius