Feature #22627
open
Support 2FA in Foreman web UI
Added by Ondřej Pražák almost 7 years ago.
Updated over 4 years ago.
Description
Description of problem:
This is a request for supporting two-factor authentication in web UI. There is #8852 for API and #8016 for hammer, but UI has been left out.
- Subject changed from Support 2FA in Foreman web UI
to Support 2FA in Foreman web UI
- Category set to Authentication
- Priority changed from High to Normal
If this is possible with FreeIPA, then I think we can close.
Ondřej Pražák wrote:
If this is possible with FreeIPA, then I think we can close.
Hello! I'm piling onto this 2FA RFE as a Satellite 6.3 customer to say that FreeIPA cannot always be counted on as a solution for bringing 2FA into Satellite.
US GOVT DFARS requirements require putting services like Satellite into 2FA authentication, and for that we need to use existing tools (Duo, RADIUS) which is integrated with our Active Directory infra. We do not have the option of deploying FreeIPA.
If this is configurable in active directory, could you use transparently active directory as Foreman LDAP auth source? Or you could configure Apache module to take care of $authentication and set REMOTE_USER, then just use external auth source for users. Would that help?
I have to echo Kodiak's sentiments. 2FA is essential to using Foreman in many environments. I don't think it is right to assume users are using ipa and it doesn't seem like it would be that hard to implement something like radius
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by