Affordable Access

Access to the full text

Multi-factor authentication for shibboleth identity providers

Authors
  • Ribeiro de Mello, Emerson1
  • Silva Wangham, Michelle2
  • Bristot Loli, Samuel1
  • da Silva, Carlos Eduardo3
  • Cavalcanti da Silva, Gabriela4
  • de Chaves, Shirlei Aparecida1
  • Bristot Loli, Bruno1
  • 1 Federal Institute of Santa Catarina (IFSC), São José, SC, Brazil , São José (Brazil)
  • 2 University of Vale do Itajaí (UNIVALI), São José, SC, Brazil , São José (Brazil)
  • 3 Sheffield Hallam University (SHU), Sheffield, UK , Sheffield (United Kingdom)
  • 4 Federal University of Rio Grande do Norte (UFRN), Natal, RN, Brazil , Natal (Brazil)
Type
Published Article
Journal
Journal of Internet Services and Applications
Publisher
Springer London
Publication Date
Dec 02, 2020
Volume
11
Issue
1
Identifiers
DOI: 10.1186/s13174-020-00128-1
Source
Springer Nature
Keywords
License
Green

Abstract

The federated identity model provides a solution for user authentication across multiple administrative domains. The academic federations, such as the Brazilian federation, are examples of this model in practice. The majority of institutions that participate in academic federations employ password-based authentication for their users, with an attacker only needing to find out one password in order to personify the user in all federated service providers. Multi-factor authentication emerges as a solution to increase the robustness of the authentication process. This article aims to introduce a comprehensive and open source solution to offer multi-factor authentication for Shibboleth Identity Providers. Based on the Multi-factor Authentication Profile standard, our solution provides three extra second factors (One-Time Password, FIDO2 and Phone Prompt). The solution has been deployed in the Brazilian academic federation, where it was evaluated using functional and integration testing, as well as security and case study analysis.

Report this publication

Statistics

Seen <100 times