[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Multi-Factor Authentication (MFA) for EPrints Login



Hi Martin,

The way that most repositories do this is to use institutional single 
sign on (SSO) that will now normally have MFA baked in. EPrints 
integrates with this using Shibboleth where it acts as a Service Provider:

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FShibboleth&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ldvwmnd%2BuMssugqpqjnDNEhGAeBqMSn3eou%2BvX7Q90c%3D&reserved=0

There are no plans to implement MFA directly into EPrints, as there are 
existing implementations that could be integrated into EPrints on a 
case-by-case basis.? If you do not have institutional SSO that allows 
you to configure EPrints as a Shibboleth Service Provider, then an OAuth 
implementation may be possible.? As I have not needed this, I have not 
had reason to implement it.? I don't know if anyone else has tried 
implementing an OAuth user authentication implementation for EPrints.

Regards

David Newman

On 21/03/2023 10:23 am, Martin Br?ndle via Eprints-tech wrote:
> *CAUTION:* This e-mail originated outside the University of Southampton.
>
> Dear all,
>
> IT security at our institution requires that all services that provide 
> login to user accounts implement multi-factor authentication in some 
> way (e.g. via Azure AD and Microsoft Authenticator or another 
> authenticator). We must check our EPrints repository, too.
>
> Has anybody done this and could provide us with some hints how to do? 
> Currently we use LDAP .
>
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sY0v8OsSx9%2FECsCgLCuoRov7ubTKlwXdgN8zU3PYm4w%3D&reserved=0 
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sY0v8OsSx9%2FECsCgLCuoRov7ubTKlwXdgN8zU3PYm4w%3D&reserved=0> 
> and sub-pages seem not to be up-to-date.
>
> Thanks in advance and kind regards,
>
> Martin
>
> --
>
> Dr. Martin Br?ndle
> Zentrale Informatik
> Universit?t Z?rich
> Stampfenbachstr. 73
> CH-8006 Z?rich
>
> mail: martin.braendle at uzh.ch <mailto:martin.braendle at uzh.ch>
> phone: +41 44 63 56705
> signature_2066573683https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PKxsN3PdSbjTANdLj3XOk%2FH8Rz9cseOyQiXERgusKs4%3D&reserved=0 
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=PKxsN3PdSbjTANdLj3XOk%2FH8Rz9cseOyQiXERgusKs4%3D&reserved=0>
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xZcTA9byl4vf5WeYzZC7j0DMqiliFWKN1ayXn4cMwzw%3D&reserved=0 
> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=HFvBIJkRqau528UyGK4g7cTHAnhZfQi8TExyYmYePKM%3D&reserved=0>
>
>
> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=sHn4J4zFURnZSZFRsoYdq7u%2BT9SBdwhaKAXXUW7J528%3D&reserved=0
> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7Ce9d6ecfcf18a4671620708db29f82fa8%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149918140165207%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=C5nls4lO3PhRSSTthvLlxgeQLLegTylNAEMrmw2Xf40%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230321/531144e6/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 173 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230321/531144e6/attachment-0001.gif