[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Multi-Factor Authentication (MFA) for EPrints Login



Hi all,

I have added a page for MFA on the EPrints wiki.? It really just says 
what I said below.? However, if anyone has extra detail to add, please 
update this page:

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FMulti-Factor_Authentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=hg52dOOYk9%2BdkM5ScgLzeo55GjoIGOoDGcO6Aj0oGI0%3D&reserved=0

If anyone has attempted implementing OAuth-based login for EPrints and 
wants to share this, then this would certainly be considered for 
addition to the main EPrints 3.4. codebase, if you are happy for this to 
be added. Either way, if you have any helpful advice on using 
OAuth-based user authentication with EPrints (especially if it includes 
MFA support) then creating a page (probably called OAuth) for this on 
the wiki that would be really useful.

Regards

David Newman

On 21/03/2023 10:36 am, David R Newman via Eprints-tech wrote:
> Hi Martin,
>
> The way that most repositories do this is to use institutional single 
> sign on (SSO) that will now normally have MFA baked in. EPrints 
> integrates with this using Shibboleth where it acts as a Service Provider:
>
> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FShibboleth&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E3ijfn5ZzwCrLdzJCJsHcCXClPqYSo1c6H49sLEXT2M%3D&reserved=0
>
> There are no plans to implement MFA directly into EPrints, as there 
> are existing implementations that could be integrated into EPrints on 
> a case-by-case basis.? If you do not have institutional SSO that 
> allows you to configure EPrints as a Shibboleth Service Provider, then 
> an OAuth implementation may be possible.? As I have not needed this, I 
> have not had reason to implement it.? I don't know if anyone else has 
> tried implementing an OAuth user authentication implementation for 
> EPrints.
>
> Regards
>
> David Newman
>
> On 21/03/2023 10:23 am, Martin Br?ndle via Eprints-tech wrote:
>> *CAUTION:* This e-mail originated outside the University of Southampton.
>>
>> Dear all,
>>
>> IT security at our institution requires that all services that 
>> provide login to user accounts implement multi-factor authentication 
>> in some way (e.g. via Azure AD and Microsoft Authenticator or another 
>> authenticator). We must check our EPrints repository, too.
>>
>> Has anybody done this and could provide us with some hints how to do? 
>> Currently we use LDAP .
>>
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zp6Cj217bHEhOP%2B2aoNwWT3vOezQL0r9hyELc4JNKeo%3D&reserved=0 
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=zp6Cj217bHEhOP%2B2aoNwWT3vOezQL0r9hyELc4JNKeo%3D&reserved=0> 
>> and sub-pages seem not to be up-to-date.
>>
>> Thanks in advance and kind regards,
>>
>> Martin
>>
>> --
>>
>> Dr. Martin Br?ndle
>> Zentrale Informatik
>> Universit?t Z?rich
>> Stampfenbachstr. 73
>> CH-8006 Z?rich
>>
>> mail: martin.braendle at uzh.ch <mailto:martin.braendle at uzh.ch>
>> phone: +41 44 63 56705
>> signature_2066573683https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4luG8tPNn5ey4WargvUqQr59gwKp3GlCYZKyhLv7Zn4%3D&reserved=0 
>> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=4luG8tPNn5ey4WargvUqQr59gwKp3GlCYZKyhLv7Zn4%3D&reserved=0>
>> https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=ZCBZU%2FS5LURGDwYNH5hN%2BiSrEumd%2Fz10RNq7Z7xUhik%3D&reserved=0 
>> <https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=wuC54H07kv1rfcfehC8Hz0xGgsnc5TcpeiNbIgwwVzc%3D&reserved=0>
>>
>>
>> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
>> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VAkzeDs0JlrAP4v%2F6Ba8IhYmPAhBoC18fjS59k6mq2Y%3D&reserved=0
>> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pXNbWSKs%2Fj3jLMZkbfGYLdHRNdtvDlPuuZUzRF4iUCg%3D&reserved=0
>
>
> *** Options:http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
> *** Archive:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VAkzeDs0JlrAP4v%2F6Ba8IhYmPAhBoC18fjS59k6mq2Y%3D&reserved=0
> *** EPrints community wiki:https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C1f1da5fad8564d8ac93a08db29fa1c25%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638149926405229922%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=pXNbWSKs%2Fj3jLMZkbfGYLdHRNdtvDlPuuZUzRF4iUCg%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230321/13e14fd0/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 173 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230321/13e14fd0/attachment-0001.gif