[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] {Suspected SPAM} Re: Multi-Factor Authentication (MFA) for EPrints Login

CAUTION: This e-mail originated outside the University of Southampton.
I will have to figure out how to do MFA with our EPrints instance as well, so this discussion is timely and useful for me.  Martin, thanks for the link to "Authdigital", interesting to see EPrints in their service offer for this.  I don't have any experience or knowledge of the quality of their work.

Tomasz

________________________________________________
Tomasz Neugebauer
Senior Librarian | Biblioth?caire titulaire
Digital Projects & Systems Development Librarian / Biblioth?caire des Projets Num?riques & D?veloppement de Syst?mes
Concordia University / Universit? Concordia
Tel. / T?l. 514-848-2424 ext. / poste 7738
Email / courriel: tomasz.neugebauer at concordia.ca<mailto:tomasz.neugebauer at concordia.ca>
Mailing address / adresse postale: 1455 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
Street address / adresse municipale: 1400 De Maisonneuve Blvd. W., LB-540-03, Montreal, Quebec H3G 1M8
library.concordia.ca
________________________________
From: Martin Br?ndle <martin.braendle at uzh.ch>
Sent: Wednesday, March 22, 2023 12:23 PM
To: John Salter <J.Salter at leeds.ac.uk>; eprints-tech at ecs.soton.ac.uk <eprints-tech at ecs.soton.ac.uk>; David R Newman <drn at ecs.soton.ac.uk>
Cc: Tomasz Neugebauer <Tomasz.Neugebauer at concordia.ca>
Subject: Re: [EP-tech] Multi-Factor Authentication (MFA) for EPrints Login


Attention This email originates from outside the concordia.ca domain. // Ce courriel provient de l'ext?rieur du domaine de concordia.ca




Dear all, dear David and John,



thank you for your answers. I have found this Canadian enterprise doing OAuth with EPrints .

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthdigital.com%2Feprints-single-sign-on&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nSz52RhccxqqY6vQ9DayQBJtrCpv9DP9qQ56BjKM5aM%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fauthdigital.com%2Feprints-single-sign-on&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=nSz52RhccxqqY6vQ9DayQBJtrCpv9DP9qQ56BjKM5aM%3D&reserved=0>



Any experience around with them?



Kind regards,



Martin



--

Dr. Martin Br?ndle
Zentrale Informatik
Universit?t Z?rich
Stampfenbachstr. 73
CH-8006 Z?rich






From: John Salter <J.Salter at leeds.ac.uk>
Date: Tuesday, 21 March 2023 at 12:00
To: eprints-tech at ecs.soton.ac.uk <eprints-tech at ecs.soton.ac.uk>, David R Newman <drn at ecs.soton.ac.uk>, Martin Br?ndle <martin.braendle at uzh.ch>
Subject: RE: [EP-tech] Multi-Factor Authentication (MFA) for EPrints Login

Hi Martin,
This is something we're looking at too (no answers as yet).
One of the route's we're looking at is to use Orcid as the sign-on route, which could then go via the institutional SSO (with MFA).



The edge cases (admin accounts, API accounts) would still need a route to be able to authenticate too?



Cheers,

John



From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of David R Newman via Eprints-tech
Sent: 21 March 2023 10:51
To: eprints-tech at ecs.soton.ac.uk; Martin Br?ndle <martin.braendle at uzh.ch>
Subject: Re: [EP-tech] Multi-Factor Authentication (MFA) for EPrints Login



Hi all,

I have added a page for MFA on the EPrints wiki.  It really just says what I said below.  However, if anyone has extra detail to add, please update this page:

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FMulti-Factor_Authentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UeiYuDfNwc3XyCjxWUd5v5%2BSNmFTXFiWi9nygI7SHxE%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FMulti-Factor_Authentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=UeiYuDfNwc3XyCjxWUd5v5%2BSNmFTXFiWi9nygI7SHxE%3D&reserved=0>

If anyone has attempted implementing OAuth-based login for EPrints and wants to share this, then this would certainly be considered for addition to the main EPrints 3.4. codebase, if you are happy for this to be added. Either way, if you have any helpful advice on using OAuth-based user authentication with EPrints (especially if it includes MFA support) then creating a page (probably called OAuth) for this on the wiki that would be really useful.

Regards

David Newman

On 21/03/2023 10:36 am, David R Newman via Eprints-tech wrote:

Hi Martin,

The way that most repositories do this is to use institutional single sign on (SSO) that will now normally have MFA baked in.  EPrints integrates with this using Shibboleth where it acts as a Service Provider:

https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FShibboleth&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E%2BCn2WNtLKTLhNOP6KboKDifEHsBf8NlJ6X8PjSFgio%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FShibboleth&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=E%2BCn2WNtLKTLhNOP6KboKDifEHsBf8NlJ6X8PjSFgio%3D&reserved=0>

There are no plans to implement MFA directly into EPrints, as there are existing implementations that could be integrated into EPrints on a case-by-case basis.  If you do not have institutional SSO that allows you to configure EPrints as a Shibboleth Service Provider, then an OAuth implementation may be possible.  As I have not needed this, I have not had reason to implement it.  I don't know if anyone else has tried implementing an OAuth user authentication implementation for EPrints.

Regards

David Newman

On 21/03/2023 10:23 am, Martin Br?ndle via Eprints-tech wrote:

CAUTION: This e-mail originated outside the University of Southampton.

Dear all,



IT security at our institution requires that all services that provide login to user accounts implement multi-factor authentication in some way (e.g. via Azure AD and Microsoft Authenticator or another authenticator). We must check our EPrints repository, too.



Has anybody done this and could provide us with some hints how to do? Currently we use LDAP .



https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XYlRq9lG%2Fi75f%2FatwE3dacjAPo6ohOUk%2BlYskH%2B7FqI%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.eprints.org%2Fw%2FCategory%3AAuthentication&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=XYlRq9lG%2Fi75f%2FatwE3dacjAPo6ohOUk%2BlYskH%2B7FqI%3D&reserved=0> and sub-pages seem not to be up-to-date.



Thanks in advance and kind regards,



Martin



--

Dr. Martin Br?ndle
Zentrale Informatik
Universit?t Z?rich
Stampfenbachstr. 73
CH-8006 Z?rich

mail: martin.braendle at uzh.ch<mailto:martin.braendle at uzh.ch>
phone: +41 44 63 56705
[signature_2066573683]https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=W0NKXMFMxfuTSkafQcSGLQRl0ytbpb2gKQSOeVgpqnQ%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Forcid.org%2F0000-0002-7752-6567&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=W0NKXMFMxfuTSkafQcSGLQRl0ytbpb2gKQSOeVgpqnQ%3D&reserved=0>
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=549SazF7XZWceHCxUi9hytnrCalNa4aew2as8eszQCQ%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.zi.uzh.ch%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=QquG9tfgk0CTdUVyUA%2BZt0h0wacN59%2FEwTE7%2FmjfUM8%3D&reserved=0>






*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.ecs.soton.ac.uk%2Fmailman%2Flistinfo%2Feprints-tech&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=FZUlnk8hr9PoP2%2FVLy3%2F1%2BCZrGdHNhBhfiStg%2BtMz%2F0%3D&reserved=0>

*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yeE2ZZ6jlnMeMsSXNcqwFNwCnGPkANzquk82sphYjtk%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215033928%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=yeE2ZZ6jlnMeMsSXNcqwFNwCnGPkANzquk82sphYjtk%3D&reserved=0>

*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0cPYS55Ie0XqdtPVKLtxNgCR5WPTt8mqRFJeL%2BIf6tY%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0cPYS55Ie0XqdtPVKLtxNgCR5WPTt8mqRFJeL%2BIf6tY%3D&reserved=0>





*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmailman.ecs.soton.ac.uk%2Fmailman%2Flistinfo%2Feprints-tech&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=8y5zZuEKqLQvqDeSIpuLX6BfIuDhS7Ew3nPHx6ow5Fo%3D&reserved=0>

*** Archive: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gJC%2F%2Bur4MpPZKWneqz9oHAmR%2BsMjNd%2FIVmkmt1orPd8%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.eprints.org%2Ftech.php%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=gJC%2F%2Bur4MpPZKWneqz9oHAmR%2BsMjNd%2FIVmkmt1orPd8%3D&reserved=0>

*** EPrints community wiki: https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0cPYS55Ie0XqdtPVKLtxNgCR5WPTt8mqRFJeL%2BIf6tY%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwiki.eprints.org%2F&data=05%7C01%7Ceprints-tech%40ecs.soton.ac.uk%7C58f5c45e41e64e2e575a08db2ba818ec%7C4a5378f929f44d3ebe89669d03ada9d8%7C0%7C0%7C638151773215658818%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=0cPYS55Ie0XqdtPVKLtxNgCR5WPTt8mqRFJeL%2BIf6tY%3D&reserved=0>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230323/cf443beb/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 173 bytes
Desc: image001.gif
Url : http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20230323/cf443beb/attachment-0001.gif