A Unified approach towards Multi-factor Authentication(MFA)

20 May 2021, 15:52
13m
Short Talk Online Computing Facilities and Networks

Speaker

Masood Zaran (Brookhaven National Labratory)

Description

With more applications and services deployed in BNL SDCC that rely on authentication services, adoption of Multi-factor Authentication (MFA) became inevitable. While web applications can be protected by Keycloak (a open source Single sign-on solution directed by Red Hat) with its MFA feature, other service components within the facility rely on FreeIPA (an open source identity management software directed by Red Hat) for MFA authentication. While this satisfies cyber security requirements, it creates a situation where users need to manage multiple tokens and differentiation of them depends upon what they access. Not only this is a major irritation for users, it also adds a burden for staff members who manage user tokens. To tackle the challenges, a solution needs to be found to provide a unified way for token management. In the paper, we elaborate a solution that was explored and implemented at the SDCC, and also plan to extend it's capabilities and flexibility's for future application integration's.

Primary authors

Masood Zaran (Brookhaven National Labratory) Mizuki Karasawa (BNL)

Presentation materials