Multi Factor Authentication WSO2

Question

I am trying to achieve MFA in WSO2. I made changes as per the below link but nothing worked, https://docs.wso2.com/display/IS510/Multi-factor+Authentication+using+FIDO

I am a bit confused, do we need a physical U2F device to achieve this MFA? Are there any other multi factor authentication methods/tutorials available for WSO2?

score 2 · Accepted Answer · answered Apr 13 '16 at 06:13

2

Yes, as @maduranga has explained you need a physical U2F device for MFA with Fido. Fido is the only out-of-the-box MFA authenticator that ships with WSO2 Identity Server 5.1.0.

However, you can find a growing number of MFA authenticators at WSO2 Store: https://store.wso2.com/store/assets/isconnector

WSO2 IS has a highly extensible multi-step based authentication framework. So you can easily write your own MFA authenticator without much hassle and plug it to that framework.

answered Apr 13 '16 at 06:13

drox

7,523
4
23
34

Thanks a lot Dulanja. I was not even aware of this store. It resolved my issue. All the MFA use a sample Travelocity app. What if I want to add MFA to WSO2 products( Api Manager or Identity Server) login. Is it possible? – John Seen Apr 13 '16 at 12:00
No problem :) Maybe following helps? Assuming your queation is on Management Console login. http://blog.facilelogin.com/2016/03/enabling-mult-factor-authentication-for.html – drox Apr 16 '16 at 15:47

score 1 · Answer 2 · answered Apr 06 '16 at 11:41

1

Yes you need to have a physical U2F device to achieve multi-factor authentication using FIDO. But there are other ways to achieve multi-factor authentication using IS. This documentation provides the instructions to enable multi-factor authentication.

In the Local & Outbound Authentication Configuration of the service provider, go to the Advanced Configuration add the number of steps you want. Each factor you want to add in the authentication process is a step in the configuration.

answered Apr 06 '16 at 11:41

Maduranga Siriwardena

1,341
1
13
27

What if I want to add MFA to WSO2 products( Api Manager or Identity Server) login. Is it possible? How can it be done? – John Seen Apr 13 '16 at 12:05
You can find the information regarding this from https://docs.wso2.com/display/IS510/Configuring+SAML2+Single-Sign-On+Across+Different+WSO2+Products – Maduranga Siriwardena Apr 18 '16 at 06:38

score 0 · Answer 3 · answered Apr 06 '16 at 08:32

0

You can add multiple identity providers to a single service provider to support multi factor authentication. An example of this is explained here. link might help you to try out a sample. Please have a look.

answered Apr 06 '16 at 08:32

Ushani

1,199
12
28

Thank you for the link, I will have a look. What about FIDO? Do we need a physical U2F device? – John Seen Apr 06 '16 at 08:57

Multi Factor Authentication WSO2

3 Answers3

Linked