Opened 2 years ago

Closed 15 months ago

#1131 closed Feature Wish (fixed-external)

2 factor auth by sending key to messager (Threema, WhatApp)?

Reported by: benni85 Owned by: jamesyonan
Priority: minor Milestone:
Component: Access Server Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

OpenVPN AS currently supports 2FA in combination with Google Authenticator. Most users are even today using end2end encrypted Messaging Tools like Threema / WhatsApp?.
Wouldn't it make sense to provide Integration of AS with for example Threema API so that the Server can send second Auth factor to a user's messenger app?

Change History (2)

comment:1 Changed 2 years ago by David Sommerseth

We are researching and evaluating SAML support in OpenVPN Access Server. This moves the authentication layer out of OpenVPN to any Identity Providers (IdP) supporting SAML, which we believe is a more sane way to handle authentication these days. We do not have any timelines currently of when such a feature would be available.

With that said, even though Threema/WhatsApp? _may_ use encryption for such messages, using this kind of text based authentication is not considered optimal compared to offline methods such as TOTP and HOTP. More information on this topic can be found here:

Last edited 2 years ago by David Sommerseth (previous) (diff)

comment:2 Changed 15 months ago by novaflash

Resolution: fixed-external
Status: newclosed

Just reviewing and closing old tickets that were left open in the community site, although these were already copied into our internal tracking system and handled there.

Implementation of SAML is happening at this moment. It is expected that somewhere this year this function will become available. In SAML there are many ways to deal with this. Because of the limited choices in resolution type on this tracking system I will consider this as fixed-external, as we are handling this in our internal issue tracking system and not handling this here on the public community tracking system.

Note: See TracTickets for help on using tickets.