How to implement 2FA using SimpleSMALPhp and OpenLDAP with privacyIDEA

ldap
totp

#1

I want to implement 2FA authentication for users in our existing application.

Current Setup :
We use SimpleSAMLPhp as Idp which uses OpenLDAP as authsource, (Internally on OpenLDAP we use ldap proxy for AD user authentication)

Now how do I implement 2FA in above setup using privacyIDEA?
Do I have to change authsource to privacyIDEA server from OpenLDAP? If I do so how will I manage users on privacyIDEA server as they are on OpenLDAP


#2

Hi,
in the privacyIDEA setup you need to add an LDAP resolver (it is in the docs)

After that, you can use privacyIDEA as an authproc filter in simpleSAMLphp. So you do not have to change your authsources. The latest version of our module supports authproc filters. You can find it on GitHub. To enable it, you have to enter the configuration in your metadata or config.php.
An example is here.

Kind regards
Micha Preu├čer