Multi-Factor Authentication for Shibboleth Identity Providers

DE MELLO, Emerson Ribeiro, WANGHAM, Michelle Silva, LOLI, Samuel Bristot, DA SILVA, Carlos, DA SILVA, Gabriela Cavalcanti, DE CHAVES, Shirlei Aparecida and LOLI, Bruno Bristot (2020). Multi-Factor Authentication for Shibboleth Identity Providers. Journal of Internet Services and Applications, 11 (1), p. 8.

Da Silva_Multi-FactorAuthentication(VoR).pdf - Published Version
Creative Commons Attribution.

Download (1MB) | Preview
Link to published version::


The federated identity model provides a solution for user authentication across multiple administrative domains. The academic federations, such as the Brazilian federation, are examples of this model in practice. The majority of institutions that participate in academic federations employ password-based authentication for their users, with an attacker only needing to find out one password in order to personify the user in all federated service providers. Multi-factor authentication emerges as a solution to increase the robustness of the authentication process. This article aims to introduce a comprehensive and open source solution to offer multi-factor authentication for Shibboleth Identity Providers. Based on the Multi-factor Authentication Profile standard, our solution provides three extra second factors (One-Time Password, FIDO2 and Phone Prompt). The solution has been deployed in the Brazilian academic federation, where it was evaluated using functional and integration testing, as well as security and case study analysis.

Item Type: Article
Uncontrolled Keywords: 08 Information and Computing Sciences
Identification Number:
Page Range: p. 8
SWORD Depositor: Symplectic Elements
Depositing User: Symplectic Elements
Date Deposited: 16 Sep 2020 13:15
Last Modified: 17 Mar 2021 19:30

Actions (login required)

View Item View Item


Downloads per month over past year

View more statistics