radius support and 2FA #1
Comments
|
Hi, |
|
Hello, sounds very promising, I keep my fingers crossed then. |
|
What exactly do you want to know? Its a simple ldap bind operation to check the user credentials. See here: https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#Bind_(authenticate) Maybe you are confusing the authentication to the management portal with the WireGuard authentication? LDAP is just used to fill the userdatabase in the management portal. If enabled, a WireGuard tunnel configuration (keypair) is created for each LDAP user automatically. The user can then download his configuration from the portal by logging in with his LDAP credentials. |
|
Yes, that's what I meant, thank you very much for the explanation. |
|
You could delegate the 2FA process to a OpenID Connect backend. We're currently using WG Gen Web with OIDC connector to a Keycloak instance. That means the LDAP auth will never have a 2FA but ... it's LDAP huh ? |
|
Great ! Thanks for your work. I can test OIDC integration with Keycloak. |
|
For 2FA, there is also this project to look at and potentially incorporate: https://github.com/NHAS/wag |
|
One option how to achieve 2FA would be to support Radius, then 2FA could be handled by the Radius server. https://www.oreilly.com/library/view/radius/0596003226/re04.html |
Initial alpha codebase for version 2 of WireGuard Portal. This version is considered unstable and incomplete (for example, no public REST API)! Use with care! Fixes/Implements the following issues: - OAuth support #154, #1 - New Web UI with internationalisation support #98, #107, #89, #62 - Postgres Support #49 - Improved Email handling #47, #119 - DNS Search Domain support #46 - Bugfixes #94, #48 --------- Co-authored-by: Fabian Wechselberger <wechselbergerf@hotmail.com>
Hello, this project looks interesting, will you plan to add radius support and 2FA?
The text was updated successfully, but these errors were encountered: