Factoring the Authentication Equation: Integrating Multi-factor Authentication into CAS/Shibboleth

A session at Open Apereo 2013 Conference (Jasig & Sakai)

Tuesday 4th June, 2013

11:00am to 11:45am (PST)

Interest in Multi-factor Authentication (MFA) has been growing for a number of reasons, including increasing attack vectors for compromising passwords, use cases for higher levels of identity assurance, and expanded technologies to provide MFA (e.g. phone-based approaches). Combining MFA with one's Single Sign-on (SSO) system (CAS, Shibboleth) allows one to leverage MFA for many on-campus and federated services. Both the NSTIC-funded Internet Scalable Privacy Project ( https://spaces.internet2.edu/x/Y... ), and the InCommon Assurance Program ( http://www.incommon.org/assurance/ ) are helping to fund efforts to define and implement standard patterns for effective integration of MFA with Shib and CAS. This presentation will describe how MFA is being integrated into both the Shib Identity Provider and CAS Server, and provide some demonstrations of current MFA integrations with both.

About the speakers

This person is speaking at this event.
Mike Grady

Senior IAM Consultant

Mike Grady has expertise in a broad range of higher education IT, with a particularly deep knowledge of both identity management and research cyberinfrastructure. In the fall of 2012, he joined Unicon as a member of its Identity and Access Management (IAM) team, assisting clients with any and all IAM needs, from strategic planning, consulting, implementation and support. A primary focus is on federated identity management; he is actively engaged in the Shibboleth, InCommon, Internet2, and increasingly, the CAS communities.

Prior to joining Unicon, Mike worked for the University of Illinois at Urbana-Champaign for 36 years, serving in multiple roles for Illinois over the years. Mike's last position at Illinois was as the Executive Program Officer for Cyberinfrastructure (CI) in the Office of the Chief Information Officer, where his focus was on understanding how CI could help Illinois researchers advance their research, and then acting on that understanding to help campus IT determine how to effectively deliver the CI required.

This person is speaking at this event.
Andrew Petro

Software Developer, Identity and Access Management

Andrew Petro is a software developer at Unicon Inc. After graduating with a degree in Computer Science from Yale University in 2004, Andrew stayed on to serve his alma mater in the Technology & Planning group. Projects in which Andrew has been involved include theJasig Central Authentication Service, YaleInfo Portal (Yale's uPortal implementation), and the Jasig uPortal project. In 2006 Andrew joined Unicon and has filled several roles as a software developer, uPortal and CAS consultant, and technical lead for the Cooperative Support for CAS program. Andrew has served on the Jasig uPortal and CAS steering committees.

Next session in Topaz

1pm OAAI: An Open Ecosystem for Learning Analytics by Sandeep Jayaprakash, Josh Baron and JoAnna Schilling

14 attendees

  • Andrew Petro
  • Bill Thompson
  • Dmitriy Kopylenko
  • Eric Dalquist
  • Udaya Ghattamaneni
  • Martin Smith
  • Mike Grady
  • Misagh Moayyed
  • Mitch
  • Nagai Takayuki
  • Mike Osterman
  • Bob Walters
  • Ray Walker
  • Tim Levett

4 trackers

  • Aaron Grant
  • Andrew Sears
  • Konstantin Makarov
  • Martin Morrey

Coverage of this session

Sign in to add slides, notes or videos to this session

Sign in to track this session

Tell your friends!


Time 11:00am11:45am PST

Date Tue 4th June 2013


Topaz, The Westin San Diego

Short URL


Official event site


View the schedule



See something wrong?

Report an issue with this session