3rd party authentication_backend #7316
Labels
priority/4/normal
Normal priority items
status/needs-design
Requires thoughtful design
type/feature
Request for adding a new feature
Description
I would like to use Authelia with 2nd factors managed in privacyidea allowing an organizsation to manage their 2nd factors centrally and use these for all login scenrios.
I was not sure, if I should comment on #2784 or #3069, but decided to open a new FR.
Since the config allows to define the
authentication_backend
:I think from a config standpoint and update resistance it should be possible to "configure" other authentication backends.
So I was wondering if there is or can be a way to add custom authentication backends.
Use Case
An organizsation uses 2nd factors at VPN via RADIUS, at Windows Login, at Linux Login via the PAM stack and othe locations. The 2nf factors are centrally managed within privacyIDEA. (or name any other MFA management system).
The organization is also using Authelia for some Webpages, that do not allow authentication via SAML or OpenID Connect making it difficult to add a 2nd factor. So such web application (aka WebAppX) is located behind Authelia. Within Authelia a 2nd factor is managed.
The problem is that admins now need to manage 2nd factors in two places. In Authelia for access to WebAppX and in privacyIDEA for authentication at the VPN, at Windows clients, at Linux clients and all other locations.
The idea is to allow the managemen of all 2nd factors in one place and connect Authelia to this authentication system.
Details
I would like the description of how to add a new authentication_backend to authelia including
It could then be configured like:
The possibility to add such backend would be enough - no need to implement such backend.
Documentation
In regards to privacyIDEA such backend would call the
validate/check
endpoint.https://privacyidea.readthedocs.io/en/latest/modules/api/validate.html#post--validate-check
It could be simply configured like all other plugins:
Pre-Submission Checklist
I agree to follow the Code of Conduct
I have checked for related issues and checked the documentation
The text was updated successfully, but these errors were encountered: