Installation privacyIDEA for 2FA at UCS management console

privacyidea

#1

Hey Forum,
I am struggling integrating privacyIDEA for 2FA at the UCS management console login. What I have sucessfully done so far:

  1. installed privacyIDEA at the UCS master
  2. logged in as Administrator@admin
  3. create token for Administrator
  4. used Google Authenticator to test the token: all good
  5. created rule with “passthru” as in the netknights tutorial

The next step would have been to install privacyIDEA PAM to integrate 2FA into login screen, but there is no such app in the app store.
Has the installation been changed? Where can I find suitable documentation for it?

BR
fk


#2

I’m having the same problem. PrivacyIDEA SAML is available only for UCS 4.3, therefore the app doesn’t appear on 4.4 installations. I don’t know what to do since there’s near 0 documentation online.


#3

The problem is, the SAML IdP on UCS is rather outdated. It is no fun packaging privacyIDEA SAML for UCS, since we need to keep backward compatibility for an old version of simpleSAMLphp only due to UCS.
I would recommend to set up your SAML IdP on another machine.
Or use the PAM module from the source.


#4

Thanks for your reply.

Is it possible to explain me step by step how to configure PrivacyIdea on UCS to force all users to set it up with OTP ? I’m really struggling following the documentation and having something that works.

Would it be possible to create a new package, “PrivacyIDEA SAML for UCS 4.4” ? So it is a separated package, but it will work on latest versions of UCS, and more importantly allowing users to use 2FA when logging in with SAML.

What do you think ?