{"id":16576192,"url":"https://github.com/emersonmello/mfap-installation-guide","last_synced_at":"2025-09-12T03:45:21.377Z","repository":{"id":70867756,"uuid":"333781987","full_name":"emersonmello/mfap-installation-guide","owner":"emersonmello","description":"  This repository presents a guide to install a comprehensive and open source solution to offer multi-factor authentication for Shibboleth Identity Providers (version 3.3.1).","archived":false,"fork":false,"pushed_at":"2021-01-28T14:26:52.000Z","size":4834,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-02T00:25:18.692Z","etag":null,"topics":["fido2","idp","mfa","multifactor-authentication","otp","saml","shibboleth","shibboleth-identity-provider","shibboleth-idp"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/emersonmello.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-01-28T14:23:36.000Z","updated_at":"2021-01-29T12:47:04.000Z","dependencies_parsed_at":"2023-03-16T20:30:29.826Z","dependency_job_id":null,"html_url":"https://github.com/emersonmello/mfap-installation-guide","commit_stats":{"total_commits":222,"total_committers":9,"mean_commits":"24.666666666666668","dds":0.4414414414414415,"last_synced_commit":"7fa65e5db4e2f47153cba4860075e0e137cf52cf"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/emersonmello/mfap-installation-guide","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emersonmello%2Fmfap-installation-guide","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emersonmello%2Fmfap-installation-guide/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emersonmello%2Fmfap-installation-guide/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emersonmello%2Fmfap-installation-guide/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/emersonmello","download_url":"https://codeload.github.com/emersonmello/mfap-installation-guide/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/emersonmello%2Fmfap-installation-guide/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274749632,"owners_count":25342171,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fido2","idp","mfa","multifactor-authentication","otp","saml","shibboleth","shibboleth-identity-provider","shibboleth-idp"],"created_at":"2024-10-11T22:07:28.674Z","updated_at":"2025-09-12T03:45:21.337Z","avatar_url":"https://github.com/emersonmello.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Multi-factor installation guide\n\nThis repository presents a guide to install a comprehensive and open-source solution (available at https://git.rnp.br/GT-AMPTo/MfaProvider) to offer multi-factor authentication for Shibboleth Identity Providers (version 3.3.1).\n\nBased on the [Multi-factor Authentication Profile standard (REFEDS MFA Profile)](https://refeds.org/profile/mfa), our solution [(MFaProvider)](https://git.rnp.br/GT-AMPTo/MfaProvider) provides three extra second factors:\n\n- One-Time Password - TOTP standard \n  - you can use Google Authenticator\n- FIDO2 (WebAuthN)\n  - you can use physical tokens such as Yubikey\n- Phone Prompt - Mobile App developed by us\n  - [Android source code](https://git.rnp.br/GT-AMPTo/App2Ampto) \n  - [iOS source code](https://git.rnp.br/GT-AMPTo/amptoios)\n\n## Manuals in English\n\n- [Main multi-factor installation guide (IdP and MfaProvider)](doc/en/Readme.md)\n  - [Log management manual](doc/en/Logs.md) \n  - [Removing the second factor from a user](doc/en/Factor-Removal-Implementation.md)\n  - [How to setup a local development environment](doc/en/setup-local-dev.md)\n    - [How to implement a new factor according to the current architecture](doc/en/New-Factor.md)\n  - [How to configure Service Provider to request that Identity Providers perform MFA](doc/en/sp-mfa.md)\n\n## Manuais em Português\n\n- [Principal roteiro de instalação da solução multi-fator (IdP e MfaProvider)](doc/pt_BR/Readme.md)\n  - [Como verificar os *logs* gerados pela solução](doc/pt_BR/Logs.md)\n  - [Como remover o segundo fator associado a conta de um usuário](doc/pt_BR/Implementacao-remover-fator.md)\n  - [Como montar um ambiente local de desenvolvimento para o MFaP](doc/pt_BR/Ambiente-DEV-local-MFaP.md)\n    - [Como desenvolver o novo fator de autenticação](doc/pt_BR/Novo-fator.md)\n  - [Como configurar provedores de serviços (SP) para solicitar que os provedores de identidade (IdPs) realizem MFA](doc/pt_BR/sp-mfa.md)\n\n## Organization of the GT-AMPTo's repositories\n\n- **Multi-factor installation guide**\n  - https://git.rnp.br/GT-AMPTo/mfap-installation-guide\n  - Use this repository to perform the automated installation of the MFaP solution at the Identity Provider. The script will download codes from [MFaProvider](https://git.rnp.br/GT-AMPTo/MfaProvider) and [MfaProviderIdp](https://git.rnp.br/GT-AMPTo/mfadialogo) repositories\n- **MFaProvider**\n  - https://git.rnp.br/GT-AMPTo/MfaProvider\n  - Application responsible for performing MFA authentication of users and which presents a dashboard for users to enable their authentication factors\n- **MFaP library for the IdP**\n  - https://git.rnp.br/GT-AMPTo/mfadialogo\n  - Library to be invoked by the IdP's `AuthFlow`(in the `.xml` file) and that will allow to interact with the [MFaProvider](https://git.rnp.br/GT-AMPTo/MfaProvider)\n- **Mobile applications specific for Phone Prompt** \n  - https://git.rnp.br/GT-AMPTo/App2Ampto - Android version\n  - https://git.rnp.br/GT-AMPTo/amptoios - iOS version\n  - Required if you want to use the Phone Prompt as a second authentication factor\n\n\n## Publications\n\n- Ribeiro de Mello, E., Silva Wangham, M., Bristot Loli, S. et al. **Multi-factor authentication for shibboleth identity providers**. J Internet Serv Appl 11, 8 (2020). https://doi.org/10.1186/s13174-020-00128-1. https://rdcu.be/cbzPJ\n- MELLO, E. R.; WANGHAM, M. S. ; LOLI, S. B. ; SILVA, C. E. ; SILVA, G. C. **Autenticação multi-fator em provedores de identidade Shibboleth**. In: Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), 2018, Natal. Anais do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg). Porto Alegre: SBC, 2018. p. 85-98. [download](https://wordpress.sj.ifsc.edu.br/gtampto/wp-content/uploads/sites/21/2017/05/mello-gt-ampto-sbseg2018.pdf)\n- SILVA, G. C. ; SILVA, C. E. ; MELLO, E. R. ; WANGHAM, M. S. ; LOLI, S. B. **Transposição da Autenticação Federada para uma Solução de Controle de Acesso Físico no contexto da Internet das Coisas**. In: Salão de Ferramentas do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), 2018, Natal. Anais Estendidos do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg). Porto Alegre: SBC, 2018. p. 73-80. [download](https://wordpress.sj.ifsc.edu.br/gtampto/wp-content/uploads/sites/21/2017/05/gtampto-iot-sbseg2018.pdf)\n- SILVA, G. C.; SILVA, C.E. **Uma Proposta de Arquitetura para Autorização Federada com Internet das Coisas**. In Workshop de Trabalhos de Iniciação Científica e de Graduação (WTICG) do Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg), 2017, Brasília.\n\n## Authors\n- [Emerson Ribeiro de Mello](https://github.com/emersonmello) - Federal Institute of Santa Catarina (IFSC)\n- [Carlos Eduardo da Silva](https://www.researchgate.net/profile/Carlos_Da_Silva6) - Sheffield Hallam University\n- [Michelle Silva Wangham](https://www.researchgate.net/profile/Michelle_Wangham)  - Universidade do Vale do Itajaí (UNIVALI)\n- [Samuel Bristot Loli](https://github.com/samuelbl) - Federal Institute of Santa Catarina (IFSC)\n- [Shirlei Aparecida Chaves](https://github.com/shirlei) - Federal Institute of Santa Catarina (IFSC)\n- [Gabriela Cavalcanti da Silva](https://github.com/gabicavalcante) - Federal University of Rio Grande do Norte\n- Bruno Bristot Loli - CIASC\n- [Felipe Cardoso](https://github.com/fpcardoso) - Federal Institute of Santa Catarina (IFSC)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femersonmello%2Fmfap-installation-guide","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Femersonmello%2Fmfap-installation-guide","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Femersonmello%2Fmfap-installation-guide/lists"}