As a brief note, internal to Informatics:
We’ve now set up two-factor Cosign authentication on a test ‘portal.theon’ website. Apart from pointing that client site at the appropriate test Cosign server, the only necessary configuration is the inclusion of appropriate CosignRequireFactor
directives at suitable places within the Apache configuration hierarchy.
For testing, we’ve placed these directives using both Apache <Directory>
stanzas, and also within .htaccess
files. Both approaches work, and both therefore ‘switch on’ two-factor authentication at a directory level. (We assume – but have not tested – that <Files>
stanzas could be used to make the authentication demarcations even more fine-grained. But, on the other hand, the simpler these demarcations are, the better.) Note, of course, that CosignRequireFactor
directives placed within .htaccess
files work if and only if the necessary Apache ‘Overrides’ declarations are in force.
Specifically, to populate the appropriate .htaccess
files within the test ‘portal.theon’ website, the final approach taken has been to amend the relevant TP000...Access
conduits so that a CosignRequireFactor INF.ED.AC.UK otp
directive is appended as a verbatim gurgle %%footer
statement.