Multi-Context Broker Eases the Integration of Multifactor Authentication

Is your campus considering the implementation of multifactor authentication to bolster security beyond passwords? Are you considering implementing multiple local or InCommon Assurance profiles? If so, and you use Shibboleth single sign-on software, your job just got easier.

The Internet2 community has released an extension to the Shibboleth software, the Multi-Context Broker (MCB) that significantly eases the integration of multifactor authentication technologies and the management of InCommon Assurance Profiles.

With the MCB, organizations can easily support single sign-on for multiple authentication methods. No custom code is needed. Once configured, MCB automatically selects appropriate authentication methods, based on service provider requests, user certifications, user choice, and hierarchies of assurance profiles like InCommon Bronze and Silver. The MCB currently supports username/password, X.509 client certificates, and Duo Security as authentication methods, and more methods are in the works.

Internet2 funded the MCB development through InCommon and the Scalable Privacy Project, which is supported by a grant from the National Strategy for Trusted Identity in Cyberspace (NSTIC). The University of Chicago, the University of Illinois, and the University of Toronto provided testing for the MCB.

The Multi-Context Broker plug-in and detailed documentation for installation and configuration are available at the Shibboleth Project wiki, and source files are available at GitHub. For details, see the MCB wiki page. This page also includes a complete description of the MCB and sample configurations for support of Duo Security, InCommon Silver, and a SafeNet USB-format token.