Wed Jan 27 12:57:15 EST 2021

This item has been posted to rhic-rcf-l@lists.bnl.gov, sdcc_users-l@lists.bnl.gov, usatlas-users-l@lists.bnl.gov

Summary:
Keycloak new MFA mechanism activation

Duration:
01/28/21 Thursday @ 5:00 PM EST - 01/28/21 @ 6:00PM EST

Group Responsible:
GS (General Services)

Affected Area:
External services utilizing Keycloak SDCC MFA realm (ex, Jupyterhub, Federated Login via InCommon)

Expected User Impact:
In the unlikely case TOTP tokens are created during this window they will be invalidated and require re-generation once the downtime is over.

Maintenance Type:
Transparent with minor impact stated above

Submitted By:
Masood Zaran, mzaran@bnl.gov
Mizuki Karasawa, mizuki@bnl.gov

Description:
Migration of MFA TOTP flow from Keycloak to PrivacyIDEA. Migration of existing TOTP tokens into IPA as well.