Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#893 closed enhancement (fixed)

Add support for using login+password+yubikey otp when logging in

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: major Milestone: YubiKey v1.3
Component: net.sf.basedb.yubikey Keywords:
Cc:

Description

The regular web client only has support for two input fields in the login form. Thus, when using YubiKey the username was skipped to instead use one-time-password generated by the YubiKey.

When creating new client applications it is possible to design the login form differently and require 3 input fields:

  • Username
  • Password
  • YubiKey OTP

The extra information can be sent with the LoginRequest.setAttribute() method.

NOTE! This will not change the behaviour in the regular web client, only in clients created specifically with this in mind (see #891).

Change History (2)

comment:1 Changed 4 years ago by Nicklas Nordborg

Resolution: fixed
Status: newclosed

(In [3994]) Fixes #893: Add support for using login+password+yubikey otp when logging in

Setting a login request attribute with the username triggers a slightly different authentication where the all three of YubiKey OTP, username and password must match. Client applications that want to use this feature should create a LoginRequest instance as this:

LoginRequest request = new LoginRequest(yubikeyOTP, password);
request.setAttribute("username", username);

As before the YubiKey OTP is checked and verified by the cloud service to make sure that it can't be re-used later.

Then, we find the user with the given username and check that the YubiKey actually belongs to that user. The last step is to verify the password.

comment:2 Changed 4 years ago by Nicklas Nordborg

(In [3996]) References #891: Report delivery system

Started with a new login page for the delivery client. It has been designed with the new username+password+yubikey login in mind (see #893).

So far it will only make some basic validation on the input fields. The actual login is not implemented.

Note: See TracTickets for help on using tickets.