Opened 11 years ago
Closed 11 years ago
#580 closed task (fixed)
Authenticate users using YubiKey sticks
Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | blocker | Milestone: | YubiKey v1.0 |
Component: | net.sf.basedb.yubikey | Keywords: | |
Cc: |
Description
The idea is to use the YubiKey one-time-password system for logging users into BASE. To be able to do this BASE ticket 1599 (http://base.thep.lu.se/ticket/1599) need to be implemented first.
The basic scheme goes something like this:
- The administrator of the BASE server assigns a YubiKey id to a user. This can be stored either in the 'externalId' field or as an extended property.
- When logging in, the user uses the YubiKey to fill in the "login" field and enters the "password" as usual. The usual login name is not used.
- The YubiKey login module check the BASE database for a user with the given YubiKey id. If a user is found, the key is sent to the "cloud" for verification. If no user is found the regular login/password authentication is used, but only users without any attached YubiKey id are allowed to use this.
Change History (10)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
(In [2252]) References #580: Authenticate users using YubiKey sticks
First version of the authentication manager. Since we don't yet have any actual keys, the only validation so far is that the login is avalid YubiKey one-time-password. For testing purposes, 'cccccccbcjdifctrndncchkftchjlnbhvhtugdljibej' can be used.
comment:3 by , 11 years ago
(In [2255]) References #580: Authenticate users using YubiKey sticks
Updating code to make it compatible with BASE core after http://base.thep.lu.se/changeset/6425
comment:4 by , 11 years ago
comment:5 by , 11 years ago
(In [2257]) References #580: Authenticate users using YubiKey sticks
Implemented actual verification of passwords against YubiCload. Seems to be working well. A manual configuration step to get a CLIENT_ID and CLIENT_KEY is needed when installing the extension for the first time. Instructions for this need to be written.
comment:6 by , 11 years ago
comment:7 by , 11 years ago
comment:8 by , 11 years ago
comment:9 by , 11 years ago
comment:10 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
(In [2249]) References #580: Authenticate users using YubiKey sticks
Initial checkin of folder structure, build files, metadata and other information.