#893 closed enhancement (fixed)
Add support for using login+password+yubikey otp when logging in
Reported by: | Nicklas Nordborg | Owned by: | Nicklas Nordborg |
---|---|---|---|
Priority: | major | Milestone: | YubiKey v1.3 |
Component: | net.sf.basedb.yubikey | Keywords: | |
Cc: |
Description
The regular web client only has support for two input fields in the login form. Thus, when using YubiKey the username was skipped to instead use one-time-password generated by the YubiKey.
When creating new client applications it is possible to design the login form differently and require 3 input fields:
- Username
- Password
- YubiKey OTP
The extra information can be sent with the LoginRequest.setAttribute()
method.
NOTE! This will not change the behaviour in the regular web client, only in clients created specifically with this in mind (see #891).
Change History (2)
comment:1 by , 8 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:2 by , 8 years ago
Note:
See TracTickets
for help on using tickets.
(In [3994]) Fixes #893: Add support for using login+password+yubikey otp when logging in
Setting a login request attribute with the username triggers a slightly different authentication where the all three of YubiKey OTP, username and password must match. Client applications that want to use this feature should create a
LoginRequest
instance as this:As before the YubiKey OTP is checked and verified by the cloud service to make sure that it can't be re-used later.
Then, we find the user with the given username and check that the YubiKey actually belongs to that user. The last step is to verify the password.