wiki:net.sf.basedb.otp/using

Version 5 (modified by Nicklas Nordborg, 6 years ago) ( diff )

Updated OTP documentation with information about the latest changes

How to use the OTP login extension

Configuring OTP login for a user

Note that the OTP setup must be done by the end user. This can't be done by the server administrator.

A smartphone or similar device that has the capability to read a QR code is needed. The device must also be able to run some an app for generating one-time passwords. For example, the FreeOTP app is available for both Android and iOS, but any app that is compatible with the Google authenticator implementation should work.

  1. Go the login page of the BASE installation.
  2. Click on the link for setting up OTP. A popup dialog window should be opened.
  3. Fill in the username in the Login field and the password in the Password field.
  4. A QR code should automatically be generated. Use the OTP app on the device to scan the QR code. It should automatically configure an entry with the settings that are needed.
  5. In the setup dialog, there is also a possibility to change the password. This is optional.
  6. Let the OTP app generate a one-time passcode. Enter it in the One-time passcode field.
  7. Click on Save.

Notes

  • If something goes wrong and you have to start over you should delete the entry in your OTP app before restarting the setup.
  • Once the OTP setup has been completed it can't be removed except by a server administrator.

Logging in

Once a user has configured OTP, that user must always login with OTP.

  1. Type in the regular username in the Login field.
  2. Type in the regular password in the Password field. Note that the server admin may have configured the server to not require a password. In this case there is no password field.
  3. Use the configured device (eg. smartphone) to generate the one-time passcode. It should be 6 digits.
  4. Type the number into the One-time passcode field and click Login.
  5. Note the regular password is not needed.

Notes

  • The server admin may decide if OTP should be optional or required. If it is optional the One-time passcode field is named OTP or password instead.
  • If the device that is used to generate OTP codes is lost or stops working, it will not be possible to login. Please contact a server administrator for resetting the OTP configuration.

Remove OTP from a user account

This can only be done by a server administrator.

  1. Go to the Administrate->Users list, locate the user and and open the edit dialog.
  2. Switch to the OTP tab, and click on the Reset button.
  3. If the Require OTP option is enabled the user must re-configure OTP before logging in the next time.
  4. Save.

Force OTP to be used

This can be done for all users by editing the base-otp.properties file and setting the require-otp setting. See the installation instructions for more information.

This can also be done per user account:

  1. Go to the Administrate->Users list, locate the user and and open the edit dialog.
  2. Switch to the OTP tab, and enabled the Require OTP option.
  3. Save.

Notes

  • If OTP has already been configured for a user, the user must use OTP so the Require OTP setting is not visible or needed in this case.
Note: See TracWiki for help on using the wiki.