Version 8 (modified by Nicklas Nordborg, 6 years ago) ( diff )

More documentation related to #1086

Installing the YubiKey authentication extension

Installation and updating

  1. Download the latest yubikey-x.y.tar.gz file from the YubiKey main page.
  2. Unpack the downloaded file to a directory of your choice.
    1. Generate a key for use with the Yubico Web Services (see below)
    2. Update the BASE database with additional columns in the users table (see below)
  4. Make additional configuration settings (see below)
  5. Copy the yubikey.jar file to your BASE plug-ins directory. Look in your base.config file if you don't know where this is.
  6. Log in to BASE as an administrator and go to the Administrate->Plug-ins & Extensions->Overview page.
  7. Run the installation wizard and select to install yubikey.jar.
  8. Done


Before installing the YubiKey extension for the first time there are a few configuration steps that must be performed. Unless otherwise noted, these steps only need to be done the first time.

A. Generate a key for use with Yubico Web Services

Without this key the extension is not allowed to validate passwords against the YubiCloud.

  1. Go to and follow the instructions.
  2. Store the generated KEY and CLIENT_ID in the file that was included with this extension.
  3. Move or copy the file to the WEB-INF/classes directory of your BASE installation.

B. Update the BASE database with additional columns in the users table

  1. Move or copy the yubikey-extended-properties.xml file to the WEB-INF/classes/extended-properties directory.
  2. Shut down the BASE server including any job agents.
  3. Run the script shipped with the BASE installation. This should create additional column in the Users table that are used to store YubiKey-related information.
  4. Restart the BASE server and job agents.

Additional configuration settings

There are some additional configuration settings that can be made in the file. This step is optional. If you are installing multiple login managers on the same system you probably want to check the value for the allow-other-authentication setting. The authentication method published by this extension is named yubikey. You may need this when configuring the other login managers.

no-yubikey (since 1.1)

Comma- or whitespace- separated list of application ids for which YubiKey login should be disabled. For example, if you have installed the FTP server but do not want to use YubiKey for that:

no-yubikey = net.sf.basedb.clients.ftp

require-yubikey (since 1.3)

Comma- or whitespace- separated list of application ids for which YubiKey login is required. Users without a YubiKey will not be able to use those clients. For example, to force all users of the web client to use YubiKey:

require-yubikey = net.sf.basedb.clients.web

allow-other-authentication (since 1.5)

Comma- or whitespace- separated list of other authentication methods that are allowed even if a user has configured a YubiKey. Use * as a wildcard for all other authentication methods (including password authentication). Examples:

# Also allow password authentication even if a user has a YubiKey
allow-other-authentication = password

# Allow all other authentication methods
allow-other-authentication = *

# If the OTP login extension is also installed we can 
# allow users to use either YubiKey or OTP (with or without password)
allow-other-authentication = otp-only otp+password
Note: See TracWiki for help on using the wiki.