Opened 5 years ago

Closed 5 years ago

#580 closed task (fixed)

Authenticate users using YubiKey sticks

Reported by: Nicklas Nordborg Owned by: Nicklas Nordborg
Priority: blocker Milestone: YubiKey v1.0
Component: net.sf.basedb.yubikey Keywords:
Cc:

Description

The idea is to use the YubiKey? one-time-password system for logging users into BASE. To be able to do this BASE ticket 1599 (http://base.thep.lu.se/ticket/1599) need to be implemented first.

The basic scheme goes something like this:

  1. The administrator of the BASE server assigns a YubiKey? id to a user. This can be stored either in the 'externalId' field or as an extended property.
  2. When logging in, the user uses the YubiKey? to fill in the "login" field and enters the "password" as usual. The usual login name is not used.
  3. The YubiKey? login module check the BASE database for a user with the given YubiKey? id. If a user is found, the key is sent to the "cloud" for verification. If no user is found the regular login/password authentication is used, but only users without any attached YubiKey? id are allowed to use this.

Change History (10)

comment:1 Changed 5 years ago by Nicklas Nordborg

(In [2249]) References #580: Authenticate users using YubiKey? sticks

Initial checkin of folder structure, build files, metadata and other information.

comment:2 Changed 5 years ago by Nicklas Nordborg

(In [2252]) References #580: Authenticate users using YubiKey? sticks

First version of the authentication manager. Since we don't yet have any actual keys, the only validation so far is that the login is avalid YubiKey? one-time-password. For testing purposes, 'cccccccbcjdifctrndncchkftchjlnbhvhtugdljibej' can be used.

comment:3 Changed 5 years ago by Nicklas Nordborg

(In [2255]) References #580: Authenticate users using YubiKey? sticks

Updating code to make it compatible with BASE core after http://base.thep.lu.se/changeset/6425

comment:4 Changed 5 years ago by Nicklas Nordborg

(In [2256]) References #580: Authenticate users using YubiKey? sticks

Adding extension that customizes the login form for YubiKey? usage.

comment:5 Changed 5 years ago by Nicklas Nordborg

(In [2257]) References #580: Authenticate users using YubiKey? sticks

Implemented actual verification of passwords against YubiCload?. Seems to be working well. A manual configuration step to get a CLIENT_ID and CLIENT_KEY is needed when installing the extension for the first time. Instructions for this need to be written.

comment:6 Changed 5 years ago by Nicklas Nordborg

(In [2258]) References #580: Authenticate users using YubiKey? sticks

Store YubiKey? information as extended properties instead of in the 'externalid' field.

Check regular password before verifying the YubiKey? password.

comment:7 Changed 5 years ago by Nicklas Nordborg

(In [2259]) References #580: Authenticate users using YubiKey? sticks

Added a YubiKey? tab in the 'Edit user' dialog. This should make it relatively easy to register/unregister a YubiKey? with a certain user.

comment:8 Changed 5 years ago by Nicklas Nordborg

(In [2260]) References #580: Authenticate users using YubiKey? sticks

Restricting write permission to YubiKey? properties to administrators.

comment:9 Changed 5 years ago by Nicklas Nordborg

(In [2263]) References #580: Authenticate users using YubiKey? sticks

Updating README.

comment:10 Changed 5 years ago by Nicklas Nordborg

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.