Download the PHP package aidan/simplesamlphp-module-simpletotp without Composer
On this page you can find all versions of the php package aidan/simplesamlphp-module-simpletotp. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download aidan/simplesamlphp-module-simpletotp
More information about aidan/simplesamlphp-module-simpletotp
Files in aidan/simplesamlphp-module-simpletotp
Package simplesamlphp-module-simpletotp
Short Description A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp
License
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package simplesamlphp-module-simpletotp
SimpleTOTP
SimpleTOTP is a SimpleSAMLphp auth processing filter that enables the use of the Time-Based One-Time Password Algorithm (TOTP) as a second-factor authentication mechanism on either an Identity Provider or Service Provider (...or both!).
This has been tested with Google Authenticator on iOS and Android.
Why?
While a there are a few two-factor authentication modules that already exist for SimpleSAMLphp, they are all implemented as authentication sources.
As an auth processing filter, this module is flexible in a number of ways:
- agnostic to where the TOTP secret is stored
- can be enabled on select Service Providers or an entire Identity Provider
Usage
Like any other auth process filter, this module needs to be configured in an authproc array in either config.php or in the metadata for a particular service provider or identity provider.
Prerequisites
The needs to be available in the attribute payload as it is used to generate the token for comparison. This can be added using other auth process filters to look up an external databases of sorts (SQL, LDAP, etc).
After the module has been called, the attribute will be moved out of the user attribute array. As a safety precaution an extra step should be taken ensure this attribute is removed. This can be done using the filter or similar.
Example
Placed in either config.php's authproc or in the appropriate metadata entity:
Placed in config.php authproc as one of the last functions to be processed:
Example of how it can work with example-userpass module. Below config goes in authsource.php This module is enabled by default but if it is not make sure you create a file called enable inside modules/exampleauth directory.
After logging in with username: student password: studentpass, you will be challenged for TOTP. 4HX4WBKVIJWDUV5I is a secret key that can be generate by visiting /simplesaml/module.php/simpletotp/generate_token.php
A random one will be generated everytime. You can also use the QR code to register your IdP with apps such as FreeOTP or Google Authenticator etc.
NOTE: for TOTP to work you MUST ensure that the clock on your server is in sync. If it is not, a matching token will never be generated and authentication will fail.
Installation
Via Git
A simple in the SimpleSAMLphp module directory is all that is required.
Via Composer
TODO
- improve usage documentation with examples using external database(s) as data sources
- add basic brute force prevention
