Download the PHP package silinternational/simplesamlphp-module-mfa without Composer

On this page you can find all versions of the php package silinternational/simplesamlphp-module-mfa. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package simplesamlphp-module-mfa

Archived

This repository is no longer maintained. It has been included directly in https://github.com/silinternational/ssp-base.

--

Multi-Factor Authentication (MFA) simpleSAMLphp Module

A simpleSAMLphp module for prompting the user for MFA credentials (such as a TOTP code, etc.).

This mfa module is implemented as an Authentication Processing Filter, or AuthProc. That means it can be configured in the global config.php file or the SP remote or IdP hosted metadata.

It is recommended to run the mfa module at the IdP, and configure the filter to run before all the other filters you may have enabled.

How to use the module

Simply include simplesamlphp/composer-module-installer and this module as required in your composer.json file. The composer-module-installer package will discover this module and copy it into the modules folder within simplesamlphp.

You will then need to set filter parameters in your config. We recommend adding them to the 'authproc' array in your metadata/saml20-idp-hosted.php file.

Example (for metadata/saml20-idp-hosted.php):

use Sil\PhpEnv\Env;
use Sil\Psr3Adapters\Psr3SamlLogger;

// ...

'authproc' => [
    10 => [
        // Required:
        'class' => 'mfa:Mfa',
        'employeeIdAttr' => 'employeeNumber',
        'idBrokerAccessToken' => Env::get('ID_BROKER_ACCESS_TOKEN'),
        'idBrokerAssertValidIp' => Env::get('ID_BROKER_ASSERT_VALID_IP'),
        'idBrokerBaseUri' => Env::get('ID_BROKER_BASE_URI'),
        'idBrokerTrustedIpRanges' => Env::get('ID_BROKER_TRUSTED_IP_RANGES'),
        'idpDomainName' => Env::get('IDP_DOMAIN_NAME'),
        'mfaSetupUrl' => Env::get('MFA_SETUP_URL'),

        // Optional:
        'loggerClass' => Psr3SamlLogger::class,
    ],

    // ...
],

The employeeIdAttr parameter represents the SAML attribute name which has the user's Employee ID stored in it. In certain situations, this may be displayed to the user, as well as being used in log messages.

The loggerClass parameter specifies the name of a PSR-3 compatible class that can be autoloaded, to use as the logger within ExpiryDate.

The mfaSetupUrl parameter is for the URL of where to send the user if they want/need to set up MFA.

The idpDomainName parameter is used to assemble the Relying Party Origin (RP Origin) for WebAuthn MFA options.

Testing Locally

Setup

Add entries to your hosts file to associate mfa-sp.local and mfa-idp.local with the IP address of your docker containers (which is the IP address from the Vagrantfile if you are running docker within the Vagrant VM).

Automated Testing

Run make test.

Manual Testing

Go to http://mfa-sp.local:52021/module.php/core/authenticate.php?as=mfa-idp in your browser and sign in with one of the users defined in development/idp-local/config/authsources.php. Example: username = must_set_up_mfa, password = a

Go to http://mfa-sp.local:52021/module.php/core/as_logout.php?ReturnTo=/&AuthId=mfa-idp to logout.

Why use an AuthProc for MFA?

Based on...

... it seems sufficiently safe to implement MFA using a simpleSAMLphp AuthProc.

For more of the details, please see this Stack Overflow Q&A:
https://stackoverflow.com/q/46566014/3813891

Contributing

To contribute, please submit issues or pull requests at https://github.com/silinternational/simplesamlphp-module-mfa

Acknowledgements

This is adapted from the silinternational/simplesamlphp-module-expirychecker module, which itself is adapted from other modules. Thanks to all those who contributed to that work.

All versions of simplesamlphp-module-mfa with dependencies

PHP Build Version
Package Version
Requires php Version >=7.2
ext-json Version *
silinternational/php-env Version ^2.1 || ^3.0
silinternational/psr3-adapters Version ^1.1 || ^2.0 || ^3.0
simplesamlphp/simplesamlphp Version ~1.17.7 || ~1.18.5 || ~1.19.0
silinternational/idp-id-broker-php-client Version ^4.0.0
sinergi/browser-detector Version ^6.1
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package silinternational/simplesamlphp-module-mfa contains the following files

Loading the files please wait ....