GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → sorah → clarion

sorah / clarion

Licence: MIT license
WebAuthn (U2F) helper for CLI operations (e.g. SSH Log in)

Programming Languages

ruby
36898 projects - #4 most used programming language
javascript
184084 projects - #8 most used programming language
HTML
75241 projects

Labels

fido-u2fpamu2fyubikeywebauthnfido2

Projects that are alternatives of or similar to clarion

awesome-yubikey
Curated list of awesome Yubikey resources, open source projects, tools and tutorials.
Stars: ✭ 22 (-71.79%)
Mutual labels:  u2f, yubikey, webauthn, fido2
keycloak-radius-plugin
Make the radius server as part of keycloak SSO
Stars: ✭ 102 (+30.77%)
Mutual labels:  yubikey, webauthn, fido2
Opensk
OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
Stars: ✭ 2,114 (+2610.26%)
Mutual labels:  u2f, webauthn, fido2
wp-webauthn
🔒 WP-WebAuthn allows you to safely login to your WordPress site without password.
Stars: ✭ 85 (+8.97%)
Mutual labels:  u2f, webauthn, fido2
Solo
Solo 1: open security key supporting FIDO2 & U2F over USB + NFC
Stars: ✭ 1,986 (+2446.15%)
Mutual labels:  u2f, webauthn, fido2
go-libfido2
libfido2 bindings for golang
Stars: ✭ 42 (-46.15%)
Mutual labels:  webauthn, fido2
webauthn-example
Basic WebAuthn client and server in go
Stars: ✭ 53 (-32.05%)
Mutual labels:  webauthn, fido2
webauthn-demo
WebAuthn demo with Ionic/Angular and Spring Boot
Stars: ✭ 22 (-71.79%)
Mutual labels:  webauthn, fido2
kagi
WebAuthn security keys and TOTP multi-factor authentication for Django
Stars: ✭ 17 (-78.21%)
Mutual labels:  u2f, webauthn
FIDO-Server
Open-source FIDO server, featuring the FIDO2 standard.
Stars: ✭ 17 (-78.21%)
Mutual labels:  webauthn, fido2
yubitell
Silently extract a YubiKey serial number
Stars: ✭ 15 (-80.77%)
Mutual labels:  u2f, yubikey
u2fdemo
U2F Demo and Debugger
Stars: ✭ 23 (-70.51%)
Mutual labels:  u2f, yubikey
line-fido2-server
FIDO2(WebAuthn) server officially certified by FIDO Alliance and Relying Party examples.
Stars: ✭ 350 (+348.72%)
Mutual labels:  webauthn, fido2
adfsmfa
MFA for ADFS 2022/2019/2016/2012r2
Stars: ✭ 86 (+10.26%)
Mutual labels:  webauthn, fido2
android-webauthn-authenticator
A WebAuthn Authenticator for Android leveraging hardware-backed key storage and biometric user verification.
Stars: ✭ 101 (+29.49%)
Mutual labels:  webauthn, fido2
uru-card
Arduino based firmware for FIDO2 Authenticator
Stars: ✭ 114 (+46.15%)
Mutual labels:  webauthn, fido2
u2f-php
FIDO/FIDO2 Universal 2 Factors (U2F) support for PHP
Stars: ✭ 25 (-67.95%)
Mutual labels:  u2f, webauthn
Authelia
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+14123.08%)
Mutual labels:  u2f, yubikey
CCU2F
An universal usable FIDO U2F authenticator applet for Java Cards
Stars: ✭ 32 (-58.97%)
Mutual labels:  fido-u2f, u2f
Howdy
🛡️ Windows Hello™ style facial authentication for Linux
Stars: ✭ 3,237 (+4050%)
Mutual labels:  pam
View All Similar Projects ➔

Clarion: WebAuthn helper for CLI operations (e.g. SSH Log in)

Clarion is a web-based frontend to allow remote,non-browser operations (CLI) to perform 2FA on their users.

How it works

Any software/scripts want to perform 2FA (app) creates a request on Clarion. Then app requests user to visit a request specific path on Clarion. Clarion then performs 2FA on behalf of app, and finally returns an authentication result to app.

Clarion also provides a way to retrieve user's key handle and public key.

Note that Clarion itself doesn't manage users' key handle and public key. User information should be provided every time when requesting authentication.

Set up

Clarion is a Rack application. Docker image is also available.

See config.ru for detailed configuration. The following environment variable is supported by the bundled config.ru.

  • SECRET_KEY_BASE (required)
  • CLARION_REGISTRATION_ALLOWED_URL (required): Regexp that matches against URLs. Only matched URLs are allowed for key registration callback.
  • CLARION_AUTHN_DEFAULT_EXPIRES_IN (default: 300): authn lifetime in seconds.
  • CLARION_STORE (required, default: s3): See docs/stores.md
  • S3 store:
    • CLARION_STORE_S3_BUCKET
    • CLARION_STORE_S3_REGION
    • CLARION_STORE_S3_PREFIX (optional, recommended to end with /)
  • CLARION_COUNTER (optional, default: dynamodb): See docs/counters.md
    • CLARION_COUNTER_DYNAMODB_TABLE
    • CLARION_COUNTER_DYNAMODB_REGION

Usage

Real world example: SSH log in

See ./examples/pam-u2f

Test implementation

Visit /test exists in your application. This endpoint doesn't work for multi-process/multi-threaded deployment.

See app/views/test.erb, app/views/test_callback.erb, app/public/test.js for implementation.

API

See docs/api.md

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

To-dos

  • Write an integration test
  • Write a unit test

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/sorah/clarion.

License

The gem is available as open source under the terms of the MIT License.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].