GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → aidan- → SimpleTOTP

aidan- / SimpleTOTP

Licence: MIT license
A highly configurable yet simple to use TOTP based two-factor authentication processing module for SimpleSAMLphp.

Programming Languages

PHP
23972 projects - #3 most used programming language
CSS
56736 projects

Labels

samlsimplesamlphptotpgoogle-authenticatorsspidentity-providermfatwo-factor-authenticationmulti-factor-authentication2faidp

Projects that are alternatives of or similar to SimpleTOTP

One Time
One Time Password (TOTP and HOTP) library for Clojure. TOTP/HOTP is widely used for Two Factor / Multi Factor Authentication.
Stars: ✭ 129 (+706.25%)
Mutual labels:  totp, mfa, two-factor-authentication, 2fa
mfaws
🔒 AWS multi-factor authentication for the CLI
Stars: ✭ 38 (+137.5%)
Mutual labels:  mfa, two-factor-authentication, multi-factor-authentication, 2fa
Authelia
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+69237.5%)
Mutual labels:  totp, mfa, two-factor-authentication, 2fa
apache 2fa
Apache two-factor (2FA) authentication with Google Authenticator based on Time-based One-Time Password (TOTP) or HMAC-based one-time password (HOTP) Algorithms.
Stars: ✭ 63 (+293.75%)
Mutual labels:  totp, google-authenticator, two-factor-authentication, 2fa
adfsmfa
MFA for ADFS 2022/2019/2016/2012r2
Stars: ✭ 86 (+437.5%)
Mutual labels:  totp, mfa, multi-factor-authentication
Authenticatorpro
📱 Two-Factor Authentication (2FA) client for Android + Wear OS
Stars: ✭ 155 (+868.75%)
Mutual labels:  totp, two-factor-authentication, 2fa
extract otp secret keys
Extract two-factor authentication (2FA, TFA) secret keys from export QR codes of "Google Authenticator" app
Stars: ✭ 217 (+1256.25%)
Mutual labels:  totp, google-authenticator, 2fa
Twofactor totp
🔑 Second factor TOTP (RFC 6238) provider for Nextcloud
Stars: ✭ 203 (+1168.75%)
Mutual labels:  totp, two-factor-authentication, 2fa
2FAuth
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes
Stars: ✭ 664 (+4050%)
Mutual labels:  totp, two-factor-authentication, 2fa
pyotp
Python One-Time Password Library
Stars: ✭ 1,930 (+11962.5%)
Mutual labels:  totp, mfa, 2fa
Two Factor Bundle
[OUTDATED] Two-factor authentication for Symfony applications 🔐 (bunde version ≤ 4). Please use version 5 from https://github.com/scheb/2fa.
Stars: ✭ 388 (+2325%)
Mutual labels:  totp, two-factor-authentication, 2fa
crotp
CrOTP - One Time Passwords for Crystal
Stars: ✭ 62 (+287.5%)
Mutual labels:  totp, two-factor-authentication, 2fa
kagi
WebAuthn security keys and TOTP multi-factor authentication for Django
Stars: ✭ 17 (+6.25%)
Mutual labels:  totp, multi-factor-authentication, 2fa
a12n-server
A ready-to-launch User and Authentication system for those that don't want to build it
Stars: ✭ 324 (+1925%)
Mutual labels:  totp, mfa, 2fa
rx-otp
HMAC-based (HOTP) and Time-based (TOTP) One-Time Password manager. Works with Google Authenticator for Two-Factor Authentication.
Stars: ✭ 79 (+393.75%)
Mutual labels:  totp, google-authenticator, two-factor-authentication
Java Otp
A one-time password (HOTP/TOTP) library for Java
Stars: ✭ 265 (+1556.25%)
Mutual labels:  totp, two-factor-authentication, 2fa
Onetimepassword
🔑 A small library for generating TOTP and HOTP one-time passwords on iOS.
Stars: ✭ 243 (+1418.75%)
Mutual labels:  totp, two-factor-authentication, 2fa
crowbar
Securily generates temporary AWS credentials through identity providers using SAML
Stars: ✭ 23 (+43.75%)
Mutual labels:  saml, mfa, idp
totp
Time-Based One-Time Password Code Generator
Stars: ✭ 76 (+375%)
Mutual labels:  totp, two-factor-authentication, 2fa
crystal-two-factor-auth
Two Factor Authentication Crystal code implementing the Time-based One-time Password Algorithm
Stars: ✭ 24 (+50%)
Mutual labels:  totp, two-factor-authentication, 2fa
View All Similar Projects ➔

SimpleTOTP

SimpleTOTP is a SimpleSAMLphp auth processing filter that enables the use of the Time-Based One-Time Password Algorithm (TOTP) as a second-factor authentication mechanism on either an Identity Provider or Service Provider (...or both!).

This has been tested with Google Authenticator on iOS and Android.

Why?

While a there are a few two-factor authentication modules that already exist for SimpleSAMLphp, they are all implemented as authentication sources.

As an auth processing filter, this module is flexible in a number of ways:

  • agnostic to where the TOTP secret is stored
  • can be enabled on select Service Providers or an entire Identity Provider

Usage

Like any other auth process filter, this module needs to be configured in an authproc array in either config.php or in the metadata for a particular service provider or identity provider.

Prerequisites

The secret_attr needs to be available in the attribute payload as it is used to generate the token for comparison. This can be added using other auth process filters to look up an external databases of sorts (SQL, LDAP, etc).

After the module has been called, the attribute will be moved out of the user attribute array. As a safety precaution an extra step should be taken ensure this attribute is removed. This can be done using the core:AttributeAlter filter or similar.

Example

Placed in either config.php's authproc or in the appropriate metadata entity:

10 => array(
	'class' => 'simpletotp:2fa',
	'secret_attr' => 'ga_secret', //default
	'enforce_2fa' => false, //default
	'not_configured_url' => NULL,  //default
),

Placed in config.php authproc as one of the last functions to be processed:

99 => array(
	'class' => 'core:AttributeAlter',
	'subject' => 'ga_secret',
	'pattern' => '/.*/',
	'%remove',
),

Example of how it can work with example-userpass module. Below config goes in authsource.php This module is enabled by default but if it is not make sure you create a file called enable inside modules/exampleauth directory.

	'example-userpass' => array(
		'exampleauth:UserPass',
		'student:studentpass' => array(
			'uid' => array('test'),
			'ga_secret' => array('4HX4WBKVIJWDUV5I'),
			'eduPersonAffiliation' => array('member', 'student'),
		),
	),

After logging in with username: student password: studentpass, you will be challenged for TOTP. 4HX4WBKVIJWDUV5I is a secret key that can be generate by visiting /simplesaml/module.php/simpletotp/generate_token.php

A random one will be generated everytime. You can also use the QR code to register your IdP with apps such as FreeOTP or Google Authenticator etc.

NOTE: for TOTP to work you MUST ensure that the clock on your server is in sync. If it is not, a matching token will never be generated and authentication will fail.

Installation

Via Git

A simple git clone in the SimpleSAMLphp module directory is all that is required.

Via Composer

composer.phar require aidan/simplesamlphp-module-simpletotp

TODO

  • improve usage documentation with examples using external database(s) as data sources
  • add basic brute force prevention
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].