Adding support for custom YubiKey validation server (tracker 32724) #2582
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
IMPORTANT: Please see Joomla! Tracker item 32724
The YubiKey two factor authentication plugin distributed with Joomla! 3.2.0 can only validate the code generated by the YubiKey against the public YubiCloud validation servers.
YubiKey allows you to create private validation servers using the Free and Open Source Software for custom validation servers provided by YubiCo. This is a great solution for Intranets and for elevated security environments e.g. enterprise) where tighter control of the YubiKeys is required.
This PR implements a new parameter in the YubiKey Two Factor Authentication plugin which allows the user to provide the URL of their custom key server.
Test instructions
Apply the path. Edit the Two Factor Authentication - YubiKey plugin. You will now see a new parameter called "Custom validation server". Enter your custom validation server URL, e.g.
http://www.example.com/mykeyserver/wsapi/2.0/verify
IMPORTANT: You MUST add the
/wsapi/2.0/verify
suffix to your URL.If you have a custom validation server the YubiKey code will be now validated against your custom server. You can try enabling the two factor authentication using such a server and a YubiKey configured to only validate against it to verify this patch.
Project management information
Backwards compatibility
None. This change is 100% backwards compatible.
Developer information
None. The change is transparent to developers.
Language changes
This PR adds two new language strings in the file administrator/language/en-GB/en-GB.plg_twofactorauth_yubikey.ini: PLG_TWOFACTORAUTH_YUBIKEY_CUSTOMSERVER_DESC and PLG_TWOFACTORAUTH_YUBIKEY_CUSTOMSERVER_LABEL