privacyIDEA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using privacyIDEA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications.
privacyIDEA does not bind you to any decision of the authentication protocol or it does not dictate you where your user information should be stored. This is achieved by its totally modular architecture. privacyIDEA is not only open as far as its modular architecture is concerned. But privacyIDEA is completely licensed under the AGPLv3.
It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices like Yubikey and Plug-Up, smartphone Apps like Google Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.
privacyIDEA is based on Flask and SQLAlchemy as the python backend. The web UI is based on angularJS and bootstrap. A MachineToken design lets you assign tokens to machines. Thus you can use your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.
You can setup the system in a virtual environment:
git clone https://github.com/privacyidea/privacyidea.git cd privacyidea virtualenv venv source venv/bin/activate pip install -r requirements.txt
Read the install instructions at http://privacyidea.readthedocs.org.
Create the database and encryption key:
./pi-manage createdb ./pi-manage create_enckey
Create the key for the audit log:
Create the first administrator:
./pi-manage admin add <username>
Now you can connect to http://localhost:5000 with your browser and login as administrator.
Run in virtualenv
For running the server in a virtual env see documentation at http://privacyidea.readthedocs.org/en/latest/installation/index.html#python-package-index.
nosetests -v --with-coverage --cover-package=privacyidea --cover-html
The database models are defined in
models.py and tested in
Based on the database models there are the libraries
lib/config.py which is
responsible for basic configuration in the database table
And the library
lib/resolver.py which provides functions for the database
resolver. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library
lib/realm.py which provides
for the database table
realm. Several resolvers are combined into a realm.
Based on the realm there is the library
lib/user.py which provides functions
for users. There is no database table user, since users are dynamically read
from the user sources like SQL, LDAP, SCIM or flat files.
In certain cases the database structure has changed (1.5->2.0). Read http://privacyidea.readthedocs.org/en/latest/installation/upgrade.html for upgrade instructions.
privacyIDEA adheres to Semantic Versioning.