Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a tokenmode "outofband" #1698

Merged
merged 1 commit into from Jun 24, 2019

Conversation

Projects
None yet
3 participants
@cornelinux
Copy link
Member

commented Jun 19, 2019

challenge response tokens like "PUSH" and "TiQR" do the authentication
out of band. I.e. the 2nd /validate/check request or /auth request is
not used to send the response to the challenge but to verify, if the
challenge was answered correct. Therefore we must not increase the
failcounter in this case.

Closes #1697

Add a tokenmode "outofband"
challenge response tokens like "PUSH" and "TiQR" do the authentication
out of band. I.e. the 2nd /validate/check request or /auth request is
not used to send the response to the challenge but to verify, if the
challenge was answered correct. Therefore we must not increase the
failcounter in this case.

Closes #1697

@cornelinux cornelinux requested review from fredreichbier and Mipronimo Jun 19, 2019

@codecov

This comment has been minimized.

Copy link

commented Jun 19, 2019

Codecov Report

Merging #1698 into master will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1698      +/-   ##
==========================================
+ Coverage   96.99%   96.99%   +<.01%     
==========================================
  Files         148      148              
  Lines       17855    17864       +9     
==========================================
+ Hits        17319    17328       +9     
  Misses        536      536
Impacted Files Coverage Δ
privacyidea/lib/tokens/pushtoken.py 97.59% <100%> (ø) ⬆️
privacyidea/lib/tokenclass.py 98.79% <100%> (+0.01%) ⬆️
privacyidea/lib/tokens/tiqrtoken.py 98.68% <100%> (ø) ⬆️
privacyidea/lib/token.py 96.01% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ead5e1f...f658f55. Read the comment docs.

@fredreichbier
Copy link
Member

left a comment

Conceptually, I like this a lot! So, the distinction would be:

  • token mode challenge: the challenge response is sent to privacyIDEA in-band via the authentication channel. Example: the user enters an OTP value into a form, which is transmitted via HTTPS
  • token mode outofband: the challenge response is sent to privacyIDEA out-of-band via a secondary channel: e.g. the smartphones answers the challenge via HTTPS

Let's wait for @Mipronimo's review before merging though.

@Mipronimo

This comment has been minimized.

Copy link
Member

commented Jun 24, 2019

lgtm. 👍

@fredreichbier fredreichbier merged commit 7c0ceeb into master Jun 24, 2019

5 checks passed

ci/circleci Your tests passed on CircleCI!
Details
codecov/patch 100% of diff hit (target 96.99%)
Details
codecov/project 96.99% (+<.01%) compared to ead5e1f
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details

@fredreichbier fredreichbier deleted the 1697/challenge-response-out-of-band branch Jun 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.