Skip to content

/ Alfresco-Yubikey-Extension

Implementation of two-factor authentication for Alfresco using a YubiKey.

Apache-2.0 License
7 stars 0 forks
Star
Watch
master
3 branches 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.settings
Initial commit.
Sep 29, 2011
src
Fixed serializable error on startup
Apr 24, 2014
web
Updated Yubico client library to fix signature validation failure
Apr 6, 2014
.classpath
Initial commit.
Sep 29, 2011
.gitignore
Initial commit.
Sep 29, 2011
.project
Initial commit.
Sep 29, 2011
COPYING
Applying license terms.
Sep 30, 2011
README
Enabled Share login with a key by default
Apr 6, 2014
build.xml
modified the dependencies on the integrate-extension target
Mar 11, 2014
file-mapping.properties
Updated the build script to generate an AMP file. Updated the README …
Mar 10, 2014
module.properties
Updated the build script to generate an AMP file. Updated the README …
Mar 10, 2014

README 

Alfresco Yubikey Extension
============================================

Author: Simon Buckle
Email: simon@webteq.eu

This is an extension for Alfresco that implements two-factor authentication using a YubiKey.

Configuration
-------------

By default, Yubico's validation servers are used to validate the OTPs generated by the key. As such, you will need to get an API key (https://upgrade.yubico.com/getapikey/). Once you have signed up, you will need to update the 'YubicoClient' bean definition in the configuration file (verification-service-context.xml) with the client id and (optionally) the key.

If you are using your own validation servers then the default validation server URLs will also need to be changed.

For robustness, each username needs to be mapped to a key. The default implementation looks for a mapping file /etc/keydb.
Each entry in the file should be on a separate line and fields should be separated by ":".
Each entry should map the username to the device id, e.g. admin:abcdefghi. 

Installation
------------

This extension has been tested against Alfresco 3.4.

Copy alfresco.war to the root directory of the extension and run: ant integrate-extension

The alternative is to run: ant package-extension. 
This will produce a zip file. To deploy it, extract the contents of the zip file to the root directory of the deployed Alfresco instance, e.g. unzip bin/dist/yubikey-login.zip -d $TOMCAT_HOME/webapps/alfresco

To build an AMP file run: ant package-amp

To install it, run the following command: java -jar $ALF_HOME/bin/alfresco-mmt.jar install bin/dist/yubikey-login.amp $TOMCAT_HOME/webapps/alfresco.war -force

You have to force it because it overrides faces-config-custom.xml in /WEB-INF/.

Note
----

This extension comes bundled with a pre-built version of the Yubico Java client.

This is a customised build of the client that can be found here:
https://github.com/sbuckle/yubico-java-client

License
-------

The code is released under the Apache 2.0 license.

Support
-------

Keys can be reprogrammed if you want to host your own validation servers. If you want some help with this or to discuss the available options, then feel free to send me an email.

About

Implementation of two-factor authentication for Alfresco using a YubiKey.

Resources

Readme

License

Apache-2.0 License

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.