• Home
• com.yubico.java
• yubico-validation-client
• 2.0RC3
• source code
• README

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.yubico.jaas.README Maven / Gradle / Ivy

These are JAAS-plugins for authentication using one time password tokens (YubiKeys primarily).

For information about JAAS configuration, see
  http://download.oracle.com/javase/1.5.0/docs/api/javax/security/auth/login/Configuration.html

YubikeyLoginModule :

  This JAAS plugin authenticates OTPs against the online Yubico validation servers.

  Parameters :

     clientId			Your Client API key for the validation service. Not actually
     				needed for validation v1, so set this to 4711.
     id2name_textfile		Filename with "public_idusername" info about which user
     				owns what key.
     verify_yubikey_owner	default: "true". Only set to "false" in pre-production
     				environments, otherwise ANY Yubikey will be accepted for ANY
				user!
     auto_provision_owner	default: "false". If set to "true", we will automatically
     				record any new Yubikeys used as belonging to the user that
				first logged in with them.
     id_realm			Something to append to the Yubikey public id when we construct
     				principals (e.g. "@my-validation-service.example.org").
     soft_fail_on_no_otps	default: false. Should the JAAS login module return failure
     				or asked to be ignored in case no OTPs are provided for
				validation?
     wsapi_urls			default: the YubiCloud validation URL. A "|" delimeted list of
     				ykval wsapi 2.0 URLs to use for OTP validation.
     sync_policy 		default: none, let the server decide. a value between 0 and 100
     				indicating the percentage of syncronization required by the client.

  Example configuration :

    YourApplicationAuth {
        com.yubico.jaas.YubikeyLoginModule required
    	    clientId="4711";
    };	
  

HttpOathOtpLoginModule :

  This JAAS plugin validates OATH OTPs using HTTP. The username and password
  entered in your application will be used to attempt a HTTP Basic Auth login
  to an URL you specify, and if that succeeds and the resulting response contains
  an expected string, authentication is granted.

  One tested backend solution for validation of the HOTPs is the Apache mod_authn_otp :

    http://code.google.com/p/mod-authn-otp/

  Parameters :

     protectedUrl	(required) The URL you have protected with OATH-HOTP
     			HTTP Basic Auth.
     expectedOutput	Default is "Authenticated OK".
     minLength		Default is 6.
     maxLength		Default is 12 (6-8 bytes HOTP and 4 bytes PIN).
     requireAllDigits	Default is "true".
     id_realm		Something to append to the username when we construct
     			principals (e.g. "@my-validation-service.example.org").


  Example configuration :

    YourApplicationAuth {
    	com.yubico.jaas.HTTPOathHotpLoginModule sufficient
	    protectedUrl = "http://auth.example.com/oath-protected/"
	    expectedOutput = "User authenticated OK";
    };