google-authenticator | Open source version of Google Authenticator | Authentication library
kandi X-RAY | google-authenticator Summary
kandi X-RAY | google-authenticator Summary
The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms. One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH) (which is unrelated to OAuth). This GitHub project is specifically for the Google Authenticator apps which target the Blackberry and iOS mobile platforms.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Runs the MADlet
- Get the encoding from the content - type header
- Get the PIDlet version
- Returns the next line of text
- Finalize the digest
- Reset the hash variables
- Update the current word
- Reads characters from this reader and stores them in the specified buffer
- Fills the buffer
- Adds the context menu to the context menu
- Deletes all the accounts for the account
- Creates the menu to use
- Sets the mark position in this reader
- Creates an instance of the given object
- Start application
- Gets the index of the first item in listField that matches the given prefix
- Runs the Authenticator
- Initializes the digest
- Computes the digest
- Process a word
- Called when a field has changed
- Search the query string with the given key
- Skips characters in the input stream
- Draw a list row
- Determines whether or not a specified string matches
- Gets the byte length of the digest
google-authenticator Key Features
google-authenticator Examples and Code Snippets
Community Discussions
Trending Discussions on google-authenticator
QUESTION
We already have a single authentication process using Active Directory for our home made web sites (simple login and password). Our AD is also on Azure (everything is synchronized).
Now we want 2 factors authentification using this: (Microsoft Authenticator) https://www.microsoft.com/en-us/account/authenticator
I've been searching for an exemple for a while, but most of the tutorials I found are about MVC CORE; I'm not using core, just regular MVC .Net Framework. Furthermore, the only tutorials I found using .Net framework were for Google authenticator, not Microsoft's one.
The intended behavior would be the same as when I connect to office 365, first I enter my password in the web site, then I receive a notification on my cell phone (for exemple), by approving the connection, I can have access to web content.
I'm still trying to figure out if this is even allowed, is Microsoft Authenticator only meant to be used for Microsoft developers or can we random developers use this app for our 2FA needs? Or is there a way to trigger the office 365 authentication windows?
If yes, they don't seem eager to share any code or tutorial for MVC .net Framework. (I'm still searching)
EDIT for comments:
Microsoft auth .Net Core documentation:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/mfa?view=aspnetcore-5.0
Google auth with .Net framework documentation:
https://medium.com/@henryhdelgado/2fa-with-google-authenticator-in-asp-mvc-4788c79c47
...ANSWER
Answered 2021-Feb-10 at 18:50In short: you don't need to do anything (provided that your application authenticates users using OIDC, which it will do if you're using Azure Active Directory or Office 365 with your application). Just flip the switch in your organization's O365 or AAD settings to require TOTP/2FA.
However, if your application is actually authenticating against on-prem AD (whether using Kerberos via the browser shell, or with "Forms authentication") and you can't make your web-application authenticate against AAD/O365 (not on-prem AD) and you don't have AD Federation working, then you're in for a world of pain because getting on-prem 2FA working is a massive undertaking that requires just as much work from your sysadmins as it does from you (and then your question would be closed for being "too broad", sorry!)
Authenticating against AAD/O365 can be done using any OIDC client library, though Microsoft does make a purpose-built library available on NuGet which works in .NET Framework applications in addition to .NET Core: https://www.nuget.org/packages/Microsoft.Identity.Client/ (formerly https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/ )
"Azure Active Directory" (AAD) is a misnomer btw, as it has very little to do with on-prem Active Directory. That said, if you're using Office 365 within your enterprise then you will already have AAD up-and-running - just be aware that it's still completely unrelated to Active Directory (as far as technology is concerned).
Using AAD/O365 for SSO basically means using OIDC (whereas on-prem AD is Kerberos, not OIDC) - so any OIDC library can be used with AAD/O365. The TOTP/2FA part is handled entirely by AAD/O365 so you don't actually need to do anything in your own application to handle TOTP/2FA.
QUESTION
Please help me to find out the solution.
- Does anyone know how to write a unit test stub using PHPUnit for scanning a barcode? FYI : In our application, two-factor authentication used(google authenticator). When users enter a valid username and password next screen displayed with barcode, we scan that barcode using the google-authenticator app on mobile then 6 digit code is generated, which we enter in web application then redirects to the home page.
- How to set a cookie while writing unit test stub for login?
ANSWER
Answered 2020-Jul-23 at 17:42- Create an abstraction for your 2FA
- Make Google Authenticator the default implementation
- Create a fake implementation that suits your needs. This could be a fixed six digit code that is always valid or you make it configurable
- Swap the default implementation with the fake in your tests
- Test the scenarios you need to test in your login process
- Create a manual test to make sure that your Google Authenticator implementation is actually working
I know this answer is rather abstract, but your question was not very concrete either. If you can provide more details, I'd be happy to go into it.
QUESTION
I have CAS 6.2.x running in Kubernetes building the image from this repo. I am passing in the cas.properties file via configmap.I have it wired up against Active Directory and am able to login with the Username/Password. I am now working to enable MFA with the Google Authenticator plugin. I have this working as well if I force the flow globally with the following:
cas.authn.mfa.global-provider-id=mfa-gauth
When I try to use the values described here for Multifactor Authentication: Principal Attribute Trigger it doesn't send me to the MFA flow. These are the settings that I have set:
cas.authn.ldap[0].principalAttributeList=userPrincipalName,cn,givenName,sAMAccountName,memberOf
cas.authn.mfa.global-principal-attribute-name-triggers=memberOf
cas.authn.mfa.global-principal-attribute-value-regex=ForceMfa
When I log in these are the values returned back for memberOf:
memberOf
[CN=Group2,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=Group1,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=ForceMfa,OU=MyOu,DC=subdomain,DC=domain,DC=local]
Principal
I used Misagh blog post as a guide.
If I change the trigger and regex to sAMAccountName and my username it then works as expected. Not sure if I need to change the regex format to find the group name or if I just have something else wrong. It just seems like the regex is not finding a match for some reason as the settings seem to be working for me, just not with memberOf.
Thank you
...ANSWER
Answered 2020-Jul-20 at 14:52Consider switching this to:
QUESTION
I am a newbie to FreeRadius, so my knowledge is not in-depth. I am trying to configure a central radius to handle any network based systems (switches, routers, firewalls, & VPN) to authenticate end-users when they are trying to SSH and/or VPN into the system. All of my equipment supports radius.
Environment:
- OS = CentOS 7
- FreeRadius = 3.0.13
- google-authenticator-libpam = 1.09
- I did not post my config files as they are exactly covered by the reference link. I will post them in a follow-up post for ease of reading
Reference: I followed this page to get the majority of the system operational (SSLVPN Two - Factor Authentication with Google Authenticator
What is working:
- Using radtest, I can authenticate with an AD based user with their AD password+OTP
- Was able to get a network switch authenticate and access-accept reply message to include custom VSA for user group (used unlang within the post-auth area based only on the user-name). Not ideal but just for testing the concept.
Next Steps (the question): I want to be able to ultimately decide if the end-user is granted access to VPN or switch via AD security groups. So from my understanding, I could perform this within the auth module or the post-auth. I believe the correct place would be in the post-auth possible using unlang (but correct me if this is not the general area to do this). I don't know how/where I need to perform the LDAP lookup to get the user-name AD security group info. In theory, once I have the user's name & group info, these can be used in multiple filters to declare if they get access to a group of systems. Thanks
...ANSWER
Answered 2020-Jul-09 at 01:17So I figured out how to accomplish what I was trying to do.
Configure /etc/raddb/clients.conf
Add the option under each client of virtual_server = custom_vs01
Duplicate (copy do not rename) /etc/raddb/sites-available/default to /etc/raddb/sites-available/custom_vs01
Edit custom_vs01. Change the server block to match the file. orig: server default { new: server custom_vs01 {
Change the port for the AUTH and ACCT to an actual port (E.g. 511812 & 511813)
In the post-auth section; add unlang to look for LDAP group So basically if the authenticated user is not part of either of the AD groups, then we update the control and reject them from access
QUESTION
I am implementing two factor authentication with Google Authenticator in a NativeScript app starting from this implementation. Since Node's crypto module doesn't run inside NativeScript, I am trying to make it work with CryptoJS.
This is the working Node code. The function returns a buffer with the correct value.
...ANSWER
Answered 2020-May-18 at 19:03You are giving a Buffer to the crypto module, while you are giving a string to CryptoJS. Probably they do not handle the strings the same as Buffers. CryptoJS does not support a Buffer as input, only string and WordArray, so the trick is to convert your Buffer into a WordArray:
Change the following line:
QUESTION
(Solution) TL;DR: Google assumes the key string is base32 encoded; replacing any 1 with I and 0 with O. This must be decoded prior to hashing.
Original Question
I'm having difficulty having my code match up with GA. I even went chasing down counters +/- ~100,000 from the current time step and found nothing. I was very excited to see my function pass the SHA-1 tests in the RFC 6238 Appendix, however when applied to "real life" it seems to fail.
I went so far as to look at the open source code for Google Authenticator at Github (here). I used the key for testing: "qwertyuiopasdfgh". According to the Github code:
ANSWER
Answered 2020-Apr-07 at 20:51I was tempted to make my own Android application to implement TOTP for my project. I did continue looking at the Java code. With aid of downloading the git repository and grep -R to find function calls I discovered my problem. To get the same pin codes as Google Authenticator the key is assumed to be base32 encoded and must be decoded prior to passing it to the hash algorithm.
There was a hint of this in getEnteredKey() by replacing the 0 and 1 characters as these are not present in the base32 alphabet.
QUESTION
I used a tutorial for implementing Google's 2FA: https://www.sitepoint.com/2fa-in-laravel-with-google-authenticator-get-secure/
The ValidateSecretRequest class extends from App\Http\Requests; but I don't have this class in my "Requests"-folder. So I used use Illuminate\Http\Request;
But when I call this class in the Controller I get an error.
RuntimeException - Session store not set on request …/vendor/laravel/framework/src/Illuminate/Http/Request.php 411
...ANSWER
Answered 2020-Mar-21 at 16:59I had the same issue before but I fixed it by setting permissions of storage/* like:
QUESTION
I'm trying to implement Google2FA with this tutorial: https://www.sitepoint.com/2fa-in-laravel-with-google-authenticator-get-secure/
I use Laravel 5.8 and in the tutorial they're using something like 5 I guess, thats why I dont have the
app/Http/Controllers/Auth/AuthController.php
anymore. I have LoginController.php and RegisterController.php
If I try to login and test, I get this error:
Argument 2 passed to
App\Http\Controllers\Auth\LoginController::authenticated() must be an instance of App\Http\Controllers\Auth\Authenticatable, instance of App\User given, called in C:\xampp\htdocs\XXX\vendor\laravel\framework\src\Illuminate\Foundation\Auth\AuthenticatesUsers.php on line 109
Code:
...ANSWER
Answered 2019-Dec-10 at 10:40Just remove the typehint you have on that method signature for authenticated:
QUESTION
I tried install 'Google Authentication' and 'Authy' to use 2-step verification, but the both don't give-me the TOTP key ...
The code for input the 6 digits i found here
I tried get all TOTP keys using this but i receive : 'secret=undefined'
What i need? I need some method to get the 6 digits of authentication or some method to simply get the TOTP key, as I just need to implement it in the code.
Does anyone have any idea how I can do this? I'm using Python + Selenium
...ANSWER
Answered 2019-Oct-06 at 01:48Try the below simple code and check if you are providing the right secret.
QUESTION
I installed google two factor authentication on my linux server.
(thanks to: https://github.com/google/google-authenticator-libpam)
When I try to access root account via ssh, authenticator works fine.
ANSWER
Answered 2019-Jul-12 at 10:25This is the default way this works. Since you are using the google-authenticator-libpam module you are only adding two factor authentication to the actual external interface login via the addition of auth required pam_google_authenticator.so to the sshd config file.
The proper security implementation (or at least one of the proper ways) is to not allow external login for the root user, going one step further and locking down ssh to only allow login from users who have two factor authentication enabled is even better.
To do that you would add the following in your sshd config :
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install google-authenticator
You can use google-authenticator like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the google-authenticator component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
