google-authenticator | Repository to integrate web sites and Google Authenticator | Addon library
kandi X-RAY | google-authenticator Summary
kandi X-RAY | google-authenticator Summary
This is a module to integrate web sites with Google Authenticator.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Get the code of the time
- Returns the QR code URL for the given application .
- Generate a secret key
- Verify the code
- Set the issuer
- Set the secret key
- Get the secret key .
- Get time index
google-authenticator Key Features
google-authenticator Examples and Code Snippets
Lines of Code : 8License : Weak Copyleft (LGPL-3.0)
Copy $google = new GoogleAuthenticator($user->getSecretKey());
$userSubmitCode = $_POST['codeFoo'];
// Verify Code
if ($google->verifyCode($userSubmitCode)) {
// OK - aloowed login
} Community Discussions
Trending Discussions on google-authenticator
QUESTION
Secret of Time-based One Time Password are usually 16-byte base32 encoded string. e.g. GitHub 2FA.
But for some scenario, it has 26 bytes long. e.g. Tutanota OTP. Often in lower case with whitespaces, like: vev2 qjea un45 3sr4 q4h3 ais4 ci
I tried with the TOTP algorithm implemented in dgryski/dgoogauth and tilaklodha/google-authenticator. Both can handle 16-byte secret well, but got error for 26-byte secret.
e.g. for 16-byte secret VEV2QJEAUN453SR4:
ANSWER
Answered 2022-Apr-02 at 04:15A base32 encodes every 5 bits of input bytes into base32 character, go base32 use The RFC 4648 Base 32 alphabet (A-Z, 2-7). When decode a string to bytes, each base32 character input will be mapped to a 5 bit index then recompose to bytes.
In your example "VEV2QJEAUN453SR4Q4H3AIS4CI", the previous "VEV2QJEAUN453SR4" was already valid input, it is a 16 char input, and 5 bit * 16 is 80 bit so it can be resolved into 10 bytes output. Now let us just look at the rest "Q4H3AIS4CI", 10 char -> 5 * 10 = 50 bits, the previous 40 bits can be decode to 5 bytes, but the last 2 char "CI" leads 2 bit remainder
QUESTION
I worked on setting up 2FA while doing ssh in EC2 instance. But after the setup instance is still not asking for 2FA code and directly logs my user i.e. ubuntu into the server.
I did following steps to setup 2FA:
Install Google Authenticator PAM module.
sudo apt install libpam-google-authenticator
Add
auth required pam_google_authenticator.soto/etc/pam.d/sshdRestart ssh
sudo systemctl restart sshd.serviceUpdate sshd_config with following:
ChallengeResponseAuthentication yes PasswordAuthentication noRun command
google-authenticator
Please help me resolve this issue. Thanks in advance.
...ANSWER
Answered 2022-Mar-31 at 11:03I was facing this issue because of other configuration was enabled. PubKeyAuthentication was used instead of authenticator. I change it to PubKeyAuthentication no which resolved the issue.
QUESTION
We already have a single authentication process using Active Directory for our home made web sites (simple login and password). Our AD is also on Azure (everything is synchronized).
Now we want 2 factors authentification using this: (Microsoft Authenticator) https://www.microsoft.com/en-us/account/authenticator
I've been searching for an exemple for a while, but most of the tutorials I found are about MVC CORE; I'm not using core, just regular MVC .Net Framework. Furthermore, the only tutorials I found using .Net framework were for Google authenticator, not Microsoft's one.
The intended behavior would be the same as when I connect to office 365, first I enter my password in the web site, then I receive a notification on my cell phone (for exemple), by approving the connection, I can have access to web content.
I'm still trying to figure out if this is even allowed, is Microsoft Authenticator only meant to be used for Microsoft developers or can we random developers use this app for our 2FA needs? Or is there a way to trigger the office 365 authentication windows?
If yes, they don't seem eager to share any code or tutorial for MVC .net Framework. (I'm still searching)
EDIT for comments:
Microsoft auth .Net Core documentation:
https://docs.microsoft.com/en-us/aspnet/core/security/authentication/mfa?view=aspnetcore-5.0
Google auth with .Net framework documentation:
https://medium.com/@henryhdelgado/2fa-with-google-authenticator-in-asp-mvc-4788c79c47
...ANSWER
Answered 2021-Feb-10 at 18:50In short: you don't need to do anything (provided that your application authenticates users using OIDC, which it will do if you're using Azure Active Directory or Office 365 with your application). Just flip the switch in your organization's O365 or AAD settings to require TOTP/2FA.
However, if your application is actually authenticating against on-prem AD (whether using Kerberos via the browser shell, or with "Forms authentication") and you can't make your web-application authenticate against AAD/O365 (not on-prem AD) and you don't have AD Federation working, then you're in for a world of pain because getting on-prem 2FA working is a massive undertaking that requires just as much work from your sysadmins as it does from you (and then your question would be closed for being "too broad", sorry!)
Authenticating against AAD/O365 can be done using any OIDC client library, though Microsoft does make a purpose-built library available on NuGet which works in .NET Framework applications in addition to .NET Core: https://www.nuget.org/packages/Microsoft.Identity.Client/ (formerly https://www.nuget.org/packages/Microsoft.IdentityModel.Clients.ActiveDirectory/ )
"Azure Active Directory" (AAD) is a misnomer btw, as it has very little to do with on-prem Active Directory. That said, if you're using Office 365 within your enterprise then you will already have AAD up-and-running - just be aware that it's still completely unrelated to Active Directory (as far as technology is concerned).
Using AAD/O365 for SSO basically means using OIDC (whereas on-prem AD is Kerberos, not OIDC) - so any OIDC library can be used with AAD/O365. The TOTP/2FA part is handled entirely by AAD/O365 so you don't actually need to do anything in your own application to handle TOTP/2FA.
QUESTION
Please help me to find out the solution.
- Does anyone know how to write a unit test stub using PHPUnit for scanning a barcode? FYI : In our application, two-factor authentication used(google authenticator). When users enter a valid username and password next screen displayed with barcode, we scan that barcode using the google-authenticator app on mobile then 6 digit code is generated, which we enter in web application then redirects to the home page.
- How to set a cookie while writing unit test stub for login?
ANSWER
Answered 2020-Jul-23 at 17:42- Create an abstraction for your 2FA
- Make Google Authenticator the default implementation
- Create a fake implementation that suits your needs. This could be a fixed six digit code that is always valid or you make it configurable
- Swap the default implementation with the fake in your tests
- Test the scenarios you need to test in your login process
- Create a manual test to make sure that your Google Authenticator implementation is actually working
I know this answer is rather abstract, but your question was not very concrete either. If you can provide more details, I'd be happy to go into it.
QUESTION
I have CAS 6.2.x running in Kubernetes building the image from this repo. I am passing in the cas.properties file via configmap.I have it wired up against Active Directory and am able to login with the Username/Password. I am now working to enable MFA with the Google Authenticator plugin. I have this working as well if I force the flow globally with the following:
cas.authn.mfa.global-provider-id=mfa-gauth
When I try to use the values described here for Multifactor Authentication: Principal Attribute Trigger it doesn't send me to the MFA flow. These are the settings that I have set:
cas.authn.ldap[0].principalAttributeList=userPrincipalName,cn,givenName,sAMAccountName,memberOf
cas.authn.mfa.global-principal-attribute-name-triggers=memberOf
cas.authn.mfa.global-principal-attribute-value-regex=ForceMfa
When I log in these are the values returned back for memberOf:
memberOf
[CN=Group2,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=Group1,OU=MyOu,DC=subdomain,DC=domain,DC=local, CN=ForceMfa,OU=MyOu,DC=subdomain,DC=domain,DC=local]
Principal
I used Misagh blog post as a guide.
If I change the trigger and regex to sAMAccountName and my username it then works as expected. Not sure if I need to change the regex format to find the group name or if I just have something else wrong. It just seems like the regex is not finding a match for some reason as the settings seem to be working for me, just not with memberOf.
Thank you
...ANSWER
Answered 2020-Jul-20 at 14:52Consider switching this to:
QUESTION
I am a newbie to FreeRadius, so my knowledge is not in-depth. I am trying to configure a central radius to handle any network based systems (switches, routers, firewalls, & VPN) to authenticate end-users when they are trying to SSH and/or VPN into the system. All of my equipment supports radius.
Environment:
- OS = CentOS 7
- FreeRadius = 3.0.13
- google-authenticator-libpam = 1.09
- I did not post my config files as they are exactly covered by the reference link. I will post them in a follow-up post for ease of reading
Reference: I followed this page to get the majority of the system operational (SSLVPN Two - Factor Authentication with Google Authenticator
What is working:
- Using radtest, I can authenticate with an AD based user with their AD password+OTP
- Was able to get a network switch authenticate and access-accept reply message to include custom VSA for user group (used unlang within the post-auth area based only on the user-name). Not ideal but just for testing the concept.
Next Steps (the question): I want to be able to ultimately decide if the end-user is granted access to VPN or switch via AD security groups. So from my understanding, I could perform this within the auth module or the post-auth. I believe the correct place would be in the post-auth possible using unlang (but correct me if this is not the general area to do this). I don't know how/where I need to perform the LDAP lookup to get the user-name AD security group info. In theory, once I have the user's name & group info, these can be used in multiple filters to declare if they get access to a group of systems. Thanks
...ANSWER
Answered 2020-Jul-09 at 01:17So I figured out how to accomplish what I was trying to do.
Configure /etc/raddb/clients.conf
Add the option under each client of virtual_server = custom_vs01
Duplicate (copy do not rename) /etc/raddb/sites-available/default to /etc/raddb/sites-available/custom_vs01
Edit custom_vs01. Change the server block to match the file. orig: server default { new: server custom_vs01 {
Change the port for the AUTH and ACCT to an actual port (E.g. 511812 & 511813)
In the post-auth section; add unlang to look for LDAP group So basically if the authenticated user is not part of either of the AD groups, then we update the control and reject them from access
QUESTION
I am implementing two factor authentication with Google Authenticator in a NativeScript app starting from this implementation. Since Node's crypto module doesn't run inside NativeScript, I am trying to make it work with CryptoJS.
This is the working Node code. The function returns a buffer with the correct value.
...ANSWER
Answered 2020-May-18 at 19:03You are giving a Buffer to the crypto module, while you are giving a string to CryptoJS. Probably they do not handle the strings the same as Buffers. CryptoJS does not support a Buffer as input, only string and WordArray, so the trick is to convert your Buffer into a WordArray:
Change the following line:
QUESTION
(Solution) TL;DR: Google assumes the key string is base32 encoded; replacing any 1 with I and 0 with O. This must be decoded prior to hashing.
Original Question
I'm having difficulty having my code match up with GA. I even went chasing down counters +/- ~100,000 from the current time step and found nothing. I was very excited to see my function pass the SHA-1 tests in the RFC 6238 Appendix, however when applied to "real life" it seems to fail.
I went so far as to look at the open source code for Google Authenticator at Github (here). I used the key for testing: "qwertyuiopasdfgh". According to the Github code:
ANSWER
Answered 2020-Apr-07 at 20:51I was tempted to make my own Android application to implement TOTP for my project. I did continue looking at the Java code. With aid of downloading the git repository and grep -R to find function calls I discovered my problem. To get the same pin codes as Google Authenticator the key is assumed to be base32 encoded and must be decoded prior to passing it to the hash algorithm.
There was a hint of this in getEnteredKey() by replacing the 0 and 1 characters as these are not present in the base32 alphabet.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install google-authenticator
Add this project in your composer.json:
Now tell the composer to download the repository by running the command:
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
