Open Source One-Time Password with PrivacyIDEA

Open Source One-Time Password with PrivacyIDEA

Very good open source software to build your own OTP solution. It is called PrivacyIDEA. This product offers a lot of features :

  • Authentication via a REST API with easy authentication with JWT.
  • Returns easy parsable JSON output
  • Can act as a SAML Identity Provider in conjunction with SimpleSAMLphp
  • Plugins available for
    • FreeRADIUS,
    • PAM (supporting Offline OTP)
    • Apache2,
    • OTRS,
    • Django,
    • ownCloud,
    • WordPress,
    • TYPO3,
    • Contao,
    • dokuwiki…

There are two useful tutorials to help you to install and configure PrivacyIDEA :

I have tested this solution for both Owncloud and WordPress. It is working well but be careful. There are several steps/configuration details that are not provided :

  • for Owncloud : you will not be able to use PrivacyIDEA if you use Owncloud encryption module. The Owncloud encryption module uses your password : with PrivacyIDEA the password changes continuously. If you want to use PrivacyIDEA with Owncloud, you will have to decrypt and/or disable the server side encryption
  • for both WordPress/Owncloud : keep a standard user/password. You can configure on both environment an OTP exclusion for one or several specific accounts. It is important because if a PrivacyIDEA is not available you will not be able to login anymore.
    • for WordPress :
      priv_wp
    • for Owncloud :
      priv_owc

Another tips for Owncloud : when you installed the PrivacyIDEA Owncloud app, unselect and select the tick “Use privacyIDEA to authenticate the users”. By default, just after you enable the app, this option is selected but the app will appear as disabled in the log file. Unselect/select this option enable properly the app.

Regarding the Apache configuration to host the privacyIDEA Web UI, you will have to adapt your configuration if you use virtual hosts. This is a vhost configuration example you can use to make it work properly:

Last information, if you are using iptables/ip6tables rules with the default policy set to DROP, do not forget to add/permit the localhost communication with the mySQL database server:

Do not hesitate to leave a comment if you have any questions or see something wrong in this article.


References

PrivacyIDEA home

Github

OTP for Owncloud

OTP for WordPress

<>

My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: