simplesamlphp/simplesamlphp-module-yubikey 问题修复 & 功能扩展

解决BUG、新增功能、兼容多环境部署,快速响应你的开发需求

邮箱:yvsm@zunyunkeji.com | QQ:316430983 | 微信:yvsm316

simplesamlphp/simplesamlphp-module-yubikey

Composer 安装命令:

composer require simplesamlphp/simplesamlphp-module-yubikey

包简介

A SimpleSAMLphp module that adds support for YubiKey devices.

README 文档

README

Build Status Coverage Status Scrutinizer Code Quality Type Coverage Psalm Level

This is a SimpleSAMLphp module to leverage YubiKey devices to authenticate users in different ways. For the moment, it provides an authentication processing filter that allows you to require a user to use a YubiKey to complete authentication, effectively implementing two-factor authentication. This filter can be combined with any other authentication source, provided that the identifier (or identifiers) of the key registered for that user is available as an attribute.

Installation

Once you have installed SimpleSAMLphp, installing this module is very simple. Just execute the following command in the root of your SimpleSAMLphp installation:

vendor/bin/composer require simplesamlphp/simplesamlphp-module-yubikey

Then, you need to do is to enable the Yubikey module: in config.php, search for the module.enable key and set yubikey to true:

    'module.enable' => [
        'yubikey' => true,
        …
    ],

OTP authentication processing filter

This filter allows you to ask for YubiKey authentication before proceeding further. As any other processing filter, it can be configured either in the general configuration, in the authsources, in the hosted IdP metadata or in the remote SP metadata. See documentation.

You can configure the filter by adding an authproc filter with the class yubikey:OTP. At the very least, you will need an API client identifier and an API key. By default, the filter will let you use YubiCloud, which will require you to register to obtain a client identifier and an API key.

If you would like to run the YubiKey validation server yourself (i.e. the server running the API), you can also do it(you can also do it). In that case, you will need to configure the hostname of your validation server instead of the default addresses.

Here are all the options available:

API configuration options

  • api_client_id: The client identifier to present to the API. This option is mandatory.
  • api_key: The key that grants you access to the YubiKey API. This option is mandatory.
  • api_hosts: An array containing the hosts where the API can be contacted to authenticate a given YubiKey. Please note that all hosts will be queried, and all the responses must be successful in order to consider the authentication of a device to be successful. Therefore, if you want to use your own API with high availability, you should only specify one hostname here and configure a high availability setup for that hostname. This is optional and defaults to Yubico's public API servers, those being:
    • api.yubico.com

Operational configuration options

  • abort_if_missing: A boolean value telling whether the whole login process should be aborted if the user has no YubiKey devices registered (set to true) or continue, skipping YubiKey authentication (set to false). Optional. Defaults to false.
  • key_id_attribute: This is the name of an attribute that holds one or more YubiKey device identifiers that are known and accepted for the user. Optional. Defaults to yubikey.

Assurance configuration options

  • assurance_attribute: This is the name of an attribute that we will use to indicate that a successful authentication with the YubiKey device was performed (only when authentication was successful, of course). Optional. Defaults to eduPersonAssurance.
  • assurance_value: This is the value that we will add to the attribute specified by assurance_attribute. Optional. Defaults to OTP.

simplesamlphp/simplesamlphp-module-yubikey 适用场景与选型建议

simplesamlphp/simplesamlphp-module-yubikey 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 959 次下载、GitHub Stars 达 5, 最近一次更新时间为 2017 年 03 月 01 日, 在 PHP 生态内属于活跃度较高的组件。

它主要适用于以下技术方向: 「otp」 「yubikey」 「simplesamlphp」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。

我们在过去多个企业项目中使用过 simplesamlphp/simplesamlphp-module-yubikey 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。

围绕 simplesamlphp/simplesamlphp-module-yubikey 我们能提供哪些服务?
定制开发 / 二次开发

基于 simplesamlphp/simplesamlphp-module-yubikey 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。

BUG 修复 & 性能优化

线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。

项目外包 & 长期维护

承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。

yvsm@zunyunkeji.com QQ:316430983 微信:yvsm316 西安尊云信息科技 · 专注 PHP / Go / 分布式系统研发

统计信息

  • 总下载量: 959
  • 月度下载量: 0
  • 日度下载量: 0
  • 收藏数: 5
  • 点击次数: 16
  • 依赖项目数: 0
  • 推荐数: 0

GitHub 信息

  • Stars: 5
  • Watchers: 3
  • Forks: 2
  • 开发语言: PHP

其他信息

  • 授权协议: LGPL-2.1-or-later
  • 更新时间: 2017-03-01