The YubiKey USB-key delivers a one-time passcode (OTP) with a simple touch of a button. No SMS-like passcodes to retype from one device to another. The YubiKey identifies itself as an external keyboard, which eliminates the need for client software or drivers. The Key is designed to ensure it will never be a vector for viruses or malware.
Any computer which can use a USB keyboard can also use the YubiKey, regardless of the computer hardware, operating system or system drivers. The YubiKey AES Key information can never be extracted from a YubiKey device. Further, only the YubiKey security related codes are directly read from the YubiKey when in use.
This plugin makes it possible to authenticate a user with pimcore by using a YubiKey.
Put the files of this plugin in the directory /plugins/YubiKey and activate/install it in pimcore's plugins settings.
The settings are located in pimcore's menu under Settings/YubiKey Settings.
You can set these parameters:
-
Use local authentification
Check this box if you want to use the local component of the plugin.
This enables you to locally authenticate users with their YubiKey. -
Private Key / Public Key
If you want to use the authentication of local users with a remote server, you'll need to configure a private and public key here.
You can either enter keys you created by yourself or backupped keys, or use the button Create new key pair to let the server create a new pair for you. -
Use central authentification
Check this box if you have a remote server to authenticate the users with.
You can obtain the remote server component from us at www.weblizards.de. - Identifier Enter an identifier here. You'll have to use this exact identifier on the remote server to connect your instance with the server.
- Server URL The URL of your server. This is just the hostname with the protocal, like http://www.weblizards.de without a path. The path is added by the plugin.
- Public Key The public key of the server. You'll get the key in the settings of the remote server component.
- Open the settings of a user and click the YubiKey settings tab.
- Check the Active checkbox if necessary.
- Click the Add button and enter the serial number of the user's YubiKey. You can optionally enter a comment. To enter the serial number you simply can use the users YubiKey - only the serial number of the created One Time Pad will be used.
- Instead of entering the users password you can now simply press the button on the yubikey.
The Plugin can communicate with a remote server component to authenticate a user.
With this, you can administer your installations, the users that may log into
an installation and their corresponding keys in a central place.
Please contact us at info@weblizards.de if
you need further information!
This plugin needs the curl extension to communicate with the servers of yubico.com