Universal 2nd Factor Authentication (U2F)

Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices.

LLNG can propose to users to register their keys. When done, registered user can't login without using its key.

Note that it's a second factor, not an authentication module. Users are authenticated by both login form and U2F form.

Prerequisites and dependencies

This feature uses Crypt::U2F::Server::Simple that is available only via CPAN for now. Before compiling it, you must install Yubico's C library headers (called libu2f-server-dev on Debian).

Configuration

In the manager (advanced parameters), you just have to enable it:

U2F ⇒ Activation: set it to “on”
U2F ⇒ Self registration: set it to “on” (to display this application on the menu, create an application that points to http://auth.your.domain/u2fregister)

Assistance

If a user lost its key, you may remove it's persistent session using the session explorer.

Developer corner

If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:

Name	Value
_u2fKeyHandle	key handle value, base64 encoded
_u2fUserKey	user key value, base64 encoded

Note that both “origin” and “appId” are fixed to portal URL.

Table of Contents

Universal 2nd Factor Authentication (U2F)

Prerequisites and dependencies

Configuration

Assistance

Developer corner