Universal 2nd Factor (U2F) is an open authentication standard that strengthens and simplifies two-factor authentication using specialized USB or NFC devices.
LLNG can propose to users to register their keys. When done, registered user can't login without using its key.
This feature uses Crypt::U2F::Server::Simple that is available only via CPAN for now. Before compiling it, you must install Yubico's C library headers (called libu2f-server-dev on Debian).
In the manager (advanced parameters), you just have to enable it:
If a user lost its key, you may remove it's persistent session using the session explorer.
If you have another U2F registration interface, you have to populate session (using exported variables) to set these keys:
Nom | Value |
---|---|
_u2fKeyHandle | key handle value, base64 encoded |
_u2fUserKey | user key value, base64 encoded |
Note that both “origin” and “appId” are fixed to portal URL.