https://github.com/neverpanic/simpleid-yubikey

SimpleID plugin for Yubikey authentication
https://github.com/neverpanic/simpleid-yubikey

openid openid-server php yubico yubikey

Last synced: 8 months ago
JSON representation

SimpleID plugin for Yubikey authentication

• Host: GitHub
• URL: https://github.com/neverpanic/simpleid-yubikey
• Owner: neverpanic
• Created: 2014-03-28T22:14:01.000Z (almost 12 years ago)
• Default Branch: master
• Last Pushed: 2017-02-13T12:38:27.000Z (almost 9 years ago)
• Last Synced: 2025-06-10T13:03:02.922Z (8 months ago)
• Topics: openid, openid-server, php, yubico, yubikey
• Language: PHP
• Size: 22.5 KB
• Stars: 8
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.markdown

Awesome Lists containing this project

README

          
# SimpleID Yubikey Authentication

This is a third-party extension for the [SimpleID][] OpenID provider written in PHP that adds the

possibility to authenticate using a [Yubico Yubikey][yubikey].

## Installation

1. Copy `extensions/yubikey` into the `extensions` folder below the webroot of your SimpleID

   installation.

2. Edit `config.php` and add the Yubikey extension to the comma-separated list of extensions in the

   `SIMPLEID_EXTENSIONS` constant.

3. Edit your identities and add the required information for Yubikey authentication. See the

   configuration section for all possible values and their meaning.

## Identity Configuration

The following variables from identity pages have an effect on the Yubikey authentication store:

 - `auth_method`: This option controls whether a user can authenticate using a Yubikey or using the

   default password-based method. Since this extension hides the username field, you will probably

   want to set this to `YUBIKEY` for all your users. Note that Yubikey authentication will only be

   attempted with accounts that have `auth_method` set to `YUBIKEY`. Choosing Yubikey authentication

   requires a few keys in the `yubikey` section.

The following options in the `[yubikey]` identity file section control the authentication using

Yubikeys:

 - `client_id`: The API key ID for the Yubikey validation server you want to use. For the official

   yubico.com infrastructure, you can get such a key at . If

   you run your own validation server, you probably know how to get this. Mandatory.

 - `client_key`: The API key corresponding to the API key ID. This is a short, base64-encoded string

   you usually get from whoever runs the validation server you use. Mandatory.

 - `use_https`: A boolean indicating whether the connection to the API server should use HTTPS. You

   should really set this to a value that will evaluate to `true` in PHP. Mandatory.

 - `key_id[]`: The IDs of the Yubikeys that should be able to log-in using the given identity. You can

   get this by stripping the last 32 characters from the output generated by your Yubikey.

   Mandatory.

 - `URLs`: Array-field that allows you to specify partial URLs to your own Yubikey validation

   servers. Do not specify the protocol (since that's controlled by the `use_https` option) and

   always use array brackets to add a value. Optional. Example:

   `URLs[]=yubikey.yourdomain.tld:port/wsapi/2.0/verify`.

An example identity file might look like this:

```

identity="https://my.example.com"

pass="unused"

auth_method="YUBIKEY"

[yubikey]

client_id="1"

client_key="AaAaAaAaAaAaAaAaAaAaAaAaAaA="

use_https=1

key_id[]="hdvbhdvbillt"

key_id[]="hdvbhdvvvqll"

URLs[]="yubikey1.example.com/wsapi/2.0/verify"

URLs[]="yubikey2.example.com/wsapi/2.0/verify"

URLs[]="yubikey3.example.com:8443/wsapi/2.0/verify"

```

## Changelog

### 1.0

Support multiple Yubikeys per account. (#2)

[simpleid]: http://simpleid.org

[yubikey]: https://www.yubico.com/products/yubikey-hardware/