Feature #68

Add optional support for signing authentication replies

Added by The 2nd almost 3 years ago. Updated 2 months ago.

Status:In BearbeitungStart date:24 December 2015
Priority:NormalDue date:
Assignee:The 2nd% Done:

50%

Category:-
Target version:OTPme 0.3

Description

  • The client should send a challenge to the OTPme server that will be signed with its public key
    • This reduces the code where authentication related bugs may lead to false positives
  • Using JWT for this feature will allow us to re-use it for web authentication in later versions (https://en.wikipedia.org/wiki/JSON_Web_Token)

History

#1 Updated by The 2nd almost 3 years ago

  • % Done changed from 40 to 50
  • Current implementation sends a challenge with the authentication request which is added to a JWT signed with the public key of the "site certificate" and send back in the authentication reply. This is used e.g. when logging in via OTPme PAM module.

#2 Updated by The 2nd 2 months ago

  • Status changed from Neu to In Bearbeitung

Also available in: Atom PDF