Project

General

Profile

Actions

Feature #68

open

Add optional support for signing authentication replies

Added by The 2nd over 8 years ago. Updated over 5 years ago.

Status:
In Bearbeitung
Priority:
Normal
Assignee:
Target version:
Start date:
24 December 2015
Due date:
% Done:

50%

Estimated time:

Description

  • The client should send a challenge to the OTPme server that will be signed with its public key
    • This reduces the code where authentication related bugs may lead to false positives
  • Using JWT for this feature will allow us to re-use it for web authentication in later versions (https://en.wikipedia.org/wiki/JSON_Web_Token)
Actions #1

Updated by The 2nd about 8 years ago

  • % Done changed from 40 to 50
  • Current implementation sends a challenge with the authentication request which is added to a JWT signed with the public key of the "site certificate" and send back in the authentication reply. This is used e.g. when logging in via OTPme PAM module.
Actions #2

Updated by The 2nd over 5 years ago

  • Status changed from Neu to In Bearbeitung
Actions

Also available in: Atom PDF