通过 
搜索
搜索notakey / simplesamlphp-module-notakey
SimpleSAMLphp 模块,支持 Notakey 多因素认证,带有免费移动应用程序。
2.20.1
2021-04-15 10:27 UTC
Requires
- php: >=5.5.9
- drbiko/php-qr-code: ^1.0
- mobiledetect/mobiledetectlib: ^2.8
- nategood/httpful: ^0.2.20
- simplesamlphp/composer-module-installer: ^1.0
This package is auto-updated.
Last update: 2024-09-20 23:23:52 UTC
README
配置
认证源
需要在 authsources 列表中配置所有允许的后端
'notakey-auth' => array( 'notakey:Process', // if username remember me is enabled // remove domain from username when remembering "attrs.stripdomain" => false, // the attribute to populate username "user_id.attr" => "uid", // enable additional logging "debug" => true, // multiple endpints are possible (Notakey services) // user will have option to select one during authentication 'endpoints' => array( array( 'name' => 'Notakey service 1', 'url' => 'https://api.mydomain.com/', 'service_id' => '8c0b4f63-c1e9-4d1c-990e-12312312312', 'client_id' => 'api-client-id', 'client_secret' => 'client-secret', 'service_logo' => '/userlogos/8c0b4f63-c1e9-4d1c-990e-8fc72740791c.png', // if using authentication profile, specify it here "profile_id" => "1231231-c1e9-4d1c-990e-12312312312", // Source name from authsources "stepup-source" => "ntk-radius", // Valid for 1 year "stepup-duration" => "P1Y" ), array( 'name' => 'Notakey service 2', 'url' => 'https://api.mydomain.com/', 'service_id' => '8c0b4f63-c1e9-4d1c-990e-892746367623', 'client_id' => 'api-client-id', 'client_secret' => 'client-secret', 'service_logo' => '/userlogos/8c0b4f63-c1e9-4d1c-990e-8fc72740791c.png' ) ) )
过滤器模式
还可以配置过滤器,在这种情况下,用户将进行一次主要认证(例如,使用密码),然后被提示使用手机进行认证。在序列登录到其他 SP 上时,仅验证手机认证。
基本配置
"authproc.idp" => array( "90" => array( "class" => "notakey:Filter", "user_id.attr" => "uid", "debug" => true, "endpoints" => [ array( 'name' => 'Notakey service 1', 'url' => 'https://api.mydomain.com/', 'service_id' => '8c0b4f63-c1e9-4d1c-990e-12312312312', 'client_id' => 'api-client-id', 'client_secret' => 'client-secret', 'service_logo' => '/userlogos/8c0b4f63-c1e9-4d1c-990e-8fc72740791c.png' ) ] ) )
自定义认证请求
要自定义认证请求,您可以使用认证配置文件。这些配置在 Notakey 认证设备管理仪表板上为特定服务配置。这将允许使用本地化的认证请求消息,根据用户的语言调整认证请求超时值和安全要求。
Notakey 认证设备
如果运行在 NAA 环境中,请使用 cli 进行配置。
- 作为主要认证源
ntk cfg :sso.auth.\"notakey-nopass\" '{ "module": "notakey:Process", "endpoints": [ { "name": "Notakey", "url": "https://mfa.mydomain.com/", "service_id": "bcd05d09-40cb-4965-8d94-3142546576", "client_id": "api-client-id", "client_secret": "client-secret", "service_logo": "/userlogos/somelogo.png", "profile_id": "bcd05d09-40cb-4965-8d94-3142546576" // if using authentication profile, specify it here }, // define multiple if needed (e.g. using multiple services, one for internal users, another for external) ] }' --json-input
- 作为主要认证的附加因素
ntk cfg :sso.base.\"authproc.idp\".\"90\" '{ "class": "notakey:Filter", -- this defines which attribute stores users username as it will be sent to Notakey API, defaults to sAMAccountName "user_id.attr": "uid", -- disables domain showing to user, if it is present in Notakey API response "attrs.stripdomain": false, "debug": true, "endpoints": [ { "name": "Notakey", "url": "https://mfa.mydomain.com/", "service_id": "bcd05d09-40cb-4965-8d94-3142546576", "client_id": "api-client-id", "client_secret": "client-secret", "service_logo": "/userlogos/somelogo.png" }, -- define multiple if needed (e.g. using multiple services, one for internal users, another for external) ] }' --json-input
- 启用此模块
ntk cfg :sso.modules '[..., "notakey"]' --json-input