[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2022-04-22 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #9 from Michal Denar  ---
Hi,
can we add this feature as extension of Bug 28786? HW USK key is "one touch" as
opposed to TOTP, which requires writing code from apliaction from toter device,
usualy smartphone?

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2021-10-18 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Marcel de Rooy  changed:

   What|Removed |Added

 CC||m.de.r...@rijksmuseum.nl

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2020-05-27 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #8 from David Cook  ---
(In reply to Aaron Sakovich from comment #7)
> The FIDO alliance has published a new website promoting FIDO2 for both
> consumers and providers. FIDO2 includes Yubikey and other key vendor
> support, as well as biometrics (facial scans and fingerprint), and personal
> PINs.
> 
> https://loginwithfido.com/provider/
> 
> This is an established and well-supported standard, defined by both the FIDO
> Alliance and W3C's webauthn. Just dropping this here as I think it might be
> a better, all-encompassing approach to authentication in general, beyond
> just adding 2FA, and is way easier for the end-user with its multiple
> supported authenticators, not just a single vendor's hardware key.

Sounds good to me.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2020-05-27 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Aaron Sakovich  changed:

   What|Removed |Added

 CC||asakov...@hmcpl.org

--- Comment #7 from Aaron Sakovich  ---
The FIDO alliance has published a new website promoting FIDO2 for both
consumers and providers. FIDO2 includes Yubikey and other key vendor support,
as well as biometrics (facial scans and fingerprint), and personal PINs.

https://loginwithfido.com/provider/

This is an established and well-supported standard, defined by both the FIDO
Alliance and W3C's webauthn. Just dropping this here as I think it might be a
better, all-encompassing approach to authentication in general, beyond just
adding 2FA, and is way easier for the end-user with its multiple supported
authenticators, not just a single vendor's hardware key.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2020-05-03 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #6 from David Cook  ---
I'd be open to testing work to add support for Yubikey to Staff Client auth.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2019-11-26 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #5 from David Cook  ---
(In reply to Ray Delahunty from comment #3)
> Koha needs additional layers of authentication. With the spread of equipment
> such as Amazon-locker type units to hold (often expensive) items obtained
> for interlibrary loan, and kit such as laptop loan units, there is the
> danger of unauthorised use via SIP2. Sites using RFID user cards with the
> cardnumber embedded on them are vulnerable to stock loss if a user card is
> lost and then found and used maliciously. Adding PIN functionality (for
> example) would reduce this risk.

Additional layers of authentication could be used for Staff Client login or
OPAC login, but I don't think the layers you describe are very realistic for
most libraries (ie I worked on the front lines of libraries for years and
getting patrons to remember a number or a card is hard enough in itself). I
also think they're a different use case than what is being described in this
bug report. But an interesting idea.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2019-11-26 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #4 from David Cook  ---
(In reply to Jon Knight from comment #1)
> Is this something that needs to be built into Koha, or is it better to make
> use of existing third party systems such as PrivacyIDEA
> (https://www.privacyidea.org/) that can be used in conjuction with normal
> SSO mechanisms?  For example we (Loughborough University) have tested
> Yubikeys with PrivacyIDEA and simpleSAMLphp IdP and it works, and we already
> know that Koha can use the SAML2.0 authentication assertions from the IdP
> (as that's what we're doing in production with PTFS-E).  PrivacyIDEA also
> can also support Google Authentication as suggested in Bug 19887.

I wonder about this as well. I'm fond of Keycloak for this purpose. It can use
SAML or OpenID Connect. I have a local OpenID Connect client I wrote for Koha,
and I've thought about using Keycloak in the test plan for when I finish the
patches for Bugzilla...

That said, adding support to Koha would make it easy for people to have more
secure out of the box implementations without needing more third party
software.

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2019-11-26 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Ray Delahunty  changed:

   What|Removed |Added

 CC||r.delahu...@arts.ac.uk

--- Comment #3 from Ray Delahunty  ---
Koha needs additional layers of authentication. With the spread of equipment
such as Amazon-locker type units to hold (often expensive) items obtained for
interlibrary loan, and kit such as laptop loan units, there is the danger of
unauthorised use via SIP2. Sites using RFID user cards with the cardnumber
embedded on them are vulnerable to stock loss if a user card is lost and then
found and used maliciously. Adding PIN functionality (for example) would reduce
this risk.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-11-18 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

David Cook  changed:

   What|Removed |Added

 CC||dc...@prosentient.com.au

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-11-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Michal Denar  changed:

   What|Removed |Added

 Status|NEW |In Discussion

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-11-16 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

--- Comment #2 from Michal Denar  ---
Hi,
here some useful informations for implementing U2F in Perl
http://blogs.perl.org/users/mschout/2018/01/testing-fidou2f-two-factor-authentication.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-09-05 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Sally Healey  changed:

   What|Removed |Added

 CC||sally.healey@cheshireshared
   ||services.gov.uk

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-03-26 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Magnus Enger  changed:

   What|Removed |Added

 Blocks||20476


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=20476
[Bug 20476] Two factor authentication for the staff client - omnibus
-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-03-26 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Magnus Enger  changed:

   What|Removed |Added

 CC||mag...@libriotech.no
   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=19887

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2018-01-02 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Jon Knight  changed:

   What|Removed |Added

 CC||j.p.kni...@lboro.ac.uk

--- Comment #1 from Jon Knight  ---
Is this something that needs to be built into Koha, or is it better to make use
of existing third party systems such as PrivacyIDEA
(https://www.privacyidea.org/) that can be used in conjuction with normal SSO
mechanisms?  For example we (Loughborough University) have tested Yubikeys with
PrivacyIDEA and simpleSAMLphp IdP and it works, and we already know that Koha
can use the SAML2.0 authentication assertions from the IdP (as that's what
we're doing in production with PTFS-E).  PrivacyIDEA also can also support
Google Authentication as suggested in Bug 19887.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 19886] Two Factor Authentication: Yubikey

2017-12-27 Thread bugzilla-daemon 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=19886

Mike  changed:

   What|Removed |Added

 CC||josef.mora...@gmail.com,
   ||r...@rbit.cz

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/