Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:2.1:u2f [2019/06/09 09:54]
cmaudoux [Configuration]
documentation:2.1:u2f [2019/08/04 19:19]
maxbes [Configuration]
Line 15: Line 15:
  
 In the manager (second factors), you just have to enable it: In the manager (second factors), you just have to enable it:
-  * Activation: set it to "​on"​ +  ​* **Activation**: set it to "​on"​ 
-  * Self registration:​ set it to "​on"​ if users are authorized to register their keys +  ​* **Self registration**: set it to "​on"​ if users are authorized to register their keys 
-  * Authentication level: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only for enrolled users** +  ​* **Authentication level**: you can overwrite here auth level for U2F registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only for enrolled users** 
-  * Allow users to remove U2F key : If enabled, users can unregister enrolled U2F device. +  ​* **Allow users to remove U2F key**: If enabled, users can unregister enrolled U2F device. 
-  * Lifetime : Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative 2F device is removed.+  ​* **Lifetime**: Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative 2F device is removed. 
 +  * **Logo** (Optional): logo file //(in static/<​skin>​ directory)//​ 
 +  * **Label** (Optional): label that should be displayed to the user on the choice screen
  
 <note important>​If you want to use a custom rule for "​activation"​ and enable self-registration,​ you have to include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​U2F"/​s'',​ else U2F will be required even if users are not registered. This is automatically done when "​activation"​ is set to "​on"​.</​note>​ <note important>​If you want to use a custom rule for "​activation"​ and enable self-registration,​ you have to include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​U2F"/​s'',​ else U2F will be required even if users are not registered. This is automatically done when "​activation"​ is set to "​on"​.</​note>​