Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:2.1:yubikey2f [2019/06/09 09:58]
cmaudoux [Configuration]
documentation:2.1:yubikey2f [2019/06/09 11:59] (current)
cmaudoux [Configuration]
Line 12: Line 12:
  
 In the manager (second factors), you just have to enable it: In the manager (second factors), you just have to enable it:
-  * Activation: set it to "​on"​ +  ​* **Activation**: set it to "​on"​ 
-  * Self registration:​ set it to "​on"​ if users are authorized to register their keys +  ​* **Self registration**: set it to "​on"​ if users are authorized to register their keys 
-  * Authentication level: you can overwrite here auth level for Yubikey registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only to enrolled users** +  ​* **Authentication level**: you can overwrite here auth level for Yubikey registered users. Leave it blank keeps auth level provided by first authentication module //(default: 2 for user/​password based modules)//. **It is recommended to set an higher value here if you want to give access to some apps only to enrolled users** 
-  * Client ID: given by Yubico or another service +  ​* **Client ID**: given by Yubico or another service 
-  * API secret key: given by Yubico or another service +  ​* **API secret key**: given by Yubico or another service 
-  * Nonce (optional): if any +  ​* **Nonce (optional)**: if any 
-  * URL: Url of service (leave blank to use Yubico cloud services) +  ​* **URL**: Url of service (leave blank to use Yubico cloud services) 
-  * OTP public ID part size: leave it to default (12) unless you know what you are doing +  ​* **OTP public ID part size**: leave it to default (12) unless you know what you are doing 
-  * Allow users to remove Yubikey : If enabled, users can unregister Yubikey device. +  ​* **Allow users to remove Yubikey**: If enabled, users can unregister Yubikey device. 
-  * Lifetime : Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative Yubikey is removed.+  ​* **Lifetime**: Unlimited by default. Set a Time To Live in seconds. TTL is checked at each login process if set. If TTL is expired, relative Yubikey is removed.
  
 <note important>​If you want to use a custom rule for "​activation"​ and want to keep self-registration,​ you must include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​UBK"/​s'',​ else Yubikey will be required even if users are not registered. This is automatically done when "​activation"​ is simply set to "​on"​.</​note>​ <note important>​If you want to use a custom rule for "​activation"​ and want to keep self-registration,​ you must include this in your rule: ''​$_2fDevices =~ /"​type":​\s*"​UBK"/​s'',​ else Yubikey will be required even if users are not registered. This is automatically done when "​activation"​ is simply set to "​on"​.</​note>​