External Second Factor

This basic plugin can be used to add a second factor authentication device (SMS, OTP,…). It uses external commands to send and validate a second factor. Any language is allowed to call your 2nd factor system.

Commands

Commands receive arguments on command line and must return a 0 code if succeed, another else. Nothing must be written to STDOUT, STDERR is reported in logs (but may be lost with FastCGI server).

Configuration

All parameters are configured in “General Parameters » Portal Parameters » Extensions » External 2nd Factor”.

  • Activation
  • Send command: define your command using $attribute like in rules. Example: /usr/local/bin/sendOtp –uid $uid
  • Validation command: you must also use $code which is the value entered by user; Example: /usr/local/bin/verify –uid $uid –code $code
  • Authentication Level: if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5
  • Logo (Optional): logo file (in static/<skin> directory)
The command line is split in an array and launched with exec(). So you don't need to enclose arguments in “” and this feature protects your system against shell injection. However, you can not use any space except to separate arguments.