By: Conan Malone user 26 Jul 2017 at 9:29 a.m. CDT

1 Response

I was just wondering what approach would be best to allow Yubikeys to generate OTPs (HOTP based) to authenticate against Gluu? By using the Yubikey Customization Tool I can generate a unique seed (or secret key) that can then be used to determine if the Yubikey has produced the correct OTP but my understanding is that the custom OTP script is only compatible with Google Authenticator (or equivalent mobile app)... I also understand that U2F is very similar to what I am asking but I would just like the option of being able to generate a string that can be used as the OTP as some browsers aren't compatible with U2F (also doesn't work within remote desktop)

CentOS72

closed

By Michael Schwartz Account Admin 27 Jul 2017 at 1:22 p.m. CDT

Copy

We include a [script for Yubicloud](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations/yubicloud), which I think verifies the OTP code. Also, there are some open source yubikey validation servers: * [yubico yuvikey-val](https://github.com/Yubico/yubikey-val) * [yubikeyedup](https://github.com/scumjr/yubikeyedup) * [node-yubikey](https://github.com/jedp/node-yubikey) There is also a [python](https://github.com/Kami/python-yubico-client) and [java](https://github.com/Yubico/yubico-j) validation library, either of which could be incorporated directly into an authentication script. If you have some budget, we'd be happy to manage a bounty on this feature. One of our subcontrators would surely take it on.

You need to Login in order to post an answer

Suggestions for Yubikey based OTP

By: Conan Malone user 26 Jul 2017 at 9:29 a.m. CDT

Answers

By Michael Schwartz Account Admin 27 Jul 2017 at 1:22 p.m. CDT

Post an answer