From afdc4b3f92db9c8141b2bd7a0d2cb350720c08a1 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Mon, 23 Jan 2017 19:57:50 +0100 Subject: [PATCH] 2factor authentication --- lam/help/help.inc | 8 +++++++- lam/lib/selfService.inc | 14 +++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/lam/help/help.inc b/lam/help/help.inc index 762936b2..2f626d78 100644 --- a/lam/help/help.inc +++ b/lam/help/help.inc @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Michael Duergner - 2003 - 2016 Roland Gruber + 2003 - 2017 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -279,6 +279,12 @@ $helpArray = array ( "Text" => _('Use this to enter an additional LDAP filter (e.g. "(objectClass=passwordSelfReset)") to reduce the number of accounts who may use self service.')), "513" => array ("Headline" => _('Use for all operations'), "Text" => _('By default all modifications are done as the user that authenticated in self service. If active then LAM will use the connection user for all LDAP modifications and searches.')), + "514" => array ("Headline" => _('2-factor authentication'), + "Text" => _('You can enable 2-factor authentication here (e.g. via mobile device).')), + "515" => array ("Headline" => _('2-factor base URL'), + "Text" => _('URL of external 2-factor authentication service.')), + "516" => array ("Headline" => _('Disable certificate check'), + "Text" => _('This will disable the check of the SSL certificates for the 2-factor authentication service. Not recommended for production usage.')), "520" => array ("Headline" => _("Generate random password"), "Text" => _("This will set a random password and display it on the screen or send it to the user via mail. Please edit your LAM server profile to setup the mail settings.")), "550" => array ("Headline" => _("From address"), diff --git a/lam/lib/selfService.inc b/lam/lib/selfService.inc index 2967b174..18f8af8e 100644 --- a/lam/lib/selfService.inc +++ b/lam/lib/selfService.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2006 - 2016 Roland Gruber + Copyright (C) 2006 - 2017 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -302,6 +302,11 @@ function isSelfService() { */ class selfServiceProfile { + /** 2factor authentication disabled */ + const TWO_FACTOR_NONE = 'none'; + /** 2factor authentication via privacyIDEA */ + const TWO_FACTOR_PRIVACYIDEA = 'privacyidea'; + /** server address */ public $serverURL; @@ -376,6 +381,10 @@ class selfServiceProfile { public $timeZone = 'Europe/London'; + public $twoFactorAuthentication = selfServiceProfile::TWO_FACTOR_NONE; + public $twoFactorAuthenticationURL = 'https://localhost'; + public $twoFactorAuthenticationInsecure = false; + /** * Constructor * @@ -413,6 +422,9 @@ class selfServiceProfile { $this->enforceLanguage = true; $this->followReferrals = 0; $this->timeZone = 'Europe/London'; + $this->twoFactorAuthentication = selfServiceProfile::TWO_FACTOR_NONE; + $this->twoFactorAuthenticationURL = 'https://localhost'; + $this->twoFactorAuthenticationInsecure = false; } }