eduMFA: identity, multifactor authentication (OTP), authorization, audit
Project description
eduMFA
eduMFA is an open solution for strong two-factor authentication like OTP tokens, SMS, smartphones or SSH keys. Using eduMFA you can enhance your existing applications like local login (PAM, Windows Credential Provider), VPN, remote access, SSH connections, access to websites or web portals with a second factor during authentication. Thus boosting the security of your existing applications.
The project eduMFA is based on the privacyIDEA Project and aims to provide up-to-date multifactor authentication for academic institutions.
Overview
eduMFA runs as an additional service in your network, and you can connect different applications to eduMFA.
eduMFA does not bind you to any decision of the authentication protocol, nor does it dictate you where your user information should be stored. This is achieved by its totally modular architecture. eduMFA is not only open as far as its modular architecture is concerned. But eduMFA is completely licensed under the AGPLv3.
It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F, as well as FIDO2 WebAuthn devices like Yubikey and Plug-Up, smartphone Apps like Google Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.
eduMFA is based on Flask and SQLAlchemy as the python backend. The web UI is based on angularJS and bootstrap. A MachineToken design lets you assign tokens to machines. Thus, you can use your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.
Setup
For setting up the system to run it, please read install instructions at edumfa.readthedocs.io.
If you want to setup a development environment start like this:
git clone https://github.com/edumfa/edumfa.git cd edumfa virtualenv venv source venv/bin/activate pip install .
You may additionally want to set up your environment for testing, by adding the additional dependencies:
pip install -r .[test]
Getting and updating submodules
The client-side library for the registering and signing of WebAuthn-Credentials resides in a submodule.
To fetch all submodules for this repository, run:
git submodule update --init --recursive
When pulling changes from upstream later, you can automatically update any outdated submodules, by running:
git pull --recurse-submodules
Running it
First You need to create a config-file.
Then create the database tables and the encryption key:
./edumfa-manage create_tables ./edumfa-manage create_enckey
If You want to keep the development database upgradable, You should stamp it to simplify updates:
./edumfa-manage db stamp head -d migrations/
Create the key for the audit log:
./edumfa-manage create_audit_keys
Create the first administrator:
./edumfa-manage admin add <username>
Run it:
./edumfa-manage runserver
Now you can connect to http://localhost:5000 with your browser and login as administrator.
Run tests
If you have followed the steps above to set up your environment for testing, running the test suite should be as easy as running pytest with the following options:
python -m pytest -v --cov=eduMFA --cov-report=html tests/
Contributing
There are a lot of different ways to contribute to eduMFA, even if you are not a developer.
If you found a security vulnerability please report it to us using the reporting form provided by GitHub
You can find detailed information about contributing here: https://github.com/eduMFA/eduMFA/blob/main/CONTRIBUTING.md
Code structure
The database models are defined in models.py and tested in tests/test_db_model.py.
Based on the database models there are the libraries lib/config.py which is responsible for basic configuration in the database table config. And the library lib/resolver.py which provides functions for the database table resolver. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library lib/realm.py which provides functions for the database table realm. Several resolvers are combined into a realm.
Based on the realm there is the library lib/user.py which provides functions for users. There is no database table user, since users are dynamically read from the user sources like SQL, LDAP, SCIM or flat files.
Versioning
eduMFA adheres to Semantic Versioning.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file edumfa-2.3.0.tar.gz
.
File metadata
- Download URL: edumfa-2.3.0.tar.gz
- Upload date:
- Size: 4.0 MB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | c70678ee82383908a6554ac13045de7543a9c922ce14797c1b4ff1a224b47b8a |
|
MD5 | 10908a199ad5bf98a8f2024d44dc425e |
|
BLAKE2b-256 | 0f22905b1406d9f003954993b5c1f4cca1e099f92565458de547eb1d9aa858db |
File details
Details for the file edumfa-2.3.0-py3-none-any.whl
.
File metadata
- Download URL: edumfa-2.3.0-py3-none-any.whl
- Upload date:
- Size: 3.7 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 258f043c6ff1754b456670fd3a788b6a8af0ec9756996a4f5d30a62c087bbcc1 |
|
MD5 | b1b300d17f2e78ad30bc54b7977b2118 |
|
BLAKE2b-256 | 84eb4fc5ef775c4de9886f1ee98f751b24d2e2e7cd9cfb6a235689490860a0a9 |