privacyIDEA: identity, multifactor authentication (OTP), authorization, audit
Project description
privacyIDEA
===========
.. image:: https://travis-ci.org/privacyidea/privacyidea.svg?branch=master
:alt: Build Status
:target: https://travis-ci.org/privacyidea/privacyidea
.. image:: https://circleci.com/gh/privacyidea/privacyidea/tree/master.svg?style=shield&circle-token=:circle-token
:alt: CircleCI
:target: https://circleci.com/gh/privacyidea/privacyidea
.. image:: https://codecov.io/github/privacyidea/privacyidea/coverage.svg?branch=master
:target: https://codecov.io/github/privacyidea/privacyidea?branch=master
.. .. image:: https://img.shields.io/pypi/dm/privacyidea.svg
.. :alt: Downloads
.. :target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/pypi/v/privacyidea.svg
:alt: Latest Version
:target: https://pypi.python.org/pypi/privacyIDEA/#history
.. image:: https://img.shields.io/pypi/pyversions/privacyidea.svg
:alt: PyPI - Python Version
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/github/license/privacyidea/privacyidea.svg
:alt: License
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://readthedocs.org/projects/privacyidea/badge/?version=master
:alt: Documentation
:target: http://privacyidea.readthedocs.org/en/master/
.. .. image:: https://codeclimate.com/github/privacyidea/privacyidea/badges/gpa.svg
.. :alt: Code Climate
.. :target: https://codeclimate.com/github/privacyidea/privacyidea
.. image:: https://api.codacy.com/project/badge/grade/d58934978e1a4bcca325f2912ea386ff
:alt: Codacy Badge
:target: https://www.codacy.com/app/cornelius-koelbel/privacyidea
.. image:: https://img.shields.io/twitter/follow/privacyidea.svg?style=social&label=Follow
:alt: privacyIDEA on twitter
privacyIDEA is an open solution for strong two-factor authentication like
OTP tokens, SMS, smartphones or SSH keys.
Using privacyIDEA you can enhance your existing applications like local login
(PAM, Windows Credential Provider),
VPN, remote access, SSH connections, access to web sites or web portals with
a second factor during authentication. Thus boosting the security of your
existing applications.
Overview
========
privacyIDEA runs as an additional service in your network and you can connect different
applications to privacyIDEA.
.. image:: https://privacyidea.org/wp-content/uploads/2017/privacyIDEA-Integration.png
:alt: privacyIDEA Integration
:scale: 50 %
privacyIDEA does not bind you to any decision of the authentication
protocol or it does not dictate you where your user information should be
stored. This is achieved by its totally modular architecture.
privacyIDEA is not only open as far as its modular architecture is
concerned. But privacyIDEA is completely licensed under the AGPLv3.
It supports a wide variety of authentication devices like OTP tokens
(HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices
like Yubikey and Plug-Up, smartphone
Apps like Google Authenticator, FreeOTP, Token2 or TiQR,
SMS, Email, SSH keys, x509 certificates
and Registration Codes for easy deployment.
privacyIDEA is based on Flask and SQLAlchemy as the python backend. The
web UI is based on angularJS and bootstrap.
A MachineToken design lets you assign tokens to machines. Thus you can use
your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.
You may join the discourse discussion forum to give feedback, help other users, discuss questions and ideas:
https://community.privacyidea.org
Setup
=====
For setting up the system to *run* it, please read install instructions
at http://privacyidea.readthedocs.io.
If you want to setup a development environment start like this::
git clone https://github.com/privacyidea/privacyidea.git
cd privacyidea
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
You may additionally want to set up your environment for testing, by adding nose and the additional dependencies::
pip install nose
pip install -r tests/requirements.txt
You may also want to read the blog post about development and debugging at
https://www.privacyidea.org/privacyidea-development-howto/
Getting and updating submodules
===============================
Some authentication modules and the admin client are located in git submodules.
To fetch the latest release of these run::
git submodule init
git submodule update
Later you can update the submodules like this::
git pull --recurse-submodules
Running it
==========
Create the database and encryption key::
./pi-manage createdb
./pi-manage create_enckey
Create the key for the audit log::
./pi-manage create_audit_keys
Create the first administrator::
./pi-manage admin add <username>
Run it::
./pi-manage runserver
Now you can connect to http://localhost:5000 with your browser and login
as administrator.
Run tests
=========
If you have followed the steps above to set up your environment for testing, running the test suite should be as easy as running nosetests(1) with the following options::
nosetests -v --with-coverage --cover-package=privacyidea --cover-html
Contributing
============
There are a lot of different way to contribute to privacyIDEA, even
if you are not a developer.
If you found a security vulnerability please report it to
security@privacyidea.org.
You can find detailed information about contributing here:
https://github.com/privacyidea/privacyidea/blob/master/CONTRIBUTING.md
Code structure
==============
The database models are defined in ``models.py`` and tested in
tests/test_db_model.py.
Based on the database models there are the libraries ``lib/config.py`` which is
responsible for basic configuration in the database table ``config``.
And the library ``lib/resolver.py`` which provides functions for the database
table ``resolver``. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library ``lib/realm.py`` which provides
functions
for the database table ``realm``. Several resolvers are combined into a realm.
Based on the realm there is the library ``lib/user.py`` which provides functions
for users. There is no database table user, since users are dynamically read
from the user sources like SQL, LDAP, SCIM or flat files.
Versioning
==========
privacyIDEA adheres to `Semantic Versioning <http://semver.org/>`_.
===========
.. image:: https://travis-ci.org/privacyidea/privacyidea.svg?branch=master
:alt: Build Status
:target: https://travis-ci.org/privacyidea/privacyidea
.. image:: https://circleci.com/gh/privacyidea/privacyidea/tree/master.svg?style=shield&circle-token=:circle-token
:alt: CircleCI
:target: https://circleci.com/gh/privacyidea/privacyidea
.. image:: https://codecov.io/github/privacyidea/privacyidea/coverage.svg?branch=master
:target: https://codecov.io/github/privacyidea/privacyidea?branch=master
.. .. image:: https://img.shields.io/pypi/dm/privacyidea.svg
.. :alt: Downloads
.. :target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/pypi/v/privacyidea.svg
:alt: Latest Version
:target: https://pypi.python.org/pypi/privacyIDEA/#history
.. image:: https://img.shields.io/pypi/pyversions/privacyidea.svg
:alt: PyPI - Python Version
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://img.shields.io/github/license/privacyidea/privacyidea.svg
:alt: License
:target: https://pypi.python.org/pypi/privacyIDEA/
.. image:: https://readthedocs.org/projects/privacyidea/badge/?version=master
:alt: Documentation
:target: http://privacyidea.readthedocs.org/en/master/
.. .. image:: https://codeclimate.com/github/privacyidea/privacyidea/badges/gpa.svg
.. :alt: Code Climate
.. :target: https://codeclimate.com/github/privacyidea/privacyidea
.. image:: https://api.codacy.com/project/badge/grade/d58934978e1a4bcca325f2912ea386ff
:alt: Codacy Badge
:target: https://www.codacy.com/app/cornelius-koelbel/privacyidea
.. image:: https://img.shields.io/twitter/follow/privacyidea.svg?style=social&label=Follow
:alt: privacyIDEA on twitter
privacyIDEA is an open solution for strong two-factor authentication like
OTP tokens, SMS, smartphones or SSH keys.
Using privacyIDEA you can enhance your existing applications like local login
(PAM, Windows Credential Provider),
VPN, remote access, SSH connections, access to web sites or web portals with
a second factor during authentication. Thus boosting the security of your
existing applications.
Overview
========
privacyIDEA runs as an additional service in your network and you can connect different
applications to privacyIDEA.
.. image:: https://privacyidea.org/wp-content/uploads/2017/privacyIDEA-Integration.png
:alt: privacyIDEA Integration
:scale: 50 %
privacyIDEA does not bind you to any decision of the authentication
protocol or it does not dictate you where your user information should be
stored. This is achieved by its totally modular architecture.
privacyIDEA is not only open as far as its modular architecture is
concerned. But privacyIDEA is completely licensed under the AGPLv3.
It supports a wide variety of authentication devices like OTP tokens
(HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices
like Yubikey and Plug-Up, smartphone
Apps like Google Authenticator, FreeOTP, Token2 or TiQR,
SMS, Email, SSH keys, x509 certificates
and Registration Codes for easy deployment.
privacyIDEA is based on Flask and SQLAlchemy as the python backend. The
web UI is based on angularJS and bootstrap.
A MachineToken design lets you assign tokens to machines. Thus you can use
your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP with PAM.
You may join the discourse discussion forum to give feedback, help other users, discuss questions and ideas:
https://community.privacyidea.org
Setup
=====
For setting up the system to *run* it, please read install instructions
at http://privacyidea.readthedocs.io.
If you want to setup a development environment start like this::
git clone https://github.com/privacyidea/privacyidea.git
cd privacyidea
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
You may additionally want to set up your environment for testing, by adding nose and the additional dependencies::
pip install nose
pip install -r tests/requirements.txt
You may also want to read the blog post about development and debugging at
https://www.privacyidea.org/privacyidea-development-howto/
Getting and updating submodules
===============================
Some authentication modules and the admin client are located in git submodules.
To fetch the latest release of these run::
git submodule init
git submodule update
Later you can update the submodules like this::
git pull --recurse-submodules
Running it
==========
Create the database and encryption key::
./pi-manage createdb
./pi-manage create_enckey
Create the key for the audit log::
./pi-manage create_audit_keys
Create the first administrator::
./pi-manage admin add <username>
Run it::
./pi-manage runserver
Now you can connect to http://localhost:5000 with your browser and login
as administrator.
Run tests
=========
If you have followed the steps above to set up your environment for testing, running the test suite should be as easy as running nosetests(1) with the following options::
nosetests -v --with-coverage --cover-package=privacyidea --cover-html
Contributing
============
There are a lot of different way to contribute to privacyIDEA, even
if you are not a developer.
If you found a security vulnerability please report it to
security@privacyidea.org.
You can find detailed information about contributing here:
https://github.com/privacyidea/privacyidea/blob/master/CONTRIBUTING.md
Code structure
==============
The database models are defined in ``models.py`` and tested in
tests/test_db_model.py.
Based on the database models there are the libraries ``lib/config.py`` which is
responsible for basic configuration in the database table ``config``.
And the library ``lib/resolver.py`` which provides functions for the database
table ``resolver``. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library ``lib/realm.py`` which provides
functions
for the database table ``realm``. Several resolvers are combined into a realm.
Based on the realm there is the library ``lib/user.py`` which provides functions
for users. There is no database table user, since users are dynamically read
from the user sources like SQL, LDAP, SCIM or flat files.
Versioning
==========
privacyIDEA adheres to `Semantic Versioning <http://semver.org/>`_.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
privacyIDEA-3.2.dev2.tar.gz
(2.6 MB
view details)
File details
Details for the file privacyIDEA-3.2.dev2.tar.gz.
File metadata
- Download URL: privacyIDEA-3.2.dev2.tar.gz
- Upload date:
- Size: 2.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.20.0 setuptools/40.6.3 requests-toolbelt/0.9.1 tqdm/4.31.1 CPython/2.7.15rc1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
98e5fb943d5a4132b4bd06cead007c889d9024cffce1398e9dd480561c85761c
|
|
| MD5 |
745d3e0144bd65d3bb5eea1de910bd32
|
|
| BLAKE2b-256 |
4aa5cfa2e110f9c39cb6abcf4f6348263f79dea16486a4c3917566eba4c06f26
|
