Overview

IMPORTANT: Please see Joomla! Tracker item 32724

The YubiKey two factor authentication plugin distributed with Joomla! 3.2.0 can only validate the code generated by the YubiKey against the public YubiCloud validation servers.

YubiKey allows you to create private validation servers using the Free and Open Source Software for custom validation servers provided by YubiCo. This is a great solution for Intranets and for elevated security environments e.g. enterprise) where tighter control of the YubiKeys is required.

This PR implements a new parameter in the YubiKey Two Factor Authentication plugin which allows the user to provide the URL of their custom key server.

Test instructions

Apply the path. Edit the Two Factor Authentication - YubiKey plugin. You will now see a new parameter called "Custom validation server". Enter your custom validation server URL, e.g. http://www.example.com/mykeyserver/wsapi/2.0/verify

IMPORTANT: You MUST add the /wsapi/2.0/verify suffix to your URL.

If you have a custom validation server the YubiKey code will be now validated against your custom server. You can try enabling the two factor authentication using such a server and a YubiKey configured to only validate against it to verify this patch.

Project management information

Backwards compatibility

None. This change is 100% backwards compatible.

Developer information

None. The change is transparent to developers.

Language changes

This PR adds two new language strings in the file administrator/language/en-GB/en-GB.plg_twofactorauth_yubikey.ini: PLG_TWOFACTORAUTH_YUBIKEY_CUSTOMSERVER_DESC and PLG_TWOFACTORAUTH_YUBIKEY_CUSTOMSERVER_LABEL