Two Factor Authentication (2FA)

Hi, my name is Stratu Catalin, I am a 2nd year student at Stefan cel Mare University in Suceava, Romania, specializing in Computer Science. I would like to propose a new project to the list of already proposed projects called “Two Factor Authentication”. Such authentication would increase the security of the Administrator and other users.

If someone outside finds out the administrator’s password and authentication using the Brute Force attack, 2FA can protect the administrator’s account. I will create a system for 2FA to appear when the user is connected from another device. The user will be able to choose 2FA options: authentication APP such as google authenticator, SMS authentication or email authentication.

It is a good idea? Could such an idea be realized within the GSoC project?

Hi Catalin, yes it’s definitely a good idea and I would be happy to mentor (or ideally co-mentor) it if it gets selected. I’m actually not really sure why we did not though about adding this to the proposals since it’s a need that was discussed in the past.

It definitely can, it all depends on how many and which 2FA options you plan to implement (I think I would skip the SMS one in the context of the GSOC since it require a more complex and usually more expensive setup and is not very safe anyway).

Looking forward to seeing a more detailed proposal from you :slight_smile:

1 Like

Hi, Catalin.

Definitely an idea that was passed around in the past but never really approached, mostly due to lack of time. Indeed, sounds like something doable as a GSoC project, so feel free to add it to the list of ideas on https://gsoc.xwiki.org and set @tmortagne as mentor.

You should start exploring the idea and XWiki itself and feel free to ask specific questions that you’re struggling with on the chat and/or the forum. Don’t forget those PRs, as well, since you need to show that you have what it takes to finish the (or any) project :wink:

Also looking forward to see your progress on elaborating your GSoC project proposal (architecture, approach, timeline, etc.). Good luck!

Title: Create a integrable solution Two-factor authentication (2FA) for XWiki

2FA requires you to enter an extra code when you log in or perform some account-sensitive action (e.g. changing your password).

XWiki allows writing custom authenticator and there is many of those, see http://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Authentication/#HCustomAuthentication but they are written one by one and they don’t share much with each other.

Hi, @tmortagne, I can put it in the “Proposed Projects” section?

Sure @CatalinStratu .

1 Like

Hello, Mr. @vmassol , I wanted to ask you if you want to be a co-mentor of this idea?

https://dev.xwiki.org/xwiki/bin/view/GoogleSummerOfCode/CreateaintegrablesolutionTwo-factorauthentication2FAforXWiki

https://fedorahosted.org/freeotphttps://fedorahosted.org/freeotp

Time-based One Time Password (MFA) Library for Java


Am interested in using a 2FA extension for Xwiki for my QMS documentation project - but do not know any Java programming. Was wondering if this Java library might help of help in building the extension - for working with Google Authentifacor / Free OTP app. Would be happy to help in my limited way or at least try it out and test it out. Regards

sorry !! got the link WORNG in the previous suggestion for the TOTP Java library.