Hi All,
I would like to know if there is a way to implement two-factor authentication (e.g. yubikey, Google Authenticator) for XWiki login. I was hoping there is a sort of extension already but it seems not (maybe I didn’t search it well). Just want to clarify - I’d like to implement two-factor authentication, not social media account login. I would really appreciate it if I could get help regarding this matter. Thanks a lot.
Eoin
XWiki version: XWiki Debian 10.11.8 LTS
Indeed there is no two factor authentication with standard XWiki accounts right now. Now it should not be very hard to implement with a custom authenticator (or as a new feature in the core).
So if you want to work on an extension here are some pointers (Java):
*extends com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl: you could look at other custom authenticators to get you started with a skeleton extension, a very simple example is GitHub - xwiki-contrib/xwiki-authenticator-headers: XWiki authentication based on HTTP headers. The logic is a bit different in your case since you want to add a step to the standard authentication (using a redirect for example) and not replace it but it’s the same area.
Thanks @tmortagne. But could I please ask a bit more detail steps if possible? I actually have absolutely zero knowledge about programming language so I may need a bit of help. Thanks again.
Eoin
You will need to learn Java programming and HTTP before working on something like this and it’s not the kind of things I can detail more in this context.
Thanks @tmortagne. I had a look at the links you posted above a bit. If I understood correctly, I have to build a JAR file and drop that into WEB-INF/lib/ directory and configure xwiki.cfg file, correct?
If that’s the case, I might be able to try it at least although I don’t know how to resolve dependencies. Thanks again. Let me try.
That’s the short way yes. When this is working you can then publish it as extension and it can be installed from the extension manager. The easiest is to duplicate xwiki-authenticator-headers and then modify it for your specific use case.
Thanks @tmortagne. So, if I understood your response correctly again,
-
Duplicate xwiki-authenticator-headers Java file and modify it.
-
Build a JAR file from it (I believe this is similar concept to compile?)
-
Publish it as extension and install it from the extension manager.
So, it sounds like now I have to learn how to code in Java. That will be a challenge but let me try. Thanks a lot, much appreciate it.
Eoin
Thanks @tmortagne. Let me try and see how it goes. Cheers.
Eoin
Did a bit of muck around and found that my ability is not really enough to do this. Out of my curiosity, do you have any plan for this feature in later time? Thanks.
Eoin
It’s not currently in the project roadmap (too much in the TODO list for too little team) but you could ask to one of the companies in the XWiki community to do that for you. See https://www.xwiki.org/xwiki/bin/view/Main/Support#HProfessionalSupport.
Thanks @tmortagne. Cheers.
Eoin
What Thomas means is that you could help the XWiki open source project (and have your need implemented too! ;)) by sponsoring the development of the feature!