forked from Yubico/yubico-java-client
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathReadMe.txt
More file actions
127 lines (77 loc) · 3.48 KB
/
ReadMe.txt
File metadata and controls
127 lines (77 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
--------------------------------
Overview
--------------------------------
This is the Java client code from Yubico to demonstrate how to use Yubico's
web service to validate an OTP generated by your Yubikey.
It includes a
[ Java class called YubicoClient in the file YubicoClient.java ]
that your application can use to verify an Yubikey OTP.
*NOTE: The first 12 characters is the universally unique Yubikey device ID that
doesn't change, the following characters constitute the OTP.
----------------------------------------------------------------
Integration with Your Application
----------------------------------------------------------------
On the web part:
Eg. In your user login form, add Yubikey as the 2nd factor of authentication
like this:
***** Web User Login Form ******************************************
Username: _________________ Password: _________________
Touch the button on Yubikey: ________________________________
********************************************************************
1) Your application verifies the username and password as usual.
2) After verifying username/password, call YubiClient to verify the
OTP as the 2nd-factor strong authentication.
3) Log the user in or reject the user depends whether the OTP
validation result is true or false.
For demo purposes, the above is enough, you can just validate the OTP
and let the user in.
During production time, it is suggested that you create a database
table for yubikey to link the user ID (owner of the key) to the
Yubikey DeviceId.
--------------+-----------
DeviceId | UserId
--------------+-----------
vvfucnlcrrne 1890
abnnloposxxc 4371
bjuilddkfopf 2285
.......... ....
First time when a user plugs in a Yubikey, the DeviceId non-exists in
the table, so you ask him/her to register. Verify the OTP to make sure
he/she does own that key.
Later, when the user comes back to your site, you can just do the
above validation steps 1 - 3 and make sure this is the user that owns
the device.
Refer to mashed life that supports Yubikey. That's a good example:
https://mashedlife.com/yubikey.php
Test Yubico validation service with your Yubikey in action using
YubicoClient
----------------------------------------------------------------
Usage: runIt.bat Auth_ID OTP
Eg. runIt.bat 32 vvfucnlcrrnejlbuthlktguhclhvegbungldcrefbnku
The binary is at src\com\yubico\YubicoClient.class
[0] cd src\
[1] Plug Yubikey into your USB port, touch the button to generate the OTP:
C:\yubico> runIt.bat 32 vvfucnlcrrneejllbclujdivivvvlttjgnctncreunhl
* OTP verified OK
* Last response: t=2008-03-26T19:43:27Z0430
status=OK
[2] Try reuse the above OTP again, it will fail with the reason 'replayed OTP'.
C:\yubico> runIt.bat 32 vvfucnlcrrneejllbclujdivivvvlttjgnctncreunhl
* Failed to verify OTP
* Last response: t=2008-03-26T19:43:51Z0707
status=REPLAYED_OTP
[3] Try enter some invalid OTP, it fails with the reason 'bad OTP'.
C:\yubico> runIt.bat 32 xyxyxyxyxxyxyxyx
* Failed to verify OTP
* Last response: t=2008-03-26T19:47:19Z0301
status=BAD_OTP
--------------------------------
System Requirements
--------------------------------
* Developed and tested on Sun JDK 1.5 which you can get from
http://www.javasoft.com
--------------------------------
Support
--------------------------------
Visit Yubico.com or
Email tech@yubico.com