NAME
Lemonldap::NG::Portal::Main::SecondFactor - Base class for Lemonldap::NG::Portal second factor plugins.
SYNOPSIS
package Lemonldap::NG::Portal::2F::MySecondFactor;
use Mouse;
# Import used constants
use Lemonldap::NG::Portal::Main::Constants qw(
PE_OK
PE_BADCREDENTIALS
PE_SENDRESPONSE
);
extends 'Lemonldap::NG::Portal::Main::SecondFactor';
# INITIALIZATION
# Prefix that will be used in parameter names. The form used to enter the
# second factor must post its result to "/my2fcheck" (if "my" is the prefix).
has prefix => ( is => 'ro', default => 'my' );
# Optional logo
has logo => ( is => 'rw', default => 'mylogo.png' );
# Required init method
sub init {
my ($self) = @_;
# Insert here initialization process
#
# If self registration is enabled and "activation" is set to "enabled",
# replace the rule to detect if user has registered a device key.
# The rule must be like this :
# By example :
$self->conf->{u2fActivation} = '$_2fDevices =~ /"type":\s*"U2F"/s'
# Optionally, the rule can be : '$_2fDevices and $_2fDevices =~ /"type":\s*"U2F"/s'
# to avoid warning due to undef variable
#
# Required call:
return $self->SUPER::init();
}
# RUNNING METHODS
# Required 2nd factor send method
sub run {
my ( $self, $req, $token ) = @_;
# $token must be inserted in a hidden input in your form with the name
# "token"
...
# A LLNG constant must be returned. Example:
$req->response($my_psgi_response);
return PE_SENDRESPONSE;
}
# Required 2nd factor verify method
sub verify {
my ( $self, $req, $session ) = @_;
# Use $req->param('field') to get POST responses
...
if ($result eq $goodResult) {
return PE_OK;
}
else {
return PE_BADCREDENTIALS;
}
}
1;
Enable your plugin in lemonldap-ng.ini, section [portal]:
- <prefix>2fActivation (required): 1, 0 or a rule
- <prefix>2fAuthnLevel (optional): change authentication level for users authenticated by this plugin
Example:
[portal]
customPlugins = Lemonldap::NG::Portal::2F::MyPlugin
my2fActivation = 1
my2fAuthnLevel = 4
DESCRIPTION
Lemonldap::NG::Portal::Main::SecondFactor provides a simple framework to build Lemonldap::NG second authentication factor plugin.
See Lemonldap::NG::Portal::Plugins::2F::* packages for examples.
SEE ALSO
OTHER POD FILES
- Writing an authentication module: Lemonldap::NG::Portal::Auth
- Writing a UserDB module: Lemonldap::NG::Portal::UserDB
- Writing a second factor module: Lemonldap::NG::Portal::Main::SecondFactor
- Writing an issuer module: Lemonldap::NG::Portal::Main::Issuer
- Writing another plugin: Lemonldap::NG::Portal::Main::Plugin
- Request object: Lemonldap::NG::Portal::Main::Request
- Adding parameters in the manager: Lemonldap::NG::Manager::Build
AUTHORS
- LemonLDAP::NG team http://lemonldap-ng.org/team
BUG REPORT
Use OW2 system to report bug or ask for features: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/issues
DOWNLOAD
Lemonldap::NG is available at https://lemonldap-ng.org/download
COPYRIGHT AND LICENSE
See COPYING file for details.
This library is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.