privacyIDEA - Modular Authentication System

  •        272

privacyIDEA is a Two Factor Authentication System which is multi-tenency- and multi-instance-capable. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication.
It supports a wide variety of authentication devices like OTP tokens (HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F devices like Yubikey and Plug-Up, smartphone Apps like Google Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates and Registration Codes for easy deployment.

https://www.privacyidea.org/
https://github.com/privacyidea/privacyidea
https://pypi.python.org/pypi/privacyIDEA

Tags
Implementation
License
Platform

   




Related Projects

2fa - Two-factor authentication on the command line

  •    Go

2fa is a two-factor authentication agent. 2fa -add name adds a new key to the 2fa keychain with the given name. It prints a prompt to standard error and reads a two-factor key from standard input. Two-factor keys are short case-insensitive strings of letters A-Z and digits 2-7.

aws-mfa - Manage AWS MFA Security Credentials

  •    Python

aws-mfa makes it easy to manage your AWS SDK Security Credentials when Multi-Factor Authentication (MFA) is enforced on your AWS account. It automates the process of obtaining temporary credentials from the AWS Security Token Service and updating your AWS Credentials file (located at ~/.aws/credentials). Traditional methods of managing MFA-based credentials requires users to write their own bespoke scripts/wrappers to fetch temporary credentials from STS and often times manually update their AWS credentials file. short-term - A temporary set of credentials that are generated by AWS STS using your long-term credentials in combination with your MFA device serial number (either a hardware device serial number or virtual device ARN) and one time token code. Your short term credentials are the credentials that are actively utilized by the AWS SDK in use.

two-factor-bundle - Two-factor authentication for Symfony applications

  •    PHP

... and follow the installation instructions. Detailed documentation of all features can be found in the Resources/doc directory.

TwoFactorAuth - PHP library for Two Factor Authentication (TFA / 2FA)

  •    PHP

PHP library for two-factor (or multi-factor) authentication using TOTP and QR-codes. Inspired by, based on but most importantly an improvement on 'PHPGangsta/GoogleAuthenticator'. There's a .Net implementation of this library as well. Here are some code snippets that should help you get started...

google2fa-laravel - A One Time Password Authentication package, compatible with Google Authenticator for Laravel

  •    PHP

Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. This package is a Laravel bridge to Google2FA's PHP package.


django-two-factor-auth - Complete Two-Factor Authentication for Django providing the easiest integration into most Django projects

  •    Python

Complete Two-Factor Authentication for Django. Built on top of the one-time password framework django-otp and Django's built-in authentication framework django.contrib.auth for providing the easiest integration into most Django projects. Inspired by the user experience of Google's Two-Step Authentication, allowing users to authenticate through call, text messages (SMS), by using a token generator app like Google Authenticator or a YubiKey hardware token generator (optional). I would love to hear your feedback on this package. If you run into problems, please file an issue on GitHub, or contribute to the project by forking the repository and sending some pull requests. The package is translated into English, Dutch and other languages. Please contribute your own language using Transifex.

yosai - A Security Framework for Python applications featuring Authorization (rbac permissions and roles), Authentication (2fa totp), Session Management and an extensive Audit Trail

  •    Python

Yosai is a "security framework" that features authentication, authorization, and session management from a common, intuitive API. Yosai is based on Apache Shiro, written in Java and widely used today.

FreeOTP - Two factor authentication

  •    Java

FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. If you need to generate a QR code, try our QR code generator.

M-Pin - Two Factor Authentication For Web sites

  •    Java

M-Pin Strong Authentication System enables true two-factor authentication for web sites and applications, based on the open source M-Pin Authentication Server and M-Pin Managed Service. The M-Pin™ Managed Service is a highly available, fault tolerant software as a service that issues cryptographic secrets to M-Pin Authentication Servers and Clients.

Google Authenticator - Two factor authentication

  •    Java

The Google Authenticator project includes implementations of one-time passcode generators for several mobile platforms, as well as a pluggable authentication module (PAM). One-time passcodes are generated using open standards developed by the Initiative for Open Authentication (OATH). These implementations support the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.

google2fa - A One Time Password Authentication package, compatible with Google Authenticator.

  •    PHP

Google2FA is a PHP implementation of the Google Two-Factor Authentication Module, supporting the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238. This package is agnostic, but there's a Laravel bridge.

two-factor-auth - Generate 2FA tokens compatible with Google Authenticator

  •    Go

Simple CLI app that generates tokens compatible with Google Authenticator. I implemented this mainly to understand how it works, you should probably not use this.

twofactorauth - List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software

  •    HTML

A list of popular sites and whether or not they accept two factor auth. The goal is to build a website (TwoFactorAuth.org) with a comprehensive list of sites that support Two Factor Authentication, as well as the methods that they provide.

WiKID Strong Authentication System

  •    C

The WiKID Strong Authentication System is a public-key based two-factor authentication system. It is a flexible, extensible, and secure alternative to tokens, certs and passwords. Application amp; API support exists for Java, ASP, PHP, Ruby, OpenVPN, TACACS+, etc. Get our new eGuide on Adding Two-factor authentication to your network: http://www.wikidsystems.com/learn-more/two-factor-authentication-white-papers

otp - TOTP library for Go

  •    Go

One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an easy on-ramp to Multi-factor authentication without adding a dependency on a SMS provider. This Password and TOTP combination is used by many popular websites including Google, Github, Facebook, Salesforce and many others. The otp library enables you to easily add TOTPs to your own application, increasing your user's security against mass-password breaches and malware.

Gluu Server - Identity and Access Management (IAM) platform

  •    Java

Gluu's open source authentication & API access management software for securing Web & mobile applications using open standards like SAML & OpenID Connect. Its features include Single Sign-On, Access Management, OAuth, Multi-Factor Authentication, LDAP Directory Integration, User Management and lot more.

cli - A zero trust swiss army knife for working with X509, OAuth, JWT, OATH OTP, etc.

  •    Go

step is a zero trust swiss army knife. It’s an easy-to-use and hard-to-misuse utility for building, operating, and automating systems that use zero trust technologies like authenticated encryption (X.509, TLS), single sign-on (OAuth OIDC, SAML), multi-factor authentication (OATH OTP, FIDO U2F), encryption mechanisms (JSON Web Encryption, NaCl), and verifiable claims (JWT, SAML assertions). For more information and docs see the step website and the blog post announcing step.

Google Authenticator TOTP C#

  •    CSharp

An implementation of Google's Authenticator in C# and WPF. It's a Time-based One-time Password (TOTP) described in RFC 6238. You could use it to implement two-factor authentication in your own .Net application.

fail2ban - Daemon to ban hosts that cause multiple authentication errors

  •    Python

Fail2Ban scans log files like /var/log/auth.log and bans IP addresses having too many failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses, for a configurable amount of time. Fail2Ban comes out-of-the-box ready to read many standard log files, such as those for sshd and Apache, and is easy to configure to read any log file you choose, for any error you choose. Though Fail2Ban is able to reduce the rate of incorrect authentications attempts, it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.