Nuxeo Server

Nuxeo DuoWeb Two-Factor Authentication

Updated: November 13, 2017 Page Information Edit on GitHub

The Nuxeo addon nuxeo-duoweb-authentication is an integration of DuoWeb access in Nuxeo login plugin and provides two-factor authentication through the Nuxeo login page.

This plugin is available for Nuxeo Platform 5.8 and above.

Configuration

Please refer to this README to configure and activate the addon on your Nuxeo instance.

The two factors authentication is executing the following steps:

  1. Login with your Nuxeo credentials.
  2. Bind/Use your Duo application to check identity through your mobile phone.
  3. Confirm identity authorization with your mobile phone.

Login Plugin Configuration

You must subscribe to DuoWeb services and follow DuoWeb documentation to create all DuoWeb Keys.

After installing the plugin, make sure before starting to include your DuoWeb Keys (provided by DuoWeb) in the following configuration file NUXEO_HOME/templates/duoweb-authentication/config/duo-authentication-config.xml:

<component name="org.nuxeo.duo.factors.login.contrib">

<require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>

<documentation>
  This authentication plugin processes DuoWeb Two Factors Authentication
</documentation>

<extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="authenticators">
  <authenticationPlugin name="DUO_TWO_FACTORS_AUTH"
                        enabled="true"
                        class="org.nuxeo.duoweb.factors.DuoFactorsAuthenticator">
    <loginModulePlugin>Trusting_LM</loginModulePlugin>
    <parameters>
      <parameter name="IKEY">YOUR_INTEGRATION_KEY</parameter>
      <parameter name="SKEY">YOUR_SECRET_KEY</parameter>
      <parameter name="AKEY">YOUR_APPLICATION_KEY</parameter>
      <parameter name="HOST">YOUR_API_HOSTNAME</parameter>
    </parameters>
  </authenticationPlugin>
</extension>

<extension
        target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
        point="chain">
  <authenticationChain>
    <plugins>
      <plugin>DUO_TWO_FACTORS_AUTH</plugin>
    </plugins>
  </authenticationChain>
</extension>

<extension point="openUrl" target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService">
  <openUrl name="duoFactorsPattern">
    <grantPattern>/nuxeo/duofactors.jsp</grantPattern>
  </openUrl>
</extension>

</component>

The YOUR_APPLICATION_KEY can be generated as followed in DuoWeb documentation


5 days ago manonlumeau Added content-review-lts2017 label
a month ago manonlumeau NXDOC-1346-FT review screenshot
2 years ago Solen Guitter 7
3 years ago Solen Guitter 6
3 years ago Solen Guitter 5
3 years ago Vladimir Pasquier 4
3 years ago Vladimir Pasquier 2
3 years ago Vladimir Pasquier 3
3 years ago Vladimir Pasquier 1
History: Created by Vladimir Pasquier