1. No category

Alfresco and 2 Factor Authentication

Alfresco and 2 Factor
Authentication
Ermanno Russo
Developer at Zaizi
What is 2 factor
authentication?
Initial setup
• User
•. Chooses to setup 2FA
• Server
•. Generates a secret
•. Associates it with the user’s account
•. Makes it available to the user
• User
•. Stores the secret in a specific device
Initial setup
• User
•. Chooses to setup 2FA
• Server
•. Generates a secret
•. Associates it with the user’s account
•. Makes it available to the user
• User
•. Stores the secret in a specific device
How does the login work?
• User
. Device combines secret + current time
. Types the code along with credentials
How does the login work?
• User
. Device combines secret + current time
. Types the code along with credentials
• Server
. Retrieves the user’s secret
• . Computes the code itself from it
How does the login work?
• User
. Device combines secret + current time
. Types the code along with credentials
• Server
. Retrieves the user’s secret
• . Computes the code itself from it
• . Checks it matches
• . Checks normal user/password
To put it simply
• Like a second password
• - Provided by a device
• - You don't have to remember it
• - Changes automatically every 30sec
• - If the device is stolen, the thief still
doesn't know your credentials
To put it simply
• Like a second password
• - Provided by a device
• - You don't have to remember it
• - Changes automatically every 30sec
• - If the device is stolen, the thief still
doesn't know your credentials
Why use 2 factor
authentication?
Password
Password
Why use 2 factor
authentication? (2)
Password
+
code
Password
+
Outdated
code
What about Alfresco?
Google Authenticator
IETF RFC 6238
Setup screen
Setup screen
Login screen
Login screen
Device lost - Admin help
Reducing manual admin
intervention
. Saving the secret somewhere safe
. Disposable time agnostic codes
Reducing manual admin
intervention
. Saving the secret somewhere safe
. Disposable time agnostic codes
Conclusion
• Something you know
•. Your password
• Something you have
•. Your decoding device
Resources
RFC 6238
http://tools.ietf.org/html/rfc6238
Install Google Authenticator app
https://support.google.com/accounts/answer/1066447
?hl=en
Any question welcome [email protected]

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz