luzifer/nginx-sso
1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-09-19 18:32:56 +00:00
Code Issues Releases Wiki Activity

Updated MFA Provider Configuration (markdown)

Knut Ahlers 2018-12-29 00:44:08 +01:00
parent 59dc10ba8b
commit 4ee1353ce8
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
MFA-Provider-Configuration.md

@ -26,19 +26,23 @@ The corresponding expected MFA configuration is as following:
provider: duo
```
## Google Authenticator / TOTP (`google`)
## Google Authenticator / TOTP (`totp`)
The provider name here is `google` while the only supported argument at the moment is `secret`. The secret is what you need to provide to your users for them to add the config to their authenticator. (It MUST be base32 encoded!)
This provider supports several different TOTP configurations while the default configuration is held compatible to what Google Authenticator is using. You can configure all parameters documented below though in most cases you won't need to touch any parameter other than `secret`. The `secret` must be base32 encoded while the trailing equal signs may be stripped.
Here is an example of the URI to provide in a QRCode:
```yaml
provider: google
provider: totp
attributes:
secret: MZXW6YTBOIFA
secret: MZXW6YTBOIFA # required
period: 30 # optional, defaults to 30 (Google Authenticator)
skew: 1 # optional, defaults to 1 (Google Authenticator)
digits: 8 # optional, defaults to 6 (Google Authenticator)
algorithm: sha1 # optional (sha1, sha256, sha512), defaults to sha1 (Google Authenticator)
```
`otpauth://totp/Example:myusername?secret=myverysecretsecret` ([Docs](https://github.com/google/google-authenticator/wiki/Key-Uri-Format))
`otpauth://totp/Example:myusername?secret=MZXW6YTBOIFA` ([Docs](https://github.com/google/google-authenticator/wiki/Key-Uri-Format))
## Yubikey (`yubikey`)