eduMFA
===========
.. image:: https://codecov.io/gh/eduMFA/eduMFA/coverage.svg?branch=main
:target: https://codecov.io/gh/eduMFA/eduMFA?branch=main
.. image:: https://img.shields.io/pypi/v/eduMFA.svg
:alt: Latest Version
:target: https://pypi.python.org/pypi/eduMFA/#history
.. image:: https://img.shields.io/pypi/pyversions/edumfa.svg
:alt: PyPI - Python Version
:target: https://pypi.python.org/pypi/edumfa/
.. image:: https://img.shields.io/github/license/edumfa/edumfa.svg
:alt: License
:target: https://pypi.python.org/pypi/edumfa/
.. image:: https://readthedocs.org/projects/edumfa/badge/?version=latest
:alt: Documentation
:target: http://edumfa.readthedocs.org/en/latest/
eduMFA is an open solution for strong two-factor authentication like
OTP tokens, SMS, smartphones or SSH keys.
Using eduMFA you can enhance your existing applications like local login
(PAM, Windows Credential Provider),
VPN, remote access, SSH connections, access to websites or web portals with
a second factor during authentication. Thus boosting the security of your
existing applications.
The project eduMFA is based on the privacyIDEA Project and aims to provide up-to-date multifactor authentication for academic institutions.
Overview
========
eduMFA runs as an additional service in your network, and you can connect different
applications to eduMFA.
eduMFA does not bind you to any decision of the authentication
protocol, nor does it dictate you where your user information should be
stored. This is achieved by its totally modular architecture.
eduMFA is not only open as far as its modular architecture is
concerned. But eduMFA is completely licensed under the AGPLv3.
It supports a wide variety of authentication devices like OTP tokens
(HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F, as well
as FIDO2 WebAuthn devices like Yubikey and Plug-Up, smartphone Apps like Google
Authenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates
and Registration Codes for easy deployment.
eduMFA is based on Flask and SQLAlchemy as the python backend. The
web UI is based on angularJS and bootstrap.
A MachineToken design lets you assign tokens to machines. Thus, you can use
your Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP
with PAM.
Setup
=====
For setting up the system to *run* it, please read install instructions
at `edumfa.readthedocs.io <http://edumfa.readthedocs.io/en/latest/installation/index.html>`_.
If you want to setup a development environment start like this::
git clone https://github.com/edumfa/edumfa.git
cd edumfa
virtualenv venv
source venv/bin/activate
pip install -r requirements.txt
.. _testing_env:
You may additionally want to set up your environment for testing, by adding the
additional dependencies::
pip install -r tests/requirements.txt
Getting and updating submodules
===============================
The client-side library for the registering and signing of WebAuthn-Credentials
resides in a submodule.
To fetch all submodules for this repository, run::
git submodule update --init --recursive
When pulling changes from upstream later, you can automatically update any outdated
submodules, by running::
git pull --recurse-submodules
Running it
==========
First You need to create a `config-file <https://edumfa.readthedocs.io/en/latest/installation/system/inifile.html>`_.
Then create the database tables and the encryption key::
./edumfa-manage create_tables
./edumfa-manage create_enckey
If You want to keep the development database upgradable, You should `stamp
<https://edumfa.readthedocs.io/en/latest/installation/upgrade.html>`_ it
to simplify updates::
./edumfa-manage db stamp head -d migrations/
Create the key for the audit log::
./edumfa-manage create_audit_keys
Create the first administrator::
./edumfa-manage admin add <username>
Run it::
./edumfa-manage runserver
Now you can connect to ``http://localhost:5000`` with your browser and login
as administrator.
Run tests
=========
If you have followed the steps above to set up your
`environment for testing <#testing-env>`__, running the test suite should be as
easy as running `pytest <http://pytest.org/>`_ with the following options::
python -m pytest -v --cov=eduMFA --cov-report=html tests/
Contributing
============
There are a lot of different ways to contribute to eduMFA, even
if you are not a developer.
If you found a security vulnerability please report it to us using the reporting form provided by GitHub
You can find detailed information about contributing here:
https://github.com/eduMFA/eduMFA/blob/main/CONTRIBUTING.md
Code structure
==============
The database models are defined in ``models.py`` and tested in
tests/test_db_model.py.
Based on the database models there are the libraries ``lib/config.py`` which is
responsible for basic configuration in the database table ``config``.
And the library ``lib/resolver.py`` which provides functions for the database
table ``resolver``. This is tested in tests/test_lib_resolver.py.
Based on the resolver there is the library ``lib/realm.py`` which provides
functions
for the database table ``realm``. Several resolvers are combined into a realm.
Based on the realm there is the library ``lib/user.py`` which provides functions
for users. There is no database table user, since users are dynamically read
from the user sources like SQL, LDAP, SCIM or flat files.
Versioning
==========
eduMFA adheres to `Semantic Versioning <http://semver.org/>`_.
Raw data
{
"_id": null,
"home_page": "https://www.edumfa.io",
"name": "edumfa",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "OTP, two factor authentication, management, security",
"author": "edumfa.io",
"author_email": "edumfa@listserv.dfn.de",
"download_url": "https://files.pythonhosted.org/packages/8c/34/fd161cc8f5d77a151fa9e882eb6fcdc9225e0489f8dac4322d9e8265f9f5/edumfa-2.0.2.tar.gz",
"platform": null,
"description": "eduMFA\n===========\n\n.. image:: https://codecov.io/gh/eduMFA/eduMFA/coverage.svg?branch=main\n :target: https://codecov.io/gh/eduMFA/eduMFA?branch=main\n\n.. image:: https://img.shields.io/pypi/v/eduMFA.svg\n :alt: Latest Version\n :target: https://pypi.python.org/pypi/eduMFA/#history\n\n.. image:: https://img.shields.io/pypi/pyversions/edumfa.svg\n :alt: PyPI - Python Version\n :target: https://pypi.python.org/pypi/edumfa/\n\n.. image:: https://img.shields.io/github/license/edumfa/edumfa.svg\n :alt: License\n :target: https://pypi.python.org/pypi/edumfa/\n \n.. image:: https://readthedocs.org/projects/edumfa/badge/?version=latest\n :alt: Documentation\n :target: http://edumfa.readthedocs.org/en/latest/\n\n \neduMFA is an open solution for strong two-factor authentication like\nOTP tokens, SMS, smartphones or SSH keys.\nUsing eduMFA you can enhance your existing applications like local login\n(PAM, Windows Credential Provider), \nVPN, remote access, SSH connections, access to websites or web portals with\na second factor during authentication. Thus boosting the security of your \nexisting applications.\n\nThe project eduMFA is based on the privacyIDEA Project and aims to provide up-to-date multifactor authentication for academic institutions.\n\nOverview\n========\n\neduMFA runs as an additional service in your network, and you can connect different\napplications to eduMFA.\n\neduMFA does not bind you to any decision of the authentication\nprotocol, nor does it dictate you where your user information should be\nstored. This is achieved by its totally modular architecture.\neduMFA is not only open as far as its modular architecture is\nconcerned. But eduMFA is completely licensed under the AGPLv3.\n\nIt supports a wide variety of authentication devices like OTP tokens \n(HMAC, HOTP, TOTP, OCRA, mOTP), Yubikey (HOTP, TOTP, AES), FIDO U2F, as well\nas FIDO2 WebAuthn devices like Yubikey and Plug-Up, smartphone Apps like Google\nAuthenticator, FreeOTP, Token2 or TiQR, SMS, Email, SSH keys, x509 certificates\nand Registration Codes for easy deployment.\n\neduMFA is based on Flask and SQLAlchemy as the python backend. The\nweb UI is based on angularJS and bootstrap.\nA MachineToken design lets you assign tokens to machines. Thus, you can use\nyour Yubikey to unlock LUKS, assign SSH keys to SSH servers or use Offline OTP\nwith PAM.\n\n\n\nSetup\n=====\n\nFor setting up the system to *run* it, please read install instructions \nat `edumfa.readthedocs.io <http://edumfa.readthedocs.io/en/latest/installation/index.html>`_.\n\nIf you want to setup a development environment start like this::\n\n git clone https://github.com/edumfa/edumfa.git\n cd edumfa\n virtualenv venv\n source venv/bin/activate\n pip install -r requirements.txt\n \n.. _testing_env:\n\nYou may additionally want to set up your environment for testing, by adding the\nadditional dependencies::\n\n pip install -r tests/requirements.txt\n\n\nGetting and updating submodules\n===============================\n\nThe client-side library for the registering and signing of WebAuthn-Credentials\nresides in a submodule.\n\nTo fetch all submodules for this repository, run::\n\n git submodule update --init --recursive\n\nWhen pulling changes from upstream later, you can automatically update any outdated\nsubmodules, by running::\n\n git pull --recurse-submodules\n\nRunning it\n==========\n\nFirst You need to create a `config-file <https://edumfa.readthedocs.io/en/latest/installation/system/inifile.html>`_.\n\nThen create the database tables and the encryption key::\n\n ./edumfa-manage create_tables\n ./edumfa-manage create_enckey\n\nIf You want to keep the development database upgradable, You should `stamp\n<https://edumfa.readthedocs.io/en/latest/installation/upgrade.html>`_ it\nto simplify updates::\n\n ./edumfa-manage db stamp head -d migrations/\n\nCreate the key for the audit log::\n\n ./edumfa-manage create_audit_keys\n\nCreate the first administrator::\n\n ./edumfa-manage admin add <username>\n\nRun it::\n\n ./edumfa-manage runserver\n\nNow you can connect to ``http://localhost:5000`` with your browser and login\nas administrator.\n\nRun tests\n=========\n\nIf you have followed the steps above to set up your\n`environment for testing <#testing-env>`__, running the test suite should be as\neasy as running `pytest <http://pytest.org/>`_ with the following options::\n\n python -m pytest -v --cov=eduMFA --cov-report=html tests/\n\nContributing\n============\n\nThere are a lot of different ways to contribute to eduMFA, even\nif you are not a developer.\n\nIf you found a security vulnerability please report it to us using the reporting form provided by GitHub\n\nYou can find detailed information about contributing here:\nhttps://github.com/eduMFA/eduMFA/blob/main/CONTRIBUTING.md\n\nCode structure\n==============\n\nThe database models are defined in ``models.py`` and tested in \ntests/test_db_model.py.\n\nBased on the database models there are the libraries ``lib/config.py`` which is\nresponsible for basic configuration in the database table ``config``.\nAnd the library ``lib/resolver.py`` which provides functions for the database\ntable ``resolver``. This is tested in tests/test_lib_resolver.py.\n\nBased on the resolver there is the library ``lib/realm.py`` which provides\nfunctions\nfor the database table ``realm``. Several resolvers are combined into a realm.\n\nBased on the realm there is the library ``lib/user.py`` which provides functions \nfor users. There is no database table user, since users are dynamically read \nfrom the user sources like SQL, LDAP, SCIM or flat files.\n\nVersioning\n==========\neduMFA adheres to `Semantic Versioning <http://semver.org/>`_.\n",
"bugtrack_url": null,
"license": "AGPLv3",
"summary": "eduMFA: identity, multifactor authentication (OTP), authorization, audit",
"version": "2.0.2",
"project_urls": {
"Homepage": "https://www.edumfa.io"
},
"split_keywords": [
"otp",
" two factor authentication",
" management",
" security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "0ed1688afae31843f3e595cc20ae97adb9c2c22182e748aa0c615b30eac1d12a",
"md5": "f172ff9b54566ac1275e02eca2929756",
"sha256": "c3a1a4b581f110087764dc2d41d18abb259d260dd775836969641059238339a0"
},
"downloads": -1,
"filename": "edumfa-2.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f172ff9b54566ac1275e02eca2929756",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 4236952,
"upload_time": "2024-04-26T10:25:26",
"upload_time_iso_8601": "2024-04-26T10:25:26.133265Z",
"url": "https://files.pythonhosted.org/packages/0e/d1/688afae31843f3e595cc20ae97adb9c2c22182e748aa0c615b30eac1d12a/edumfa-2.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "8c34fd161cc8f5d77a151fa9e882eb6fcdc9225e0489f8dac4322d9e8265f9f5",
"md5": "2ba4fa23c8682864f14aa7462406bb66",
"sha256": "98580701914767feb2cb6cdd970d46f06959b14e8701b923654010468754b97d"
},
"downloads": -1,
"filename": "edumfa-2.0.2.tar.gz",
"has_sig": false,
"md5_digest": "2ba4fa23c8682864f14aa7462406bb66",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 3984354,
"upload_time": "2024-04-26T10:25:27",
"upload_time_iso_8601": "2024-04-26T10:25:27.862078Z",
"url": "https://files.pythonhosted.org/packages/8c/34/fd161cc8f5d77a151fa9e882eb6fcdc9225e0489f8dac4322d9e8265f9f5/edumfa-2.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-26 10:25:27",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "edumfa"
}
JSON