You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openmeetings.apache.org by "seba.wagner@gmail.com" <se...@gmail.com> on 2022/08/03 03:14:52 UTC
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Not many pros or cons in this discussion.
But I think it would be a good option to have available for users. As well
as a good feature to advertise for. Especially in order to use OpenMeetings
in a Gov/Education environment where compliance may require to have 2
factor auth for applications in order for using it.
So I assume I can create some tickets and get this on the way.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> I would like to add a ticket to investigate and look into adding 2 factor
> authentication to OpenMeetings. As an optional feature, default would be
> turned off.
>
> There are various libraries to achieve 2 factor auth. I would
> probably prefer using the Google Authenticator as a method since it seems
> the most widely adopted authenticator.
>
> In terms of turning it on/off I would add 2 flags:
> - On a per server basis a flag to generally turn 2 factor auth on or off
> - On a per individual account basis so you can turn 2 factor auth on/off
> for an individual user
>
> This would not affect past installations.
> This would not affect logging in via Soap/Rest.
>
> I think this would be a good feature to improve security.
>
> Let me know what you think, and I will add a ticket and look into adding
> this over the next few weeks.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
I noticed that the new file was one byte less, I think that there was an
unprintable character added to the file when I appended the new keys
from the web.
Ali
On 12/30/22 2:28 PM, Maxim Solodovnik wrote:
>
>
> from mobile (sorry for typos ;)
>
> On Fri, Dec 30, 2022, 18:27 Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Thank you max, the test was successful, then I just rearranged the
> openmeeting.properties file entries as per build#210 and adding
> the missing keys (as I did before) and upgraded to build#210 and
> the system was up and running. Was it not working because entries
> were not in the same order?
>
>
> The order doesn't matter
> Not sure what might be wrong :(
> Maybe some line endings or so :(
>
> BTW, thank for introducing meld, very cool tool :-)
>
>
> My every-day tool :))
>
> Ali
>
> On 12/30/22 7:46 AM, Maxim Solodovnik wrote:
>> hmmm
>> Are you sure you sent valid logs?
>> Could you please try:
>>
>> 0) stop OM (if any)
>> - - check with `ps -ef|grep java`
>> 1) unpack to NEW empty folder
>> 2) change nothing
>> 3) cd to this NEW_FOLDER/apache-openmeetings-7.0.0-SNAPSHOT/
>> 3) run `./admin.sh -i -v -user ui_admin -email
>> someemail@gmail.com -tz "Asia/Tehran" -group "yourgroup"`
>> 4) enter password
>> 5) run `./bin/catalina.sh run`
>> 6) check "https://localhost:5443/openmeetings"
>>
>> If there will be errors, send me console output :)
>>
>> if everything is OK
>>
>> compare your openmeeting.properties file and the file from
>> apache-openmeetings-7.0.0-SNAPSHOT
>> I would suggest to use some UI merge tool
>> for ex:
>> Ubuntu: meld
>> Win: WinMerge
>>
>> On Fri, 30 Dec 2022 at 11:10, Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Hi Max, it is there but blank, should I fill it with a value?
>> what would the value be?
>>
>> Ali
>>
>> On 12/30/22 6:50 AM, Maxim Solodovnik wrote:
>>> Hello Ali,
>>>
>>> According to the log: "Could not resolve placeholder
>>> 'otp.issuer' in value "${otp.issuer}""
>>> Your `openmeetings.properties` doesn't have the line:
>>>
>>> ```
>>> otp.issuer=
>>> ```
>>>
>>> please add it :)
>>>
>>> On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> Attached log files of the latest 210 build
>>>
>>> Ali
>>>
>>> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>>>>
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> Yes, I know that these lines were added, as you can
>>>> see in my previous post, however, I did not change
>>>> it assuming that the application will perform as
>>>> usual until we set 2 factor authentication.
>>>>
>>>>
>>>> Yes, this was the plan :)
>>>> Must be some misunderstanding, I was surprised to see
>>>> you are asking foe values while they were in your mail :)
>>>>
>>>> Is there and keys I should add to the database on
>>>> build#205 ?
>>>>
>>>>
>>>> You might add configuration value to the db if you
>>>> would like to enable OTP
>>>> It is disabled by default
>>>>
>>>> I can't help better without knowing actual error :(
>>>> Please check the log (it always should be the first
>>>> step :))
>>>>
>>>> Ali
>>>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>>>> The following section has been added :)
>>>>>
>>>>>
>>>>> ################## Time-based One Time Password
>>>>> ##################
>>>>>
>>>>> ## Please NOTE these values need to be changed
>>>>> BEFORE users will set-up OTP for themselves
>>>>>
>>>>> ## otherwise they can't login
>>>>>
>>>>>
>>>>> # NOTE Config->application.name
>>>>> <http://application.name> will be used if blank
>>>>>
>>>>> otp.issuer=
>>>>>
>>>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>>>>
>>>>> ## milliseconds
>>>>>
>>>>> otp.ntp.timeout=3000
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> from mobile (sorry for typos ;)
>>>>>
>>>>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary
>>>>> <al...@the5stars.org> wrote:
>>>>>
>>>>> Is it possible just to pint it out please?
>>>>>
>>>>> Ali
>>>>>
>>>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>>>> I would start with examine the logs
>>>>>>
>>>>>> and will add missing key-value part to
>>>>>> openmeetings.properties :)
>>>>>>
>>>>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
>>>>>> <al...@the5stars.org> wrote:
>>>>>>
>>>>>> Where and what ? :-)
>>>>>>
>>>>>> Ali
>>>>>>
>>>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>>>> you have to add new values to your
>>>>>>> config :)
>>>>>>>
>>>>>>> #206 is at demo-next
>>>>>>> seems to work as expected :)
>>>>>>>
>>>>>>> On Tue, 27 Dec 2022 at 10:37, Ali
>>>>>>> Alhaidary <al...@the5stars.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> No, I did not change anything in
>>>>>>> openmeetings.properties as we want
>>>>>>> to use om as before initially...
>>>>>>>
>>>>>>> ################## Time-based One
>>>>>>> Time Password ##################
>>>>>>> ## Please NOTE these values need to
>>>>>>> be changed BEFORE users will set-up
>>>>>>> OTP for themselves
>>>>>>> ## otherwise they can't login
>>>>>>>
>>>>>>> # NOTE Config->application.name
>>>>>>> <http://application.name> will be
>>>>>>> used if blank
>>>>>>> otp.issuer=
>>>>>>> otp.ntp.server=pool.ntp.org
>>>>>>> <http://pool.ntp.org>
>>>>>>> ## milliseconds
>>>>>>> otp.ntp.timeout=3000
>>>>>>>
>>>>>>>
>>>>>>> On 12/27/22 4:44 AM, Maxim
>>>>>>> Solodovnik wrote:
>>>>>>>> Anything suspicious in the log?
>>>>>>>> Have you updated
>>>>>>>> openmeetings.properties with "otp"
>>>>>>>> specific values?
>>>>>>>>
>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>
>>>>>>>> On Mon, Dec 26, 2022, 22:54 Ali
>>>>>>>> Alhaidary
>>>>>>>> <al...@the5stars.org> wrote:
>>>>>>>>
>>>>>>>> Could not login from moodle
>>>>>>>> plugin, and (HTTP Status 404 –
>>>>>>>> Not Found) in stand alone app.
>>>>>>>>
>>>>>>>> Ali
>>>>>>>>
>>>>>>>> On 12/26/22 5:18 PM, Ali
>>>>>>>> Alhaidary wrote:
>>>>>>>>>
>>>>>>>>> Seems ok, and translated...
>>>>>>>>>
>>>>>>>>> Ali
>>>>>>>>>
>>>>>>>>> On 12/26/22 8:37 AM, Maxim
>>>>>>>>> Solodovnik wrote:
>>>>>>>>>> Seems to be implemented
>>>>>>>>>> I would appreciate if someone
>>>>>>>>>> can test this new functionality
>>>>>>>>>> (And wording :)))
>>>>>>>>>>
>>>>>>>>>> On Thu, 22 Dec 2022 at 14:14,
>>>>>>>>>> Maxim Solodovnik
>>>>>>>>>> <so...@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, 22 Dec 2022 at
>>>>>>>>>> 14:01,
>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Sry I did not have
>>>>>>>>>> enough time. But it
>>>>>>>>>> would be a good
>>>>>>>>>> feature to add.
>>>>>>>>>>
>>>>>>>>>> Also a good message
>>>>>>>>>> we can share around
>>>>>>>>>> enhancing
>>>>>>>>>> OpenMeetings
>>>>>>>>>> security. Relevant
>>>>>>>>>> for many
>>>>>>>>>> education/public
>>>>>>>>>> environments.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I agree :))
>>>>>>>>>> Will update
>>>>>>>>>> JIRA/demo-next when will
>>>>>>>>>> have something working :)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thx
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director Arrakeen
>>>>>>>>>> Solutions, OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com
>>>>>>>>>> - Cloud & Server
>>>>>>>>>> Hosting for HTML5
>>>>>>>>>> Video-Conferencing
>>>>>>>>>> OpenMeetings
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, 22 Dec 2022
>>>>>>>>>> at 18:37, Maxim
>>>>>>>>>> Solodovnik
>>>>>>>>>> <so...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>>>
>>>>>>>>>> will try to
>>>>>>>>>> implement it :)
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug
>>>>>>>>>> 2022 at 13:45,
>>>>>>>>>> Ali Alhaidary
>>>>>>>>>> <al...@the5stars.org>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> +1
>>>>>>>>>>
>>>>>>>>>> Yes, why not...
>>>>>>>>>>
>>>>>>>>>> Ali
>>>>>>>>>>
>>>>>>>>>> On 8/3/22
>>>>>>>>>> 8:34 AM,
>>>>>>>>>> Maxim
>>>>>>>>>> Solodovnik wrote:
>>>>>>>>>>> we already
>>>>>>>>>>> have BSD
>>>>>>>>>>> 3-clause:
>>>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>>>
>>>>>>>>>>> will need to
>>>>>>>>>>> add one line
>>>>>>>>>>> only :)
>>>>>>>>>>>
>>>>>>>>>>> On Wed, 3
>>>>>>>>>>> Aug 2022 at
>>>>>>>>>>> 12:25,
>>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> There
>>>>>>>>>>> seem to
>>>>>>>>>>> be a few
>>>>>>>>>>> options
>>>>>>>>>>> for
>>>>>>>>>>> Google
>>>>>>>>>>> using Java
>>>>>>>>>>> E.g.
>>>>>>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I don't
>>>>>>>>>>> quite
>>>>>>>>>>> see in
>>>>>>>>>>> that lib
>>>>>>>>>>> how it
>>>>>>>>>>> generates
>>>>>>>>>>> the QR
>>>>>>>>>>> code for
>>>>>>>>>>> scanning
>>>>>>>>>>> but
>>>>>>>>>>> there
>>>>>>>>>>> should
>>>>>>>>>>> be a way :)
>>>>>>>>>>>
>>>>>>>>>>> The BSD
>>>>>>>>>>> license
>>>>>>>>>>> would
>>>>>>>>>>> require
>>>>>>>>>>> us to
>>>>>>>>>>> add a
>>>>>>>>>>> copy
>>>>>>>>>>> left
>>>>>>>>>>> into our
>>>>>>>>>>> License
>>>>>>>>>>> file,
>>>>>>>>>>> but in
>>>>>>>>>>> general
>>>>>>>>>>> it would
>>>>>>>>>>> be
>>>>>>>>>>> compatible
>>>>>>>>>>> imho.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>> Sebastian
>>>>>>>>>>> Wagner
>>>>>>>>>>> Director
>>>>>>>>>>> Arrakeen
>>>>>>>>>>> Solutions,
>>>>>>>>>>> OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com
>>>>>>>>>>> - Cloud
>>>>>>>>>>> & Server
>>>>>>>>>>> Hosting
>>>>>>>>>>> for
>>>>>>>>>>> HTML5
>>>>>>>>>>> Video-Conferencing
>>>>>>>>>>> OpenMeetings
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed,
>>>>>>>>>>> 3 Aug
>>>>>>>>>>> 2022 at
>>>>>>>>>>> 16:12,
>>>>>>>>>>> Maxim
>>>>>>>>>>> Solodovnik
>>>>>>>>>>> <so...@gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Hello
>>>>>>>>>>> Seb,
>>>>>>>>>>>
>>>>>>>>>>> Sorry
>>>>>>>>>>> for
>>>>>>>>>>> a
>>>>>>>>>>> late
>>>>>>>>>>> response,
>>>>>>>>>>> I'm
>>>>>>>>>>> on
>>>>>>>>>>> vacation
>>>>>>>>>>> :)
>>>>>>>>>>>
>>>>>>>>>>> I would
>>>>>>>>>>> +1
>>>>>>>>>>> this
>>>>>>>>>>> feature
>>>>>>>>>>> :)
>>>>>>>>>>>
>>>>>>>>>>> The
>>>>>>>>>>> problems
>>>>>>>>>>> we'll
>>>>>>>>>>> need
>>>>>>>>>>> to solve
>>>>>>>>>>> -
>>>>>>>>>>> add
>>>>>>>>>>> 2fa
>>>>>>>>>>> mechanisms
>>>>>>>>>>> other
>>>>>>>>>>> than
>>>>>>>>>>> email
>>>>>>>>>>> (not
>>>>>>>>>>> sure
>>>>>>>>>>> if
>>>>>>>>>>> apps
>>>>>>>>>>> like
>>>>>>>>>>> "Google
>>>>>>>>>>> authenticator"
>>>>>>>>>>> has
>>>>>>>>>>> open
>>>>>>>>>>> source
>>>>>>>>>>> API
>>>>>>>>>>> :(,
>>>>>>>>>>> we
>>>>>>>>>>> can
>>>>>>>>>>> use
>>>>>>>>>>> telegram
>>>>>>>>>>> API
>>>>>>>>>>> ....)
>>>>>>>>>>> -
>>>>>>>>>>> we'll
>>>>>>>>>>> need
>>>>>>>>>>> to
>>>>>>>>>>> move
>>>>>>>>>>> this
>>>>>>>>>>> out
>>>>>>>>>>> of
>>>>>>>>>>> om_user
>>>>>>>>>>> db
>>>>>>>>>>> table
>>>>>>>>>>> (maybe
>>>>>>>>>>> with
>>>>>>>>>>> activation_hash
>>>>>>>>>>> and
>>>>>>>>>>> *reset-password-hash*
>>>>>>>>>>>
>>>>>>>>>>> Need
>>>>>>>>>>> to
>>>>>>>>>>> be
>>>>>>>>>>> investigated
>>>>>>>>>>> and
>>>>>>>>>>> carefully
>>>>>>>>>>> refactored
>>>>>>>>>>> :)
>>>>>>>>>>>
>>>>>>>>>>> from
>>>>>>>>>>> mobile
>>>>>>>>>>> (sorry
>>>>>>>>>>> for
>>>>>>>>>>> typos ;)
>>>>>>>>>>>
>>>>>>>>>>> On
>>>>>>>>>>> Wed,
>>>>>>>>>>> Aug
>>>>>>>>>>> 3,
>>>>>>>>>>> 2022,
>>>>>>>>>>> 10:15
>>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> Not
>>>>>>>>>>> many
>>>>>>>>>>> pros
>>>>>>>>>>> or
>>>>>>>>>>> cons
>>>>>>>>>>> in
>>>>>>>>>>> this
>>>>>>>>>>> discussion.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> But
>>>>>>>>>>> I
>>>>>>>>>>> think
>>>>>>>>>>> it
>>>>>>>>>>> would
>>>>>>>>>>> be
>>>>>>>>>>> a
>>>>>>>>>>> good
>>>>>>>>>>> option
>>>>>>>>>>> to
>>>>>>>>>>> have
>>>>>>>>>>> available
>>>>>>>>>>> for
>>>>>>>>>>> users.
>>>>>>>>>>> As
>>>>>>>>>>> well
>>>>>>>>>>> as
>>>>>>>>>>> a
>>>>>>>>>>> good
>>>>>>>>>>> feature
>>>>>>>>>>> to
>>>>>>>>>>> advertise
>>>>>>>>>>> for.
>>>>>>>>>>> Especially
>>>>>>>>>>> in
>>>>>>>>>>> order
>>>>>>>>>>> to
>>>>>>>>>>> use
>>>>>>>>>>> OpenMeetings
>>>>>>>>>>> in
>>>>>>>>>>> a
>>>>>>>>>>> Gov/Education
>>>>>>>>>>> environment
>>>>>>>>>>> where
>>>>>>>>>>> compliance
>>>>>>>>>>> may
>>>>>>>>>>> require
>>>>>>>>>>> to
>>>>>>>>>>> have
>>>>>>>>>>> 2
>>>>>>>>>>> factor
>>>>>>>>>>> auth
>>>>>>>>>>> for
>>>>>>>>>>> applications
>>>>>>>>>>> in
>>>>>>>>>>> order
>>>>>>>>>>> for
>>>>>>>>>>> using
>>>>>>>>>>> it.
>>>>>>>>>>>
>>>>>>>>>>> So
>>>>>>>>>>> I
>>>>>>>>>>> assume
>>>>>>>>>>> I
>>>>>>>>>>> can
>>>>>>>>>>> create
>>>>>>>>>>> some
>>>>>>>>>>> tickets
>>>>>>>>>>> and
>>>>>>>>>>> get
>>>>>>>>>>> this
>>>>>>>>>>> on
>>>>>>>>>>> the
>>>>>>>>>>> way.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Sebastian
>>>>>>>>>>> Wagner
>>>>>>>>>>> Director
>>>>>>>>>>> Arrakeen
>>>>>>>>>>> Solutions,
>>>>>>>>>>> OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com
>>>>>>>>>>> -
>>>>>>>>>>> Cloud
>>>>>>>>>>> &
>>>>>>>>>>> Server
>>>>>>>>>>> Hosting
>>>>>>>>>>> for
>>>>>>>>>>> HTML5
>>>>>>>>>>> Video-Conferencing
>>>>>>>>>>> OpenMeetings
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On
>>>>>>>>>>> Mon,
>>>>>>>>>>> 1
>>>>>>>>>>> Aug
>>>>>>>>>>> 2022
>>>>>>>>>>> at
>>>>>>>>>>> 09:31,
>>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> I
>>>>>>>>>>> would
>>>>>>>>>>> like
>>>>>>>>>>> to
>>>>>>>>>>> add
>>>>>>>>>>> a
>>>>>>>>>>> ticket
>>>>>>>>>>> to
>>>>>>>>>>> investigate
>>>>>>>>>>> and
>>>>>>>>>>> look
>>>>>>>>>>> into
>>>>>>>>>>> adding
>>>>>>>>>>> 2
>>>>>>>>>>> factor
>>>>>>>>>>> authentication
>>>>>>>>>>> to
>>>>>>>>>>> OpenMeetings.
>>>>>>>>>>> As
>>>>>>>>>>> an
>>>>>>>>>>> optional feature,
>>>>>>>>>>> default
>>>>>>>>>>> would
>>>>>>>>>>> be
>>>>>>>>>>> turned
>>>>>>>>>>> off.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> There
>>>>>>>>>>> are
>>>>>>>>>>> various
>>>>>>>>>>> libraries
>>>>>>>>>>> to
>>>>>>>>>>> achieve
>>>>>>>>>>> 2
>>>>>>>>>>> factor auth.
>>>>>>>>>>> I
>>>>>>>>>>> would
>>>>>>>>>>> probably prefer
>>>>>>>>>>> using
>>>>>>>>>>> the
>>>>>>>>>>> Google
>>>>>>>>>>> Authenticator
>>>>>>>>>>> as
>>>>>>>>>>> a
>>>>>>>>>>> method
>>>>>>>>>>> since
>>>>>>>>>>> it
>>>>>>>>>>> seems
>>>>>>>>>>> the
>>>>>>>>>>> most
>>>>>>>>>>> widely adopted
>>>>>>>>>>> authenticator.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> In
>>>>>>>>>>> terms
>>>>>>>>>>> of
>>>>>>>>>>> turning
>>>>>>>>>>> it
>>>>>>>>>>> on/off
>>>>>>>>>>> I
>>>>>>>>>>> would
>>>>>>>>>>> add
>>>>>>>>>>> 2
>>>>>>>>>>> flags:
>>>>>>>>>>> -
>>>>>>>>>>> On
>>>>>>>>>>> a
>>>>>>>>>>> per
>>>>>>>>>>> server
>>>>>>>>>>> basis
>>>>>>>>>>> a
>>>>>>>>>>> flag
>>>>>>>>>>> to
>>>>>>>>>>> generally
>>>>>>>>>>> turn
>>>>>>>>>>> 2
>>>>>>>>>>> factor
>>>>>>>>>>> auth
>>>>>>>>>>> on
>>>>>>>>>>> or
>>>>>>>>>>> off
>>>>>>>>>>> -
>>>>>>>>>>> On
>>>>>>>>>>> a
>>>>>>>>>>> per
>>>>>>>>>>> individual
>>>>>>>>>>> account basis
>>>>>>>>>>> so
>>>>>>>>>>> you
>>>>>>>>>>> can
>>>>>>>>>>> turn
>>>>>>>>>>> 2
>>>>>>>>>>> factor
>>>>>>>>>>> auth on/off
>>>>>>>>>>> for
>>>>>>>>>>> an
>>>>>>>>>>> individual
>>>>>>>>>>> user
>>>>>>>>>>>
>>>>>>>>>>> This
>>>>>>>>>>> would
>>>>>>>>>>> not
>>>>>>>>>>> affect
>>>>>>>>>>> past
>>>>>>>>>>> installations.
>>>>>>>>>>> This
>>>>>>>>>>> would
>>>>>>>>>>> not
>>>>>>>>>>> affect
>>>>>>>>>>> logging
>>>>>>>>>>> in
>>>>>>>>>>> via
>>>>>>>>>>> Soap/Rest.
>>>>>>>>>>>
>>>>>>>>>>> I
>>>>>>>>>>> think
>>>>>>>>>>> this
>>>>>>>>>>> would
>>>>>>>>>>> be
>>>>>>>>>>> a
>>>>>>>>>>> good
>>>>>>>>>>> feature
>>>>>>>>>>> to
>>>>>>>>>>> improve
>>>>>>>>>>> security.
>>>>>>>>>>>
>>>>>>>>>>> Let
>>>>>>>>>>> me
>>>>>>>>>>> know
>>>>>>>>>>> what
>>>>>>>>>>> you
>>>>>>>>>>> think,
>>>>>>>>>>> and
>>>>>>>>>>> I
>>>>>>>>>>> will
>>>>>>>>>>> add
>>>>>>>>>>> a
>>>>>>>>>>> ticket and
>>>>>>>>>>> look
>>>>>>>>>>> into
>>>>>>>>>>> adding
>>>>>>>>>>> this
>>>>>>>>>>> over
>>>>>>>>>>> the
>>>>>>>>>>> next
>>>>>>>>>>> few
>>>>>>>>>>> weeks.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>> Sebastian
>>>>>>>>>>> Wagner
>>>>>>>>>>> Director
>>>>>>>>>>> Arrakeen
>>>>>>>>>>> Solutions,
>>>>>>>>>>> OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com
>>>>>>>>>>> -
>>>>>>>>>>> Cloud
>>>>>>>>>>> &
>>>>>>>>>>> Server
>>>>>>>>>>> Hosting
>>>>>>>>>>> for
>>>>>>>>>>> HTML5
>>>>>>>>>>> Video-Conferencing
>>>>>>>>>>> OpenMeetings
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Maxim
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
from mobile (sorry for typos ;)
On Fri, Dec 30, 2022, 18:27 Ali Alhaidary <al...@the5stars.org>
wrote:
> Thank you max, the test was successful, then I just rearranged the
> openmeeting.properties file entries as per build#210 and adding the missing
> keys (as I did before) and upgraded to build#210 and the system was up and
> running. Was it not working because entries were not in the same order?
>
The order doesn't matter
Not sure what might be wrong :(
Maybe some line endings or so :(
BTW, thank for introducing meld, very cool tool :-)
>
My every-day tool :))
Ali
> On 12/30/22 7:46 AM, Maxim Solodovnik wrote:
>
> hmmm
> Are you sure you sent valid logs?
> Could you please try:
>
> 0) stop OM (if any)
> - - check with `ps -ef|grep java`
> 1) unpack to NEW empty folder
> 2) change nothing
> 3) cd to this NEW_FOLDER/apache-openmeetings-7.0.0-SNAPSHOT/
> 3) run `./admin.sh -i -v -user ui_admin -email someemail@gmail.com -tz
> "Asia/Tehran" -group "yourgroup"`
> 4) enter password
> 5) run `./bin/catalina.sh run`
> 6) check "https://localhost:5443/openmeetings"
>
> If there will be errors, send me console output :)
>
> if everything is OK
>
> compare your openmeeting.properties file and the file from
> apache-openmeetings-7.0.0-SNAPSHOT
> I would suggest to use some UI merge tool
> for ex:
> Ubuntu: meld
> Win: WinMerge
>
> On Fri, 30 Dec 2022 at 11:10, Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Hi Max, it is there but blank, should I fill it with a value? what would
>> the value be?
>>
>> Ali
>> On 12/30/22 6:50 AM, Maxim Solodovnik wrote:
>>
>> Hello Ali,
>>
>> According to the log: "Could not resolve placeholder 'otp.issuer' in
>> value "${otp.issuer}""
>> Your `openmeetings.properties` doesn't have the line:
>>
>> ```
>> otp.issuer=
>> ```
>>
>> please add it :)
>>
>> On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> Attached log files of the latest 210 build
>>>
>>> Ali
>>> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>>>
>>>
>>>
>>> from mobile (sorry for typos ;)
>>>
>>>
>>> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> Yes, I know that these lines were added, as you can see in my previous
>>>> post, however, I did not change it assuming that the application will
>>>> perform as usual until we set 2 factor authentication.
>>>>
>>>
>>> Yes, this was the plan :)
>>> Must be some misunderstanding, I was surprised to see you are asking foe
>>> values while they were in your mail :)
>>>
>>> Is there and keys I should add to the database on build#205 ?
>>>>
>>>
>>> You might add configuration value to the db if you would like to enable
>>> OTP
>>> It is disabled by default
>>>
>>> I can't help better without knowing actual error :(
>>> Please check the log (it always should be the first step :))
>>>
>>> Ali
>>>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>>>
>>>> The following section has been added :)
>>>>
>>>>
>>>> ################## Time-based One Time Password ##################
>>>> ## Please NOTE these values need to be changed BEFORE users will set-up
>>>> OTP for themselves
>>>> ## otherwise they can't login
>>>>
>>>> # NOTE Config->application.name will be used if blank
>>>> otp.issuer=
>>>> otp.ntp.server=pool.ntp.org
>>>> ## milliseconds
>>>> otp.ntp.timeout=3000
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>>
>>>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <al...@the5stars.org>
>>>> wrote:
>>>>
>>>>> Is it possible just to pint it out please?
>>>>>
>>>>> Ali
>>>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>>>
>>>>> I would start with examine the logs
>>>>>
>>>>> and will add missing key-value part to openmeetings.properties :)
>>>>>
>>>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <
>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>
>>>>>> Where and what ? :-)
>>>>>>
>>>>>> Ali
>>>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>>>
>>>>>> you have to add new values to your config :)
>>>>>>
>>>>>> #206 is at demo-next
>>>>>> seems to work as expected :)
>>>>>>
>>>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <
>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>
>>>>>>> No, I did not change anything in openmeetings.properties as we want
>>>>>>> to use om as before initially...
>>>>>>>
>>>>>>> ################## Time-based One Time Password ##################
>>>>>>> ## Please NOTE these values need to be changed BEFORE users will
>>>>>>> set-up OTP for themselves
>>>>>>> ## otherwise they can't login
>>>>>>>
>>>>>>> # NOTE Config->application.name will be used if blank
>>>>>>> otp.issuer=
>>>>>>> otp.ntp.server=pool.ntp.org
>>>>>>> ## milliseconds
>>>>>>> otp.ntp.timeout=3000
>>>>>>>
>>>>>>>
>>>>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>>>>
>>>>>>> Anything suspicious in the log?
>>>>>>> Have you updated openmeetings.properties with "otp" specific values?
>>>>>>>
>>>>>>> from mobile (sorry for typos ;)
>>>>>>>
>>>>>>>
>>>>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <
>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>
>>>>>>>> Could not login from moodle plugin, and (HTTP Status 404 – Not
>>>>>>>> Found) in stand alone app.
>>>>>>>>
>>>>>>>> Ali
>>>>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>>>>
>>>>>>>> Seems ok, and translated...
>>>>>>>>
>>>>>>>> Ali
>>>>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>>>>
>>>>>>>> Seems to be implemented
>>>>>>>> I would appreciate if someone can test this new functionality
>>>>>>>> (And wording :)))
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <
>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Sry I did not have enough time. But it would be a good feature to
>>>>>>>>>> add.
>>>>>>>>>>
>>>>>>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>>>>>>> security. Relevant for many education/public environments.
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I agree :))
>>>>>>>>> Will update JIRA/demo-next when will have something working :)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thx
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <
>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>>>>
>>>>>>>>>>> will try to implement it :)
>>>>>>>>>>>
>>>>>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> +1
>>>>>>>>>>>>
>>>>>>>>>>>> Yes, why not...
>>>>>>>>>>>>
>>>>>>>>>>>> Ali
>>>>>>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> we already have BSD 3-clause:
>>>>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>>>> will need to add one line only :)
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>>>>>>
>>>>>>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>>>>>>> scanning but there should be a way :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <
>>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Hello Seb,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I would
>>>>>>>>>>>>>> +1 this feature :)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The problems we'll need to solve
>>>>>>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> So I assume I can create some tickets and get this on the
>>>>>>>>>>>>>>> way.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I would like to add a ticket to investigate and look into
>>>>>>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional feature,
>>>>>>>>>>>>>>>> default would be turned off.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I
>>>>>>>>>>>>>>>> would probably prefer using the Google Authenticator as a method since it
>>>>>>>>>>>>>>>> seems the most widely adopted authenticator.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor
>>>>>>>>>>>>>>>> auth on or off
>>>>>>>>>>>>>>>> - On a per individual account basis so you can turn 2
>>>>>>>>>>>>>>>> factor auth on/off for an individual user
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Let me know what you think, and I will add a ticket and
>>>>>>>>>>>>>>>> look into adding this over the next few weeks.
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Best regards,
>>>>>>>>>>>> Maxim
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Maxim
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>
> --
> Best regards,
> Maxim
>
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Thank you max, the test was successful, then I just rearranged the
openmeeting.properties file entries as per build#210 and adding the
missing keys (as I did before) and upgraded to build#210 and the system
was up and running. Was it not working because entries were not in the
same order?
BTW, thank for introducing meld, very cool tool :-)
Ali
On 12/30/22 7:46 AM, Maxim Solodovnik wrote:
> hmmm
> Are you sure you sent valid logs?
> Could you please try:
>
> 0) stop OM (if any)
> - - check with `ps -ef|grep java`
> 1) unpack to NEW empty folder
> 2) change nothing
> 3) cd to this NEW_FOLDER/apache-openmeetings-7.0.0-SNAPSHOT/
> 3) run `./admin.sh -i -v -user ui_admin -email someemail@gmail.com -tz
> "Asia/Tehran" -group "yourgroup"`
> 4) enter password
> 5) run `./bin/catalina.sh run`
> 6) check "https://localhost:5443/openmeetings"
>
> If there will be errors, send me console output :)
>
> if everything is OK
>
> compare your openmeeting.properties file and the file from
> apache-openmeetings-7.0.0-SNAPSHOT
> I would suggest to use some UI merge tool
> for ex:
> Ubuntu: meld
> Win: WinMerge
>
> On Fri, 30 Dec 2022 at 11:10, Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Hi Max, it is there but blank, should I fill it with a value? what
> would the value be?
>
> Ali
>
> On 12/30/22 6:50 AM, Maxim Solodovnik wrote:
>> Hello Ali,
>>
>> According to the log: "Could not resolve placeholder 'otp.issuer'
>> in value "${otp.issuer}""
>> Your `openmeetings.properties` doesn't have the line:
>>
>> ```
>> otp.issuer=
>> ```
>>
>> please add it :)
>>
>> On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Attached log files of the latest 210 build
>>
>> Ali
>>
>> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>>>
>>>
>>> from mobile (sorry for typos ;)
>>>
>>> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> Yes, I know that these lines were added, as you can see
>>> in my previous post, however, I did not change it
>>> assuming that the application will perform as usual
>>> until we set 2 factor authentication.
>>>
>>>
>>> Yes, this was the plan :)
>>> Must be some misunderstanding, I was surprised to see you
>>> are asking foe values while they were in your mail :)
>>>
>>> Is there and keys I should add to the database on
>>> build#205 ?
>>>
>>>
>>> You might add configuration value to the db if you would
>>> like to enable OTP
>>> It is disabled by default
>>>
>>> I can't help better without knowing actual error :(
>>> Please check the log (it always should be the first step :))
>>>
>>> Ali
>>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>>> The following section has been added :)
>>>>
>>>>
>>>> ################## Time-based One Time Password
>>>> ##################
>>>>
>>>> ## Please NOTE these values need to be changed BEFORE
>>>> users will set-up OTP for themselves
>>>>
>>>> ## otherwise they can't login
>>>>
>>>>
>>>> # NOTE Config->application.name
>>>> <http://application.name> will be used if blank
>>>>
>>>> otp.issuer=
>>>>
>>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>>>
>>>> ## milliseconds
>>>>
>>>> otp.ntp.timeout=3000
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> Is it possible just to pint it out please?
>>>>
>>>> Ali
>>>>
>>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>>> I would start with examine the logs
>>>>>
>>>>> and will add missing key-value part to
>>>>> openmeetings.properties :)
>>>>>
>>>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
>>>>> <al...@the5stars.org> wrote:
>>>>>
>>>>> Where and what ? :-)
>>>>>
>>>>> Ali
>>>>>
>>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>>> you have to add new values to your config :)
>>>>>>
>>>>>> #206 is at demo-next
>>>>>> seems to work as expected :)
>>>>>>
>>>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
>>>>>> <al...@the5stars.org> wrote:
>>>>>>
>>>>>> No, I did not change anything in
>>>>>> openmeetings.properties as we want to use
>>>>>> om as before initially...
>>>>>>
>>>>>> ################## Time-based One Time
>>>>>> Password ##################
>>>>>> ## Please NOTE these values need to be
>>>>>> changed BEFORE users will set-up OTP for
>>>>>> themselves
>>>>>> ## otherwise they can't login
>>>>>>
>>>>>> # NOTE Config->application.name
>>>>>> <http://application.name> will be used if
>>>>>> blank
>>>>>> otp.issuer=
>>>>>> otp.ntp.server=pool.ntp.org
>>>>>> <http://pool.ntp.org>
>>>>>> ## milliseconds
>>>>>> otp.ntp.timeout=3000
>>>>>>
>>>>>>
>>>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>>>> Anything suspicious in the log?
>>>>>>> Have you updated openmeetings.properties
>>>>>>> with "otp" specific values?
>>>>>>>
>>>>>>> from mobile (sorry for typos ;)
>>>>>>>
>>>>>>> On Mon, Dec 26, 2022, 22:54 Ali
>>>>>>> Alhaidary <al...@the5stars.org>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Could not login from moodle plugin,
>>>>>>> and (HTTP Status 404 – Not Found) in
>>>>>>> stand alone app.
>>>>>>>
>>>>>>> Ali
>>>>>>>
>>>>>>> On 12/26/22 5:18 PM, Ali Alhaidary
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Seems ok, and translated...
>>>>>>>>
>>>>>>>> Ali
>>>>>>>>
>>>>>>>> On 12/26/22 8:37 AM, Maxim
>>>>>>>> Solodovnik wrote:
>>>>>>>>> Seems to be implemented
>>>>>>>>> I would appreciate if someone can
>>>>>>>>> test this new functionality
>>>>>>>>> (And wording :)))
>>>>>>>>>
>>>>>>>>> On Thu, 22 Dec 2022 at 14:14,
>>>>>>>>> Maxim Solodovnik
>>>>>>>>> <so...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, 22 Dec 2022 at 14:01,
>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>> <se...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Sry I did not have enough
>>>>>>>>> time. But it would be a
>>>>>>>>> good feature to add.
>>>>>>>>>
>>>>>>>>> Also a good message we can
>>>>>>>>> share around enhancing
>>>>>>>>> OpenMeetings security.
>>>>>>>>> Relevant for many
>>>>>>>>> education/public environments.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I agree :))
>>>>>>>>> Will update JIRA/demo-next
>>>>>>>>> when will have something
>>>>>>>>> working :)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thx
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen
>>>>>>>>> Solutions, OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com -
>>>>>>>>> Cloud & Server Hosting for
>>>>>>>>> HTML5 Video-Conferencing
>>>>>>>>> OpenMeetings
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, 22 Dec 2022 at
>>>>>>>>> 18:37, Maxim Solodovnik
>>>>>>>>> <so...@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>>
>>>>>>>>> will try to implement
>>>>>>>>> it :)
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022 at
>>>>>>>>> 13:45, Ali Alhaidary
>>>>>>>>> <al...@the5stars.org>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> +1
>>>>>>>>>
>>>>>>>>> Yes, why not...
>>>>>>>>>
>>>>>>>>> Ali
>>>>>>>>>
>>>>>>>>> On 8/3/22 8:34 AM,
>>>>>>>>> Maxim Solodovnik
>>>>>>>>> wrote:
>>>>>>>>>> we already have
>>>>>>>>>> BSD 3-clause:
>>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>>
>>>>>>>>>> will need to add
>>>>>>>>>> one line only :)
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug
>>>>>>>>>> 2022 at 12:25,
>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> There seem to
>>>>>>>>>> be a few
>>>>>>>>>> options for
>>>>>>>>>> Google using
>>>>>>>>>> Java
>>>>>>>>>> E.g.
>>>>>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I don't quite
>>>>>>>>>> see in that
>>>>>>>>>> lib how it
>>>>>>>>>> generates the
>>>>>>>>>> QR code for
>>>>>>>>>> scanning but
>>>>>>>>>> there should
>>>>>>>>>> be a way :)
>>>>>>>>>>
>>>>>>>>>> The BSD
>>>>>>>>>> license would
>>>>>>>>>> require us to
>>>>>>>>>> add a copy
>>>>>>>>>> left into our
>>>>>>>>>> License file,
>>>>>>>>>> but in
>>>>>>>>>> general it
>>>>>>>>>> would be
>>>>>>>>>> compatible imho.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director
>>>>>>>>>> Arrakeen
>>>>>>>>>> Solutions,
>>>>>>>>>> OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com
>>>>>>>>>> - Cloud &
>>>>>>>>>> Server
>>>>>>>>>> Hosting for
>>>>>>>>>> HTML5
>>>>>>>>>> Video-Conferencing
>>>>>>>>>> OpenMeetings
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug
>>>>>>>>>> 2022 at
>>>>>>>>>> 16:12, Maxim
>>>>>>>>>> Solodovnik
>>>>>>>>>> <so...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Hello Seb,
>>>>>>>>>>
>>>>>>>>>> Sorry for
>>>>>>>>>> a late
>>>>>>>>>> response,
>>>>>>>>>> I'm on
>>>>>>>>>> vacation :)
>>>>>>>>>>
>>>>>>>>>> I would
>>>>>>>>>> +1 this
>>>>>>>>>> feature :)
>>>>>>>>>>
>>>>>>>>>> The
>>>>>>>>>> problems
>>>>>>>>>> we'll
>>>>>>>>>> need to solve
>>>>>>>>>> - add 2fa
>>>>>>>>>> mechanisms
>>>>>>>>>> other
>>>>>>>>>> than
>>>>>>>>>> email
>>>>>>>>>> (not sure
>>>>>>>>>> if apps
>>>>>>>>>> like
>>>>>>>>>> "Google
>>>>>>>>>> authenticator"
>>>>>>>>>> has open
>>>>>>>>>> source
>>>>>>>>>> API :(,
>>>>>>>>>> we can
>>>>>>>>>> use
>>>>>>>>>> telegram
>>>>>>>>>> API ....)
>>>>>>>>>> - we'll
>>>>>>>>>> need to
>>>>>>>>>> move this
>>>>>>>>>> out of
>>>>>>>>>> om_user
>>>>>>>>>> db table
>>>>>>>>>> (maybe
>>>>>>>>>> with
>>>>>>>>>> activation_hash
>>>>>>>>>> and
>>>>>>>>>> *reset-password-hash*
>>>>>>>>>>
>>>>>>>>>> Need to
>>>>>>>>>> be
>>>>>>>>>> investigated
>>>>>>>>>> and
>>>>>>>>>> carefully
>>>>>>>>>> refactored :)
>>>>>>>>>>
>>>>>>>>>> from
>>>>>>>>>> mobile
>>>>>>>>>> (sorry
>>>>>>>>>> for typos ;)
>>>>>>>>>>
>>>>>>>>>> On Wed,
>>>>>>>>>> Aug 3,
>>>>>>>>>> 2022,
>>>>>>>>>> 10:15
>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> Not
>>>>>>>>>> many
>>>>>>>>>> pros
>>>>>>>>>> or
>>>>>>>>>> cons
>>>>>>>>>> in
>>>>>>>>>> this
>>>>>>>>>> discussion.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> But I
>>>>>>>>>> think
>>>>>>>>>> it
>>>>>>>>>> would
>>>>>>>>>> be a
>>>>>>>>>> good
>>>>>>>>>> option
>>>>>>>>>> to
>>>>>>>>>> have
>>>>>>>>>> available
>>>>>>>>>> for
>>>>>>>>>> users.
>>>>>>>>>> As
>>>>>>>>>> well
>>>>>>>>>> as a
>>>>>>>>>> good
>>>>>>>>>> feature
>>>>>>>>>> to
>>>>>>>>>> advertise
>>>>>>>>>> for.
>>>>>>>>>> Especially
>>>>>>>>>> in
>>>>>>>>>> order
>>>>>>>>>> to
>>>>>>>>>> use
>>>>>>>>>> OpenMeetings
>>>>>>>>>> in a
>>>>>>>>>> Gov/Education
>>>>>>>>>> environment
>>>>>>>>>> where
>>>>>>>>>> compliance
>>>>>>>>>> may
>>>>>>>>>> require
>>>>>>>>>> to
>>>>>>>>>> have
>>>>>>>>>> 2
>>>>>>>>>> factor
>>>>>>>>>> auth
>>>>>>>>>> for
>>>>>>>>>> applications
>>>>>>>>>> in
>>>>>>>>>> order
>>>>>>>>>> for
>>>>>>>>>> using
>>>>>>>>>> it.
>>>>>>>>>>
>>>>>>>>>> So I
>>>>>>>>>> assume
>>>>>>>>>> I can
>>>>>>>>>> create
>>>>>>>>>> some
>>>>>>>>>> tickets
>>>>>>>>>> and
>>>>>>>>>> get
>>>>>>>>>> this
>>>>>>>>>> on
>>>>>>>>>> the way.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Sebastian
>>>>>>>>>> Wagner
>>>>>>>>>> Director
>>>>>>>>>> Arrakeen
>>>>>>>>>> Solutions,
>>>>>>>>>> OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com
>>>>>>>>>> -
>>>>>>>>>> Cloud
>>>>>>>>>> &
>>>>>>>>>> Server
>>>>>>>>>> Hosting
>>>>>>>>>> for
>>>>>>>>>> HTML5
>>>>>>>>>> Video-Conferencing
>>>>>>>>>> OpenMeetings
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On
>>>>>>>>>> Mon,
>>>>>>>>>> 1 Aug
>>>>>>>>>> 2022
>>>>>>>>>> at
>>>>>>>>>> 09:31,
>>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>>> <se...@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>> I
>>>>>>>>>> would
>>>>>>>>>> like
>>>>>>>>>> to
>>>>>>>>>> add
>>>>>>>>>> a
>>>>>>>>>> ticket
>>>>>>>>>> to
>>>>>>>>>> investigate
>>>>>>>>>> and
>>>>>>>>>> look
>>>>>>>>>> into
>>>>>>>>>> adding
>>>>>>>>>> 2
>>>>>>>>>> factor
>>>>>>>>>> authentication
>>>>>>>>>> to
>>>>>>>>>> OpenMeetings.
>>>>>>>>>> As
>>>>>>>>>> an
>>>>>>>>>> optional feature,
>>>>>>>>>> default
>>>>>>>>>> would
>>>>>>>>>> be
>>>>>>>>>> turned
>>>>>>>>>> off.
>>>>>>>>>>
>>>>>>>>>> There
>>>>>>>>>> are
>>>>>>>>>> various
>>>>>>>>>> libraries
>>>>>>>>>> to
>>>>>>>>>> achieve
>>>>>>>>>> 2
>>>>>>>>>> factor auth.
>>>>>>>>>> I
>>>>>>>>>> would
>>>>>>>>>> probably prefer
>>>>>>>>>> using
>>>>>>>>>> the
>>>>>>>>>> Google
>>>>>>>>>> Authenticator
>>>>>>>>>> as
>>>>>>>>>> a
>>>>>>>>>> method
>>>>>>>>>> since
>>>>>>>>>> it
>>>>>>>>>> seems
>>>>>>>>>> the
>>>>>>>>>> most
>>>>>>>>>> widely adopted
>>>>>>>>>> authenticator.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> In
>>>>>>>>>> terms
>>>>>>>>>> of
>>>>>>>>>> turning
>>>>>>>>>> it
>>>>>>>>>> on/off
>>>>>>>>>> I
>>>>>>>>>> would
>>>>>>>>>> add
>>>>>>>>>> 2
>>>>>>>>>> flags:
>>>>>>>>>> -
>>>>>>>>>> On
>>>>>>>>>> a
>>>>>>>>>> per
>>>>>>>>>> server
>>>>>>>>>> basis
>>>>>>>>>> a
>>>>>>>>>> flag
>>>>>>>>>> to
>>>>>>>>>> generally
>>>>>>>>>> turn
>>>>>>>>>> 2
>>>>>>>>>> factor
>>>>>>>>>> auth
>>>>>>>>>> on
>>>>>>>>>> or
>>>>>>>>>> off
>>>>>>>>>> -
>>>>>>>>>> On
>>>>>>>>>> a
>>>>>>>>>> per
>>>>>>>>>> individual
>>>>>>>>>> account basis
>>>>>>>>>> so
>>>>>>>>>> you
>>>>>>>>>> can
>>>>>>>>>> turn
>>>>>>>>>> 2
>>>>>>>>>> factor
>>>>>>>>>> auth on/off
>>>>>>>>>> for
>>>>>>>>>> an
>>>>>>>>>> individual
>>>>>>>>>> user
>>>>>>>>>>
>>>>>>>>>> This
>>>>>>>>>> would
>>>>>>>>>> not
>>>>>>>>>> affect
>>>>>>>>>> past
>>>>>>>>>> installations.
>>>>>>>>>> This
>>>>>>>>>> would
>>>>>>>>>> not
>>>>>>>>>> affect
>>>>>>>>>> logging
>>>>>>>>>> in
>>>>>>>>>> via
>>>>>>>>>> Soap/Rest.
>>>>>>>>>>
>>>>>>>>>> I
>>>>>>>>>> think
>>>>>>>>>> this
>>>>>>>>>> would
>>>>>>>>>> be
>>>>>>>>>> a
>>>>>>>>>> good
>>>>>>>>>> feature
>>>>>>>>>> to
>>>>>>>>>> improve
>>>>>>>>>> security.
>>>>>>>>>>
>>>>>>>>>> Let
>>>>>>>>>> me
>>>>>>>>>> know
>>>>>>>>>> what
>>>>>>>>>> you
>>>>>>>>>> think,
>>>>>>>>>> and
>>>>>>>>>> I
>>>>>>>>>> will
>>>>>>>>>> add
>>>>>>>>>> a
>>>>>>>>>> ticket and
>>>>>>>>>> look
>>>>>>>>>> into
>>>>>>>>>> adding
>>>>>>>>>> this
>>>>>>>>>> over
>>>>>>>>>> the
>>>>>>>>>> next
>>>>>>>>>> few
>>>>>>>>>> weeks.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian
>>>>>>>>>> Wagner
>>>>>>>>>> Director
>>>>>>>>>> Arrakeen
>>>>>>>>>> Solutions,
>>>>>>>>>> OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com
>>>>>>>>>> -
>>>>>>>>>> Cloud
>>>>>>>>>> &
>>>>>>>>>> Server
>>>>>>>>>> Hosting
>>>>>>>>>> for
>>>>>>>>>> HTML5
>>>>>>>>>> Video-Conferencing
>>>>>>>>>> OpenMeetings
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>
>>
>>
>> --
>> Best regards,
>> Maxim
>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
hmmm
Are you sure you sent valid logs?
Could you please try:
0) stop OM (if any)
- - check with `ps -ef|grep java`
1) unpack to NEW empty folder
2) change nothing
3) cd to this NEW_FOLDER/apache-openmeetings-7.0.0-SNAPSHOT/
3) run `./admin.sh -i -v -user ui_admin -email someemail@gmail.com -tz
"Asia/Tehran" -group "yourgroup"`
4) enter password
5) run `./bin/catalina.sh run`
6) check "https://localhost:5443/openmeetings"
If there will be errors, send me console output :)
if everything is OK
compare your openmeeting.properties file and the file from
apache-openmeetings-7.0.0-SNAPSHOT
I would suggest to use some UI merge tool
for ex:
Ubuntu: meld
Win: WinMerge
On Fri, 30 Dec 2022 at 11:10, Ali Alhaidary <al...@the5stars.org>
wrote:
> Hi Max, it is there but blank, should I fill it with a value? what would
> the value be?
>
> Ali
> On 12/30/22 6:50 AM, Maxim Solodovnik wrote:
>
> Hello Ali,
>
> According to the log: "Could not resolve placeholder 'otp.issuer' in value
> "${otp.issuer}""
> Your `openmeetings.properties` doesn't have the line:
>
> ```
> otp.issuer=
> ```
>
> please add it :)
>
> On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Attached log files of the latest 210 build
>>
>> Ali
>> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>>
>>
>>
>> from mobile (sorry for typos ;)
>>
>>
>> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> Yes, I know that these lines were added, as you can see in my previous
>>> post, however, I did not change it assuming that the application will
>>> perform as usual until we set 2 factor authentication.
>>>
>>
>> Yes, this was the plan :)
>> Must be some misunderstanding, I was surprised to see you are asking foe
>> values while they were in your mail :)
>>
>> Is there and keys I should add to the database on build#205 ?
>>>
>>
>> You might add configuration value to the db if you would like to enable
>> OTP
>> It is disabled by default
>>
>> I can't help better without knowing actual error :(
>> Please check the log (it always should be the first step :))
>>
>> Ali
>>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>>
>>> The following section has been added :)
>>>
>>>
>>> ################## Time-based One Time Password ##################
>>> ## Please NOTE these values need to be changed BEFORE users will set-up
>>> OTP for themselves
>>> ## otherwise they can't login
>>>
>>> # NOTE Config->application.name will be used if blank
>>> otp.issuer=
>>> otp.ntp.server=pool.ntp.org
>>> ## milliseconds
>>> otp.ntp.timeout=3000
>>>
>>>
>>>
>>>
>>>
>>> from mobile (sorry for typos ;)
>>>
>>>
>>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> Is it possible just to pint it out please?
>>>>
>>>> Ali
>>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>>
>>>> I would start with examine the logs
>>>>
>>>> and will add missing key-value part to openmeetings.properties :)
>>>>
>>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <
>>>> ali.alhaidary@the5stars.org> wrote:
>>>>
>>>>> Where and what ? :-)
>>>>>
>>>>> Ali
>>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>>
>>>>> you have to add new values to your config :)
>>>>>
>>>>> #206 is at demo-next
>>>>> seems to work as expected :)
>>>>>
>>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <
>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>
>>>>>> No, I did not change anything in openmeetings.properties as we want
>>>>>> to use om as before initially...
>>>>>>
>>>>>> ################## Time-based One Time Password ##################
>>>>>> ## Please NOTE these values need to be changed BEFORE users will
>>>>>> set-up OTP for themselves
>>>>>> ## otherwise they can't login
>>>>>>
>>>>>> # NOTE Config->application.name will be used if blank
>>>>>> otp.issuer=
>>>>>> otp.ntp.server=pool.ntp.org
>>>>>> ## milliseconds
>>>>>> otp.ntp.timeout=3000
>>>>>>
>>>>>>
>>>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>>>
>>>>>> Anything suspicious in the log?
>>>>>> Have you updated openmeetings.properties with "otp" specific values?
>>>>>>
>>>>>> from mobile (sorry for typos ;)
>>>>>>
>>>>>>
>>>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <
>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>
>>>>>>> Could not login from moodle plugin, and (HTTP Status 404 – Not
>>>>>>> Found) in stand alone app.
>>>>>>>
>>>>>>> Ali
>>>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>>>
>>>>>>> Seems ok, and translated...
>>>>>>>
>>>>>>> Ali
>>>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>>>
>>>>>>> Seems to be implemented
>>>>>>> I would appreciate if someone can test this new functionality
>>>>>>> (And wording :)))
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Sry I did not have enough time. But it would be a good feature to
>>>>>>>>> add.
>>>>>>>>>
>>>>>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>>>>>> security. Relevant for many education/public environments.
>>>>>>>>>
>>>>>>>>
>>>>>>>> I agree :))
>>>>>>>> Will update JIRA/demo-next when will have something working :)
>>>>>>>>
>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thx
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <
>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>>>
>>>>>>>>>> will try to implement it :)
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>>>>
>>>>>>>>>>> +1
>>>>>>>>>>>
>>>>>>>>>>> Yes, why not...
>>>>>>>>>>>
>>>>>>>>>>> Ali
>>>>>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>>>>>
>>>>>>>>>>> we already have BSD 3-clause:
>>>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>>> will need to add one line only :)
>>>>>>>>>>>
>>>>>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>>>>>
>>>>>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>>>>>> scanning but there should be a way :)
>>>>>>>>>>>>
>>>>>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> Seb
>>>>>>>>>>>>
>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <
>>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Hello Seb,
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> I would
>>>>>>>>>>>>> +1 this feature :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> The problems we'll need to solve
>>>>>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>>>>>
>>>>>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I would like to add a ticket to investigate and look into
>>>>>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional feature,
>>>>>>>>>>>>>>> default would be turned off.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I
>>>>>>>>>>>>>>> would probably prefer using the Google Authenticator as a method since it
>>>>>>>>>>>>>>> seems the most widely adopted authenticator.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor
>>>>>>>>>>>>>>> auth on or off
>>>>>>>>>>>>>>> - On a per individual account basis so you can turn 2
>>>>>>>>>>>>>>> factor auth on/off for an individual user
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Let me know what you think, and I will add a ticket and look
>>>>>>>>>>>>>>> into adding this over the next few weeks.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Best regards,
>>>>>>>>>>> Maxim
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>
> --
> Best regards,
> Maxim
>
>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Hi Max, it is there but blank, should I fill it with a value? what would
the value be?
Ali
On 12/30/22 6:50 AM, Maxim Solodovnik wrote:
> Hello Ali,
>
> According to the log: "Could not resolve placeholder 'otp.issuer' in
> value "${otp.issuer}""
> Your `openmeetings.properties` doesn't have the line:
>
> ```
> otp.issuer=
> ```
>
> please add it :)
>
> On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Attached log files of the latest 210 build
>
> Ali
>
> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>>
>>
>> from mobile (sorry for typos ;)
>>
>> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Yes, I know that these lines were added, as you can see in my
>> previous post, however, I did not change it assuming that the
>> application will perform as usual until we set 2 factor
>> authentication.
>>
>>
>> Yes, this was the plan :)
>> Must be some misunderstanding, I was surprised to see you are
>> asking foe values while they were in your mail :)
>>
>> Is there and keys I should add to the database on build#205 ?
>>
>>
>> You might add configuration value to the db if you would like to
>> enable OTP
>> It is disabled by default
>>
>> I can't help better without knowing actual error :(
>> Please check the log (it always should be the first step :))
>>
>> Ali
>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>> The following section has been added :)
>>>
>>>
>>> ################## Time-based One Time Password
>>> ##################
>>>
>>> ## Please NOTE these values need to be changed BEFORE users
>>> will set-up OTP for themselves
>>>
>>> ## otherwise they can't login
>>>
>>>
>>> # NOTE Config->application.name <http://application.name>
>>> will be used if blank
>>>
>>> otp.issuer=
>>>
>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>>
>>> ## milliseconds
>>>
>>> otp.ntp.timeout=3000
>>>
>>>
>>>
>>>
>>>
>>> from mobile (sorry for typos ;)
>>>
>>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> Is it possible just to pint it out please?
>>>
>>> Ali
>>>
>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>> I would start with examine the logs
>>>>
>>>> and will add missing key-value part to
>>>> openmeetings.properties :)
>>>>
>>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> Where and what ? :-)
>>>>
>>>> Ali
>>>>
>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>> you have to add new values to your config :)
>>>>>
>>>>> #206 is at demo-next
>>>>> seems to work as expected :)
>>>>>
>>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
>>>>> <al...@the5stars.org> wrote:
>>>>>
>>>>> No, I did not change anything in
>>>>> openmeetings.properties as we want to use om
>>>>> as before initially...
>>>>>
>>>>> ################## Time-based One Time
>>>>> Password ##################
>>>>> ## Please NOTE these values need to be changed
>>>>> BEFORE users will set-up OTP for themselves
>>>>> ## otherwise they can't login
>>>>>
>>>>> # NOTE Config->application.name
>>>>> <http://application.name> will be used if blank
>>>>> otp.issuer=
>>>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>>>> ## milliseconds
>>>>> otp.ntp.timeout=3000
>>>>>
>>>>>
>>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>>> Anything suspicious in the log?
>>>>>> Have you updated openmeetings.properties with
>>>>>> "otp" specific values?
>>>>>>
>>>>>> from mobile (sorry for typos ;)
>>>>>>
>>>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
>>>>>> <al...@the5stars.org> wrote:
>>>>>>
>>>>>> Could not login from moodle plugin, and
>>>>>> (HTTP Status 404 – Not Found) in stand
>>>>>> alone app.
>>>>>>
>>>>>> Ali
>>>>>>
>>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>>>
>>>>>>> Seems ok, and translated...
>>>>>>>
>>>>>>> Ali
>>>>>>>
>>>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>>>> Seems to be implemented
>>>>>>>> I would appreciate if someone can test
>>>>>>>> this new functionality
>>>>>>>> (And wording :)))
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim
>>>>>>>> Solodovnik <so...@gmail.com> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 14:01,
>>>>>>>> seba.wagner@gmail.com
>>>>>>>> <se...@gmail.com> wrote:
>>>>>>>>
>>>>>>>> Sry I did not have enough time.
>>>>>>>> But it would be a good feature
>>>>>>>> to add.
>>>>>>>>
>>>>>>>> Also a good message we can
>>>>>>>> share around enhancing
>>>>>>>> OpenMeetings security. Relevant
>>>>>>>> for many education/public
>>>>>>>> environments.
>>>>>>>>
>>>>>>>>
>>>>>>>> I agree :))
>>>>>>>> Will update JIRA/demo-next when
>>>>>>>> will have something working :)
>>>>>>>>
>>>>>>>>
>>>>>>>> Thx
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen Solutions,
>>>>>>>> OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com - Cloud
>>>>>>>> & Server Hosting for HTML5
>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 18:37,
>>>>>>>> Maxim Solodovnik
>>>>>>>> <so...@gmail.com> wrote:
>>>>>>>>
>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>
>>>>>>>> will try to implement it :)
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at
>>>>>>>> 13:45, Ali Alhaidary
>>>>>>>> <al...@the5stars.org>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> +1
>>>>>>>>
>>>>>>>> Yes, why not...
>>>>>>>>
>>>>>>>> Ali
>>>>>>>>
>>>>>>>> On 8/3/22 8:34 AM,
>>>>>>>> Maxim Solodovnik wrote:
>>>>>>>>> we already have BSD
>>>>>>>>> 3-clause:
>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>
>>>>>>>>> will need to add one
>>>>>>>>> line only :)
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022 at
>>>>>>>>> 12:25,
>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>> <se...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> There seem to be a
>>>>>>>>> few options for
>>>>>>>>> Google using Java
>>>>>>>>> E.g.
>>>>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I don't quite see
>>>>>>>>> in that lib how it
>>>>>>>>> generates the QR
>>>>>>>>> code for scanning
>>>>>>>>> but there should
>>>>>>>>> be a way :)
>>>>>>>>>
>>>>>>>>> The BSD license
>>>>>>>>> would require us
>>>>>>>>> to add a copy left
>>>>>>>>> into our License
>>>>>>>>> file, but in
>>>>>>>>> general it would
>>>>>>>>> be compatible imho.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen
>>>>>>>>> Solutions,
>>>>>>>>> OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com
>>>>>>>>> - Cloud & Server
>>>>>>>>> Hosting for HTML5
>>>>>>>>> Video-Conferencing
>>>>>>>>> OpenMeetings
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022
>>>>>>>>> at 16:12, Maxim
>>>>>>>>> Solodovnik
>>>>>>>>> <so...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Hello Seb,
>>>>>>>>>
>>>>>>>>> Sorry for a
>>>>>>>>> late response,
>>>>>>>>> I'm on vacation :)
>>>>>>>>>
>>>>>>>>> I would
>>>>>>>>> +1 this feature :)
>>>>>>>>>
>>>>>>>>> The problems
>>>>>>>>> we'll need to
>>>>>>>>> solve
>>>>>>>>> - add 2fa
>>>>>>>>> mechanisms
>>>>>>>>> other than
>>>>>>>>> email (not
>>>>>>>>> sure if apps
>>>>>>>>> like "Google
>>>>>>>>> authenticator"
>>>>>>>>> has open
>>>>>>>>> source API :(,
>>>>>>>>> we can use
>>>>>>>>> telegram API ....)
>>>>>>>>> - we'll need
>>>>>>>>> to move this
>>>>>>>>> out of om_user
>>>>>>>>> db table
>>>>>>>>> (maybe with
>>>>>>>>> activation_hash
>>>>>>>>> and
>>>>>>>>> *reset-password-hash*
>>>>>>>>>
>>>>>>>>> Need to be
>>>>>>>>> investigated
>>>>>>>>> and carefully
>>>>>>>>> refactored :)
>>>>>>>>>
>>>>>>>>> from mobile
>>>>>>>>> (sorry for
>>>>>>>>> typos ;)
>>>>>>>>>
>>>>>>>>> On Wed, Aug 3,
>>>>>>>>> 2022, 10:15
>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>> <se...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> Not many
>>>>>>>>> pros or
>>>>>>>>> cons in
>>>>>>>>> this
>>>>>>>>> discussion.
>>>>>>>>>
>>>>>>>>> But I
>>>>>>>>> think it
>>>>>>>>> would be a
>>>>>>>>> good
>>>>>>>>> option to
>>>>>>>>> have
>>>>>>>>> available
>>>>>>>>> for users.
>>>>>>>>> As well as
>>>>>>>>> a good
>>>>>>>>> feature to
>>>>>>>>> advertise
>>>>>>>>> for.
>>>>>>>>> Especially
>>>>>>>>> in order
>>>>>>>>> to use
>>>>>>>>> OpenMeetings
>>>>>>>>> in a
>>>>>>>>> Gov/Education
>>>>>>>>> environment
>>>>>>>>> where
>>>>>>>>> compliance
>>>>>>>>> may
>>>>>>>>> require to
>>>>>>>>> have 2
>>>>>>>>> factor
>>>>>>>>> auth for
>>>>>>>>> applications
>>>>>>>>> in order
>>>>>>>>> for using it.
>>>>>>>>>
>>>>>>>>> So I
>>>>>>>>> assume I
>>>>>>>>> can create
>>>>>>>>> some
>>>>>>>>> tickets
>>>>>>>>> and get
>>>>>>>>> this on
>>>>>>>>> the way.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sebastian
>>>>>>>>> Wagner
>>>>>>>>> Director
>>>>>>>>> Arrakeen
>>>>>>>>> Solutions,
>>>>>>>>> OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com
>>>>>>>>> - Cloud &
>>>>>>>>> Server
>>>>>>>>> Hosting
>>>>>>>>> for HTML5
>>>>>>>>> Video-Conferencing
>>>>>>>>> OpenMeetings
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, 1
>>>>>>>>> Aug 2022
>>>>>>>>> at 09:31,
>>>>>>>>> seba.wagner@gmail.com
>>>>>>>>> <se...@gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>> I
>>>>>>>>> would
>>>>>>>>> like
>>>>>>>>> to add
>>>>>>>>> a
>>>>>>>>> ticket
>>>>>>>>> to
>>>>>>>>> investigate
>>>>>>>>> and
>>>>>>>>> look
>>>>>>>>> into
>>>>>>>>> adding
>>>>>>>>> 2
>>>>>>>>> factor
>>>>>>>>> authentication
>>>>>>>>> to
>>>>>>>>> OpenMeetings.
>>>>>>>>> As an
>>>>>>>>> optional feature,
>>>>>>>>> default
>>>>>>>>> would
>>>>>>>>> be
>>>>>>>>> turned
>>>>>>>>> off.
>>>>>>>>>
>>>>>>>>> There
>>>>>>>>> are
>>>>>>>>> various
>>>>>>>>> libraries
>>>>>>>>> to
>>>>>>>>> achieve
>>>>>>>>> 2
>>>>>>>>> factor auth.
>>>>>>>>> I
>>>>>>>>> would
>>>>>>>>> probably prefer
>>>>>>>>> using
>>>>>>>>> the
>>>>>>>>> Google
>>>>>>>>> Authenticator
>>>>>>>>> as a
>>>>>>>>> method
>>>>>>>>> since
>>>>>>>>> it
>>>>>>>>> seems
>>>>>>>>> the
>>>>>>>>> most
>>>>>>>>> widely adopted
>>>>>>>>> authenticator.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> In
>>>>>>>>> terms
>>>>>>>>> of
>>>>>>>>> turning
>>>>>>>>> it
>>>>>>>>> on/off
>>>>>>>>> I
>>>>>>>>> would
>>>>>>>>> add 2
>>>>>>>>> flags:
>>>>>>>>> - On
>>>>>>>>> a per
>>>>>>>>> server
>>>>>>>>> basis
>>>>>>>>> a flag
>>>>>>>>> to
>>>>>>>>> generally
>>>>>>>>> turn 2
>>>>>>>>> factor
>>>>>>>>> auth
>>>>>>>>> on or off
>>>>>>>>> - On
>>>>>>>>> a per
>>>>>>>>> individual
>>>>>>>>> account basis
>>>>>>>>> so you
>>>>>>>>> can
>>>>>>>>> turn 2
>>>>>>>>> factor
>>>>>>>>> auth on/off
>>>>>>>>> for an
>>>>>>>>> individual
>>>>>>>>> user
>>>>>>>>>
>>>>>>>>> This
>>>>>>>>> would
>>>>>>>>> not
>>>>>>>>> affect
>>>>>>>>> past
>>>>>>>>> installations.
>>>>>>>>> This
>>>>>>>>> would
>>>>>>>>> not
>>>>>>>>> affect
>>>>>>>>> logging
>>>>>>>>> in via
>>>>>>>>> Soap/Rest.
>>>>>>>>>
>>>>>>>>> I
>>>>>>>>> think
>>>>>>>>> this
>>>>>>>>> would
>>>>>>>>> be a
>>>>>>>>> good
>>>>>>>>> feature
>>>>>>>>> to
>>>>>>>>> improve
>>>>>>>>> security.
>>>>>>>>>
>>>>>>>>> Let me
>>>>>>>>> know
>>>>>>>>> what
>>>>>>>>> you
>>>>>>>>> think,
>>>>>>>>> and I
>>>>>>>>> will
>>>>>>>>> add a
>>>>>>>>> ticket and
>>>>>>>>> look
>>>>>>>>> into
>>>>>>>>> adding
>>>>>>>>> this
>>>>>>>>> over
>>>>>>>>> the
>>>>>>>>> next
>>>>>>>>> few weeks.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian
>>>>>>>>> Wagner
>>>>>>>>> Director
>>>>>>>>> Arrakeen
>>>>>>>>> Solutions,
>>>>>>>>> OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com
>>>>>>>>> -
>>>>>>>>> Cloud
>>>>>>>>> &
>>>>>>>>> Server
>>>>>>>>> Hosting
>>>>>>>>> for
>>>>>>>>> HTML5
>>>>>>>>> Video-Conferencing
>>>>>>>>> OpenMeetings
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Ali,
According to the log: "Could not resolve placeholder 'otp.issuer' in value
"${otp.issuer}""
Your `openmeetings.properties` doesn't have the line:
```
otp.issuer=
```
please add it :)
On Fri, 30 Dec 2022 at 00:59, Ali Alhaidary <al...@the5stars.org>
wrote:
> Attached log files of the latest 210 build
>
> Ali
> On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>
>
>
> from mobile (sorry for typos ;)
>
>
> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Yes, I know that these lines were added, as you can see in my previous
>> post, however, I did not change it assuming that the application will
>> perform as usual until we set 2 factor authentication.
>>
>
> Yes, this was the plan :)
> Must be some misunderstanding, I was surprised to see you are asking foe
> values while they were in your mail :)
>
> Is there and keys I should add to the database on build#205 ?
>>
>
> You might add configuration value to the db if you would like to enable OTP
> It is disabled by default
>
> I can't help better without knowing actual error :(
> Please check the log (it always should be the first step :))
>
> Ali
>> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>>
>> The following section has been added :)
>>
>>
>> ################## Time-based One Time Password ##################
>> ## Please NOTE these values need to be changed BEFORE users will set-up
>> OTP for themselves
>> ## otherwise they can't login
>>
>> # NOTE Config->application.name will be used if blank
>> otp.issuer=
>> otp.ntp.server=pool.ntp.org
>> ## milliseconds
>> otp.ntp.timeout=3000
>>
>>
>>
>>
>>
>> from mobile (sorry for typos ;)
>>
>>
>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> Is it possible just to pint it out please?
>>>
>>> Ali
>>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>>
>>> I would start with examine the logs
>>>
>>> and will add missing key-value part to openmeetings.properties :)
>>>
>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> Where and what ? :-)
>>>>
>>>> Ali
>>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>>
>>>> you have to add new values to your config :)
>>>>
>>>> #206 is at demo-next
>>>> seems to work as expected :)
>>>>
>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <
>>>> ali.alhaidary@the5stars.org> wrote:
>>>>
>>>>> No, I did not change anything in openmeetings.properties as we want to
>>>>> use om as before initially...
>>>>>
>>>>> ################## Time-based One Time Password ##################
>>>>> ## Please NOTE these values need to be changed BEFORE users will
>>>>> set-up OTP for themselves
>>>>> ## otherwise they can't login
>>>>>
>>>>> # NOTE Config->application.name will be used if blank
>>>>> otp.issuer=
>>>>> otp.ntp.server=pool.ntp.org
>>>>> ## milliseconds
>>>>> otp.ntp.timeout=3000
>>>>>
>>>>>
>>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>>
>>>>> Anything suspicious in the log?
>>>>> Have you updated openmeetings.properties with "otp" specific values?
>>>>>
>>>>> from mobile (sorry for typos ;)
>>>>>
>>>>>
>>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
>>>>> wrote:
>>>>>
>>>>>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found)
>>>>>> in stand alone app.
>>>>>>
>>>>>> Ali
>>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>>
>>>>>> Seems ok, and translated...
>>>>>>
>>>>>> Ali
>>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>>
>>>>>> Seems to be implemented
>>>>>> I would appreciate if someone can test this new functionality
>>>>>> (And wording :)))
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>
>>>>>>>> Sry I did not have enough time. But it would be a good feature to
>>>>>>>> add.
>>>>>>>>
>>>>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>>>>> security. Relevant for many education/public environments.
>>>>>>>>
>>>>>>>
>>>>>>> I agree :))
>>>>>>> Will update JIRA/demo-next when will have something working :)
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Thx
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <
>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>>
>>>>>>>>> will try to implement it :)
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>>>
>>>>>>>>>> +1
>>>>>>>>>>
>>>>>>>>>> Yes, why not...
>>>>>>>>>>
>>>>>>>>>> Ali
>>>>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>>>>
>>>>>>>>>> we already have BSD 3-clause:
>>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>>> will need to add one line only :)
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>>>>
>>>>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>>>>> scanning but there should be a way :)
>>>>>>>>>>>
>>>>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <
>>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Hello Seb,
>>>>>>>>>>>>
>>>>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>>>>
>>>>>>>>>>>> I would
>>>>>>>>>>>> +1 this feature :)
>>>>>>>>>>>>
>>>>>>>>>>>> The problems we'll need to solve
>>>>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>>>>
>>>>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>>>>
>>>>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>>>>
>>>>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>>>>
>>>>>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> I would like to add a ticket to investigate and look into
>>>>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional feature,
>>>>>>>>>>>>>> default would be turned off.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor
>>>>>>>>>>>>>> auth on or off
>>>>>>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>>>>>>> auth on/off for an individual user
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Let me know what you think, and I will add a ticket and look
>>>>>>>>>>>>>> into adding this over the next few weeks.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Best regards,
>>>>>>>>>> Maxim
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Attached log files of the latest 210 build
Ali
On 12/29/22 3:46 AM, Maxim Solodovnik wrote:
>
>
> from mobile (sorry for typos ;)
>
> On Thu, Dec 29, 2022, 01:40 Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Yes, I know that these lines were added, as you can see in my
> previous post, however, I did not change it assuming that the
> application will perform as usual until we set 2 factor
> authentication.
>
>
> Yes, this was the plan :)
> Must be some misunderstanding, I was surprised to see you are asking
> foe values while they were in your mail :)
>
> Is there and keys I should add to the database on build#205 ?
>
>
> You might add configuration value to the db if you would like to
> enable OTP
> It is disabled by default
>
> I can't help better without knowing actual error :(
> Please check the log (it always should be the first step :))
>
> Ali
> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>> The following section has been added :)
>>
>>
>> ################## Time-based One Time Password ##################
>>
>> ## Please NOTE these values need to be changed BEFORE users will
>> set-up OTP for themselves
>>
>> ## otherwise they can't login
>>
>>
>> # NOTE Config->application.name <http://application.name> will be
>> used if blank
>>
>> otp.issuer=
>>
>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>
>> ## milliseconds
>>
>> otp.ntp.timeout=3000
>>
>>
>>
>>
>>
>> from mobile (sorry for typos ;)
>>
>> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Is it possible just to pint it out please?
>>
>> Ali
>>
>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>> I would start with examine the logs
>>>
>>> and will add missing key-value part to
>>> openmeetings.properties :)
>>>
>>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> Where and what ? :-)
>>>
>>> Ali
>>>
>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>> you have to add new values to your config :)
>>>>
>>>> #206 is at demo-next
>>>> seems to work as expected :)
>>>>
>>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> No, I did not change anything in
>>>> openmeetings.properties as we want to use om as
>>>> before initially...
>>>>
>>>> ################## Time-based One Time Password
>>>> ##################
>>>> ## Please NOTE these values need to be changed
>>>> BEFORE users will set-up OTP for themselves
>>>> ## otherwise they can't login
>>>>
>>>> # NOTE Config->application.name
>>>> <http://application.name> will be used if blank
>>>> otp.issuer=
>>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>>> ## milliseconds
>>>> otp.ntp.timeout=3000
>>>>
>>>>
>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>> Anything suspicious in the log?
>>>>> Have you updated openmeetings.properties with
>>>>> "otp" specific values?
>>>>>
>>>>> from mobile (sorry for typos ;)
>>>>>
>>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
>>>>> <al...@the5stars.org> wrote:
>>>>>
>>>>> Could not login from moodle plugin, and (HTTP
>>>>> Status 404 – Not Found) in stand alone app.
>>>>>
>>>>> Ali
>>>>>
>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>>
>>>>>> Seems ok, and translated...
>>>>>>
>>>>>> Ali
>>>>>>
>>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>>> Seems to be implemented
>>>>>>> I would appreciate if someone can test this
>>>>>>> new functionality
>>>>>>> (And wording :)))
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim
>>>>>>> Solodovnik <so...@gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 14:01,
>>>>>>> seba.wagner@gmail.com
>>>>>>> <se...@gmail.com> wrote:
>>>>>>>
>>>>>>> Sry I did not have enough time. But
>>>>>>> it would be a good feature to add.
>>>>>>>
>>>>>>> Also a good message we can share
>>>>>>> around enhancing OpenMeetings
>>>>>>> security. Relevant for many
>>>>>>> education/public environments.
>>>>>>>
>>>>>>>
>>>>>>> I agree :))
>>>>>>> Will update JIRA/demo-next when will
>>>>>>> have something working :)
>>>>>>>
>>>>>>>
>>>>>>> Thx
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions,
>>>>>>> OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com - Cloud &
>>>>>>> Server Hosting for HTML5
>>>>>>> Video-Conferencing OpenMeetings
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim
>>>>>>> Solodovnik <so...@gmail.com> wrote:
>>>>>>>
>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>
>>>>>>> will try to implement it :)
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali
>>>>>>> Alhaidary
>>>>>>> <al...@the5stars.org> wrote:
>>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> Yes, why not...
>>>>>>>
>>>>>>> Ali
>>>>>>>
>>>>>>> On 8/3/22 8:34 AM, Maxim
>>>>>>> Solodovnik wrote:
>>>>>>>> we already have BSD
>>>>>>>> 3-clause:
>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>
>>>>>>>> will need to add one line
>>>>>>>> only :)
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at
>>>>>>>> 12:25,
>>>>>>>> seba.wagner@gmail.com
>>>>>>>> <se...@gmail.com> wrote:
>>>>>>>>
>>>>>>>> There seem to be a few
>>>>>>>> options for Google
>>>>>>>> using Java
>>>>>>>> E.g.
>>>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>>>
>>>>>>>>
>>>>>>>> I don't quite see in
>>>>>>>> that lib how it
>>>>>>>> generates the QR code
>>>>>>>> for scanning but there
>>>>>>>> should be a way :)
>>>>>>>>
>>>>>>>> The BSD license would
>>>>>>>> require us to add a
>>>>>>>> copy left into our
>>>>>>>> License file, but in
>>>>>>>> general it would be
>>>>>>>> compatible imho.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen
>>>>>>>> Solutions, OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com
>>>>>>>> - Cloud & Server
>>>>>>>> Hosting for HTML5
>>>>>>>> Video-Conferencing
>>>>>>>> OpenMeetings
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at
>>>>>>>> 16:12, Maxim Solodovnik
>>>>>>>> <so...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hello Seb,
>>>>>>>>
>>>>>>>> Sorry for a late
>>>>>>>> response, I'm on
>>>>>>>> vacation :)
>>>>>>>>
>>>>>>>> I would
>>>>>>>> +1 this feature :)
>>>>>>>>
>>>>>>>> The problems we'll
>>>>>>>> need to solve
>>>>>>>> - add 2fa
>>>>>>>> mechanisms other
>>>>>>>> than email (not
>>>>>>>> sure if apps like
>>>>>>>> "Google
>>>>>>>> authenticator" has
>>>>>>>> open source API :(,
>>>>>>>> we can use telegram
>>>>>>>> API ....)
>>>>>>>> - we'll need to
>>>>>>>> move this out of
>>>>>>>> om_user db table
>>>>>>>> (maybe with
>>>>>>>> activation_hash and
>>>>>>>> *reset-password-hash*
>>>>>>>>
>>>>>>>> Need to be
>>>>>>>> investigated and
>>>>>>>> carefully refactored :)
>>>>>>>>
>>>>>>>> from mobile (sorry
>>>>>>>> for typos ;)
>>>>>>>>
>>>>>>>> On Wed, Aug 3,
>>>>>>>> 2022, 10:15
>>>>>>>> seba.wagner@gmail.com
>>>>>>>> <se...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Not many pros
>>>>>>>> or cons in this
>>>>>>>> discussion.
>>>>>>>>
>>>>>>>> But I think it
>>>>>>>> would be a good
>>>>>>>> option to have
>>>>>>>> available for
>>>>>>>> users. As well
>>>>>>>> as a good
>>>>>>>> feature to
>>>>>>>> advertise for.
>>>>>>>> Especially in
>>>>>>>> order to use
>>>>>>>> OpenMeetings in
>>>>>>>> a Gov/Education
>>>>>>>> environment
>>>>>>>> where
>>>>>>>> compliance may
>>>>>>>> require to have
>>>>>>>> 2 factor auth
>>>>>>>> for
>>>>>>>> applications in
>>>>>>>> order for using
>>>>>>>> it.
>>>>>>>>
>>>>>>>> So I assume I
>>>>>>>> can create some
>>>>>>>> tickets and get
>>>>>>>> this on the way.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director
>>>>>>>> Arrakeen
>>>>>>>> Solutions,
>>>>>>>> OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com
>>>>>>>> - Cloud &
>>>>>>>> Server Hosting
>>>>>>>> for HTML5
>>>>>>>> Video-Conferencing
>>>>>>>> OpenMeetings
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, 1 Aug
>>>>>>>> 2022 at 09:31,
>>>>>>>> seba.wagner@gmail.com
>>>>>>>> <se...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> I would
>>>>>>>> like to add
>>>>>>>> a ticket to
>>>>>>>> investigate
>>>>>>>> and look
>>>>>>>> into adding
>>>>>>>> 2 factor
>>>>>>>> authentication
>>>>>>>> to
>>>>>>>> OpenMeetings.
>>>>>>>> As an
>>>>>>>> optional feature,
>>>>>>>> default
>>>>>>>> would be
>>>>>>>> turned off.
>>>>>>>>
>>>>>>>> There are
>>>>>>>> various
>>>>>>>> libraries
>>>>>>>> to achieve
>>>>>>>> 2
>>>>>>>> factor auth.
>>>>>>>> I would
>>>>>>>> probably prefer
>>>>>>>> using the
>>>>>>>> Google
>>>>>>>> Authenticator
>>>>>>>> as a method
>>>>>>>> since it
>>>>>>>> seems the
>>>>>>>> most
>>>>>>>> widely adopted
>>>>>>>> authenticator.
>>>>>>>>
>>>>>>>> In terms of
>>>>>>>> turning it
>>>>>>>> on/off I
>>>>>>>> would add 2
>>>>>>>> flags:
>>>>>>>> - On a per
>>>>>>>> server
>>>>>>>> basis a
>>>>>>>> flag to
>>>>>>>> generally
>>>>>>>> turn 2
>>>>>>>> factor auth
>>>>>>>> on or off
>>>>>>>> - On a per
>>>>>>>> individual
>>>>>>>> account basis
>>>>>>>> so you can
>>>>>>>> turn 2
>>>>>>>> factor
>>>>>>>> auth on/off
>>>>>>>> for an
>>>>>>>> individual user
>>>>>>>>
>>>>>>>> This would
>>>>>>>> not affect
>>>>>>>> past
>>>>>>>> installations.
>>>>>>>> This would
>>>>>>>> not affect
>>>>>>>> logging in
>>>>>>>> via Soap/Rest.
>>>>>>>>
>>>>>>>> I think
>>>>>>>> this would
>>>>>>>> be a good
>>>>>>>> feature to
>>>>>>>> improve
>>>>>>>> security.
>>>>>>>>
>>>>>>>> Let me know
>>>>>>>> what you
>>>>>>>> think, and
>>>>>>>> I will add
>>>>>>>> a
>>>>>>>> ticket and
>>>>>>>> look into
>>>>>>>> adding this
>>>>>>>> over the
>>>>>>>> next few weeks.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian
>>>>>>>> Wagner
>>>>>>>> Director
>>>>>>>> Arrakeen
>>>>>>>> Solutions,
>>>>>>>> OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com
>>>>>>>> - Cloud &
>>>>>>>> Server
>>>>>>>> Hosting for
>>>>>>>> HTML5
>>>>>>>> Video-Conferencing
>>>>>>>> OpenMeetings
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
from mobile (sorry for typos ;)
On Thu, Dec 29, 2022, 01:40 Ali Alhaidary <al...@the5stars.org>
wrote:
> Yes, I know that these lines were added, as you can see in my previous
> post, however, I did not change it assuming that the application will
> perform as usual until we set 2 factor authentication.
>
Yes, this was the plan :)
Must be some misunderstanding, I was surprised to see you are asking foe
values while they were in your mail :)
Is there and keys I should add to the database on build#205 ?
>
You might add configuration value to the db if you would like to enable OTP
It is disabled by default
I can't help better without knowing actual error :(
Please check the log (it always should be the first step :))
Ali
> On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
>
> The following section has been added :)
>
>
> ################## Time-based One Time Password ##################
> ## Please NOTE these values need to be changed BEFORE users will set-up
> OTP for themselves
> ## otherwise they can't login
>
> # NOTE Config->application.name will be used if blank
> otp.issuer=
> otp.ntp.server=pool.ntp.org
> ## milliseconds
> otp.ntp.timeout=3000
>
>
>
>
>
> from mobile (sorry for typos ;)
>
>
> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Is it possible just to pint it out please?
>>
>> Ali
>> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>>
>> I would start with examine the logs
>>
>> and will add missing key-value part to openmeetings.properties :)
>>
>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> Where and what ? :-)
>>>
>>> Ali
>>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>>
>>> you have to add new values to your config :)
>>>
>>> #206 is at demo-next
>>> seems to work as expected :)
>>>
>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> No, I did not change anything in openmeetings.properties as we want to
>>>> use om as before initially...
>>>>
>>>> ################## Time-based One Time Password ##################
>>>> ## Please NOTE these values need to be changed BEFORE users will set-up
>>>> OTP for themselves
>>>> ## otherwise they can't login
>>>>
>>>> # NOTE Config->application.name will be used if blank
>>>> otp.issuer=
>>>> otp.ntp.server=pool.ntp.org
>>>> ## milliseconds
>>>> otp.ntp.timeout=3000
>>>>
>>>>
>>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>>
>>>> Anything suspicious in the log?
>>>> Have you updated openmeetings.properties with "otp" specific values?
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>>
>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
>>>> wrote:
>>>>
>>>>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found)
>>>>> in stand alone app.
>>>>>
>>>>> Ali
>>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>
>>>>> Seems ok, and translated...
>>>>>
>>>>> Ali
>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>
>>>>> Seems to be implemented
>>>>> I would appreciate if someone can test this new functionality
>>>>> (And wording :)))
>>>>>
>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>
>>>>>>> Sry I did not have enough time. But it would be a good feature to
>>>>>>> add.
>>>>>>>
>>>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>>>> security. Relevant for many education/public environments.
>>>>>>>
>>>>>>
>>>>>> I agree :))
>>>>>> Will update JIRA/demo-next when will have something working :)
>>>>>>
>>>>>>
>>>>>>>
>>>>>>> Thx
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>>
>>>>>>>> will try to implement it :)
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>>
>>>>>>>>> +1
>>>>>>>>>
>>>>>>>>> Yes, why not...
>>>>>>>>>
>>>>>>>>> Ali
>>>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>>>
>>>>>>>>> we already have BSD 3-clause:
>>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>>> will need to add one line only :)
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>>>
>>>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>>>> scanning but there should be a way :)
>>>>>>>>>>
>>>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <
>>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello Seb,
>>>>>>>>>>>
>>>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>>>
>>>>>>>>>>> I would
>>>>>>>>>>> +1 this feature :)
>>>>>>>>>>>
>>>>>>>>>>> The problems we'll need to solve
>>>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>>>
>>>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>>>
>>>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>>>
>>>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>>>
>>>>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> Seb
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> I would like to add a ticket to investigate and look into
>>>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional feature,
>>>>>>>>>>>>> default would be turned off.
>>>>>>>>>>>>>
>>>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>>>>>
>>>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor
>>>>>>>>>>>>> auth on or off
>>>>>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>>>>>> auth on/off for an individual user
>>>>>>>>>>>>>
>>>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>>>
>>>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Let me know what you think, and I will add a ticket and look
>>>>>>>>>>>>> into adding this over the next few weeks.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Thanks
>>>>>>>>>>>>> Seb
>>>>>>>>>>>>>
>>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Best regards,
>>>>>>>>> Maxim
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Yes, I know that these lines were added, as you can see in my previous
post, however, I did not change it assuming that the application will
perform as usual until we set 2 factor authentication.
Is there and keys I should add to the database on build#205 ?
Ali
On 12/28/22 2:10 PM, Maxim Solodovnik wrote:
> The following section has been added :)
>
>
> ################## Time-based One Time Password ##################
>
> ## Please NOTE these values need to be changed BEFORE users will
> set-up OTP for themselves
>
> ## otherwise they can't login
>
>
> # NOTE Config->application.name <http://application.name> will be used
> if blank
>
> otp.issuer=
>
> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>
> ## milliseconds
>
> otp.ntp.timeout=3000
>
>
>
>
>
> from mobile (sorry for typos ;)
>
> On Wed, Dec 28, 2022, 16:25 Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Is it possible just to pint it out please?
>
> Ali
>
> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>> I would start with examine the logs
>>
>> and will add missing key-value part to openmeetings.properties :)
>>
>> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Where and what ? :-)
>>
>> Ali
>>
>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>> you have to add new values to your config :)
>>>
>>> #206 is at demo-next
>>> seems to work as expected :)
>>>
>>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> No, I did not change anything in openmeetings.properties
>>> as we want to use om as before initially...
>>>
>>> ################## Time-based One Time Password
>>> ##################
>>> ## Please NOTE these values need to be changed BEFORE
>>> users will set-up OTP for themselves
>>> ## otherwise they can't login
>>>
>>> # NOTE Config->application.name
>>> <http://application.name> will be used if blank
>>> otp.issuer=
>>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>>> ## milliseconds
>>> otp.ntp.timeout=3000
>>>
>>>
>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>> Anything suspicious in the log?
>>>> Have you updated openmeetings.properties with "otp"
>>>> specific values?
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> Could not login from moodle plugin, and (HTTP
>>>> Status 404 – Not Found) in stand alone app.
>>>>
>>>> Ali
>>>>
>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>>
>>>>> Seems ok, and translated...
>>>>>
>>>>> Ali
>>>>>
>>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>>> Seems to be implemented
>>>>>> I would appreciate if someone can test this new
>>>>>> functionality
>>>>>> (And wording :)))
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik
>>>>>> <so...@gmail.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 14:01,
>>>>>> seba.wagner@gmail.com <se...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> Sry I did not have enough time. But it
>>>>>> would be a good feature to add.
>>>>>>
>>>>>> Also a good message we can share around
>>>>>> enhancing OpenMeetings security. Relevant
>>>>>> for many education/public environments.
>>>>>>
>>>>>>
>>>>>> I agree :))
>>>>>> Will update JIRA/demo-next when will have
>>>>>> something working :)
>>>>>>
>>>>>>
>>>>>> Thx
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud & Server
>>>>>> Hosting for HTML5 Video-Conferencing
>>>>>> OpenMeetings
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim
>>>>>> Solodovnik <so...@gmail.com> wrote:
>>>>>>
>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>
>>>>>> will try to implement it :)
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali
>>>>>> Alhaidary
>>>>>> <al...@the5stars.org> wrote:
>>>>>>
>>>>>> +1
>>>>>>
>>>>>> Yes, why not...
>>>>>>
>>>>>> Ali
>>>>>>
>>>>>> On 8/3/22 8:34 AM, Maxim
>>>>>> Solodovnik wrote:
>>>>>>> we already have BSD 3-clause:
>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>
>>>>>>> will need to add one line only :)
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 12:25,
>>>>>>> seba.wagner@gmail.com
>>>>>>> <se...@gmail.com> wrote:
>>>>>>>
>>>>>>> There seem to be a few
>>>>>>> options for Google using Java
>>>>>>> E.g.
>>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>>
>>>>>>>
>>>>>>> I don't quite see in that
>>>>>>> lib how it generates the QR
>>>>>>> code for scanning but there
>>>>>>> should be a way :)
>>>>>>>
>>>>>>> The BSD license would
>>>>>>> require us to add a copy
>>>>>>> left into our License file,
>>>>>>> but in general it would be
>>>>>>> compatible imho.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions,
>>>>>>> OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com -
>>>>>>> Cloud & Server Hosting for
>>>>>>> HTML5 Video-Conferencing
>>>>>>> OpenMeetings
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 16:12,
>>>>>>> Maxim Solodovnik
>>>>>>> <so...@gmail.com> wrote:
>>>>>>>
>>>>>>> Hello Seb,
>>>>>>>
>>>>>>> Sorry for a late
>>>>>>> response, I'm on vacation :)
>>>>>>>
>>>>>>> I would
>>>>>>> +1 this feature :)
>>>>>>>
>>>>>>> The problems we'll need
>>>>>>> to solve
>>>>>>> - add 2fa mechanisms
>>>>>>> other than email (not
>>>>>>> sure if apps like
>>>>>>> "Google authenticator"
>>>>>>> has open source API :(,
>>>>>>> we can use telegram API
>>>>>>> ....)
>>>>>>> - we'll need to move
>>>>>>> this out of om_user db
>>>>>>> table (maybe with
>>>>>>> activation_hash and
>>>>>>> *reset-password-hash*
>>>>>>>
>>>>>>> Need to be investigated
>>>>>>> and carefully refactored :)
>>>>>>>
>>>>>>> from mobile (sorry for
>>>>>>> typos ;)
>>>>>>>
>>>>>>> On Wed, Aug 3, 2022,
>>>>>>> 10:15
>>>>>>> seba.wagner@gmail.com
>>>>>>> <se...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> Not many pros or
>>>>>>> cons in this
>>>>>>> discussion.
>>>>>>>
>>>>>>> But I think it would
>>>>>>> be a good option to
>>>>>>> have available for
>>>>>>> users. As well as a
>>>>>>> good feature to
>>>>>>> advertise for.
>>>>>>> Especially in order
>>>>>>> to use OpenMeetings
>>>>>>> in a Gov/Education
>>>>>>> environment where
>>>>>>> compliance may
>>>>>>> require to have 2
>>>>>>> factor auth for
>>>>>>> applications in
>>>>>>> order for using it.
>>>>>>>
>>>>>>> So I assume I can
>>>>>>> create some tickets
>>>>>>> and get this on the way.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen
>>>>>>> Solutions,
>>>>>>> OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com
>>>>>>> - Cloud & Server
>>>>>>> Hosting for HTML5
>>>>>>> Video-Conferencing
>>>>>>> OpenMeetings
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, 1 Aug 2022
>>>>>>> at 09:31,
>>>>>>> seba.wagner@gmail.com
>>>>>>> <se...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>> I would like to
>>>>>>> add a ticket to
>>>>>>> investigate and
>>>>>>> look into adding
>>>>>>> 2 factor
>>>>>>> authentication
>>>>>>> to OpenMeetings.
>>>>>>> As an
>>>>>>> optional feature,
>>>>>>> default would be
>>>>>>> turned off.
>>>>>>>
>>>>>>> There are
>>>>>>> various
>>>>>>> libraries to
>>>>>>> achieve 2
>>>>>>> factor auth. I
>>>>>>> would
>>>>>>> probably prefer
>>>>>>> using the Google
>>>>>>> Authenticator as
>>>>>>> a method since
>>>>>>> it seems the
>>>>>>> most
>>>>>>> widely adopted
>>>>>>> authenticator.
>>>>>>>
>>>>>>> In terms of
>>>>>>> turning it
>>>>>>> on/off I would
>>>>>>> add 2 flags:
>>>>>>> - On a per
>>>>>>> server basis a
>>>>>>> flag to
>>>>>>> generally turn 2
>>>>>>> factor auth on
>>>>>>> or off
>>>>>>> - On a per
>>>>>>> individual
>>>>>>> account basis so
>>>>>>> you can turn 2
>>>>>>> factor
>>>>>>> auth on/off for
>>>>>>> an individual user
>>>>>>>
>>>>>>> This would not
>>>>>>> affect past
>>>>>>> installations.
>>>>>>> This would not
>>>>>>> affect logging
>>>>>>> in via Soap/Rest.
>>>>>>>
>>>>>>> I think this
>>>>>>> would be a good
>>>>>>> feature to
>>>>>>> improve security.
>>>>>>>
>>>>>>> Let me know what
>>>>>>> you think, and I
>>>>>>> will add a
>>>>>>> ticket and look
>>>>>>> into adding this
>>>>>>> over the next
>>>>>>> few weeks.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director
>>>>>>> Arrakeen
>>>>>>> Solutions,
>>>>>>> OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com
>>>>>>> - Cloud & Server
>>>>>>> Hosting for
>>>>>>> HTML5
>>>>>>> Video-Conferencing
>>>>>>> OpenMeetings
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
The following section has been added :)
################## Time-based One Time Password ##################
## Please NOTE these values need to be changed BEFORE users will set-up OTP
for themselves
## otherwise they can't login
# NOTE Config->application.name will be used if blank
otp.issuer=
otp.ntp.server=pool.ntp.org
## milliseconds
otp.ntp.timeout=3000
from mobile (sorry for typos ;)
On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <al...@the5stars.org>
wrote:
> Is it possible just to pint it out please?
>
> Ali
> On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
>
> I would start with examine the logs
>
> and will add missing key-value part to openmeetings.properties :)
>
> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Where and what ? :-)
>>
>> Ali
>> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>>
>> you have to add new values to your config :)
>>
>> #206 is at demo-next
>> seems to work as expected :)
>>
>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> No, I did not change anything in openmeetings.properties as we want to
>>> use om as before initially...
>>>
>>> ################## Time-based One Time Password ##################
>>> ## Please NOTE these values need to be changed BEFORE users will set-up
>>> OTP for themselves
>>> ## otherwise they can't login
>>>
>>> # NOTE Config->application.name will be used if blank
>>> otp.issuer=
>>> otp.ntp.server=pool.ntp.org
>>> ## milliseconds
>>> otp.ntp.timeout=3000
>>>
>>>
>>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>>
>>> Anything suspicious in the log?
>>> Have you updated openmeetings.properties with "otp" specific values?
>>>
>>> from mobile (sorry for typos ;)
>>>
>>>
>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found)
>>>> in stand alone app.
>>>>
>>>> Ali
>>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>
>>>> Seems ok, and translated...
>>>>
>>>> Ali
>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>
>>>> Seems to be implemented
>>>> I would appreciate if someone can test this new functionality
>>>> (And wording :)))
>>>>
>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>>>> wrote:
>>>>
>>>>>
>>>>>
>>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>>> seba.wagner@gmail.com> wrote:
>>>>>
>>>>>> Sry I did not have enough time. But it would be a good feature to
>>>>>> add.
>>>>>>
>>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>>> security. Relevant for many education/public environments.
>>>>>>
>>>>>
>>>>> I agree :))
>>>>> Will update JIRA/demo-next when will have something working :)
>>>>>
>>>>>
>>>>>>
>>>>>> Thx
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>> Video-Conferencing OpenMeetings
>>>>>>
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>>
>>>>>>> will try to implement it :)
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>>
>>>>>>>> +1
>>>>>>>>
>>>>>>>> Yes, why not...
>>>>>>>>
>>>>>>>> Ali
>>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>>
>>>>>>>> we already have BSD 3-clause:
>>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>>> will need to add one line only :)
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>>
>>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>>> scanning but there should be a way :)
>>>>>>>>>
>>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <
>>>>>>>>> solomax666@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hello Seb,
>>>>>>>>>>
>>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>>
>>>>>>>>>> I would
>>>>>>>>>> +1 this feature :)
>>>>>>>>>>
>>>>>>>>>> The problems we'll need to solve
>>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>>
>>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>>
>>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>>
>>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>>
>>>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> I would like to add a ticket to investigate and look into
>>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional feature,
>>>>>>>>>>>> default would be turned off.
>>>>>>>>>>>>
>>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>>>>
>>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth
>>>>>>>>>>>> on or off
>>>>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>>>>> auth on/off for an individual user
>>>>>>>>>>>>
>>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>>
>>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>>
>>>>>>>>>>>> Let me know what you think, and I will add a ticket and look
>>>>>>>>>>>> into adding this over the next few weeks.
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks
>>>>>>>>>>>> Seb
>>>>>>>>>>>>
>>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Best regards,
>>>>>>>> Maxim
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>
> --
> Best regards,
> Maxim
>
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Is it possible just to pint it out please?
Ali
On 12/27/22 6:53 PM, Maxim Solodovnik wrote:
> I would start with examine the logs
>
> and will add missing key-value part to openmeetings.properties :)
>
> On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Where and what ? :-)
>
> Ali
>
> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>> you have to add new values to your config :)
>>
>> #206 is at demo-next
>> seems to work as expected :)
>>
>> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> No, I did not change anything in openmeetings.properties as
>> we want to use om as before initially...
>>
>> ################## Time-based One Time Password
>> ##################
>> ## Please NOTE these values need to be changed BEFORE users
>> will set-up OTP for themselves
>> ## otherwise they can't login
>>
>> # NOTE Config->application.name <http://application.name>
>> will be used if blank
>> otp.issuer=
>> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
>> ## milliseconds
>> otp.ntp.timeout=3000
>>
>>
>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>> Anything suspicious in the log?
>>> Have you updated openmeetings.properties with "otp" specific
>>> values?
>>>
>>> from mobile (sorry for typos ;)
>>>
>>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> Could not login from moodle plugin, and (HTTP Status 404
>>> – Not Found) in stand alone app.
>>>
>>> Ali
>>>
>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>>
>>>> Seems ok, and translated...
>>>>
>>>> Ali
>>>>
>>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>>> Seems to be implemented
>>>>> I would appreciate if someone can test this new
>>>>> functionality
>>>>> (And wording :)))
>>>>>
>>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik
>>>>> <so...@gmail.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>> On Thu, 22 Dec 2022 at 14:01,
>>>>> seba.wagner@gmail.com <se...@gmail.com> wrote:
>>>>>
>>>>> Sry I did not have enough time. But it would
>>>>> be a good feature to add.
>>>>>
>>>>> Also a good message we can share around
>>>>> enhancing OpenMeetings security. Relevant for
>>>>> many education/public environments.
>>>>>
>>>>>
>>>>> I agree :))
>>>>> Will update JIRA/demo-next when will have
>>>>> something working :)
>>>>>
>>>>>
>>>>> Thx
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud & Server
>>>>> Hosting for HTML5 Video-Conferencing OpenMeetings
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik
>>>>> <so...@gmail.com> wrote:
>>>>>
>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>
>>>>> will try to implement it :)
>>>>>
>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary
>>>>> <al...@the5stars.org> wrote:
>>>>>
>>>>> +1
>>>>>
>>>>> Yes, why not...
>>>>>
>>>>> Ali
>>>>>
>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>> we already have BSD 3-clause:
>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>
>>>>>> will need to add one line only :)
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 12:25,
>>>>>> seba.wagner@gmail.com
>>>>>> <se...@gmail.com> wrote:
>>>>>>
>>>>>> There seem to be a few options
>>>>>> for Google using Java
>>>>>> E.g.
>>>>>> https://github.com/wstrange/GoogleAuth
>>>>>>
>>>>>>
>>>>>> I don't quite see in that lib how
>>>>>> it generates the QR code for
>>>>>> scanning but there should be a
>>>>>> way :)
>>>>>>
>>>>>> The BSD license would require us
>>>>>> to add a copy left into our
>>>>>> License file, but in general it
>>>>>> would be compatible imho.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions,
>>>>>> OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud &
>>>>>> Server Hosting for HTML5
>>>>>> Video-Conferencing OpenMeetings
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 16:12,
>>>>>> Maxim Solodovnik
>>>>>> <so...@gmail.com> wrote:
>>>>>>
>>>>>> Hello Seb,
>>>>>>
>>>>>> Sorry for a late response,
>>>>>> I'm on vacation :)
>>>>>>
>>>>>> I would
>>>>>> +1 this feature :)
>>>>>>
>>>>>> The problems we'll need to solve
>>>>>> - add 2fa mechanisms other
>>>>>> than email (not sure if apps
>>>>>> like "Google authenticator"
>>>>>> has open source API :(, we
>>>>>> can use telegram API ....)
>>>>>> - we'll need to move this out
>>>>>> of om_user db table (maybe
>>>>>> with activation_hash and
>>>>>> *reset-password-hash*
>>>>>>
>>>>>> Need to be investigated and
>>>>>> carefully refactored :)
>>>>>>
>>>>>> from mobile (sorry for typos ;)
>>>>>>
>>>>>> On Wed, Aug 3, 2022, 10:15
>>>>>> seba.wagner@gmail.com
>>>>>> <se...@gmail.com> wrote:
>>>>>>
>>>>>> Not many pros or cons in
>>>>>> this discussion.
>>>>>>
>>>>>> But I think it would be a
>>>>>> good option to have
>>>>>> available for users. As
>>>>>> well as a good feature to
>>>>>> advertise for. Especially
>>>>>> in order to use
>>>>>> OpenMeetings in a
>>>>>> Gov/Education environment
>>>>>> where compliance may
>>>>>> require to have 2 factor
>>>>>> auth for applications in
>>>>>> order for using it.
>>>>>>
>>>>>> So I assume I can create
>>>>>> some tickets and get this
>>>>>> on the way.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen
>>>>>> Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com -
>>>>>> Cloud & Server Hosting
>>>>>> for HTML5
>>>>>> Video-Conferencing
>>>>>> OpenMeetings
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Mon, 1 Aug 2022 at
>>>>>> 09:31,
>>>>>> seba.wagner@gmail.com
>>>>>> <se...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>> I would like to add a
>>>>>> ticket to investigate
>>>>>> and look into adding
>>>>>> 2 factor
>>>>>> authentication to
>>>>>> OpenMeetings. As an
>>>>>> optional feature,
>>>>>> default would be
>>>>>> turned off.
>>>>>>
>>>>>> There are various
>>>>>> libraries to achieve
>>>>>> 2 factor auth. I
>>>>>> would probably prefer
>>>>>> using the Google
>>>>>> Authenticator as a
>>>>>> method since it seems
>>>>>> the most
>>>>>> widely adopted
>>>>>> authenticator.
>>>>>>
>>>>>> In terms of turning
>>>>>> it on/off I would add
>>>>>> 2 flags:
>>>>>> - On a per server
>>>>>> basis a flag to
>>>>>> generally turn 2
>>>>>> factor auth on or off
>>>>>> - On a per
>>>>>> individual
>>>>>> account basis so you
>>>>>> can turn 2 factor
>>>>>> auth on/off for an
>>>>>> individual user
>>>>>>
>>>>>> This would not affect
>>>>>> past installations.
>>>>>> This would not affect
>>>>>> logging in via Soap/Rest.
>>>>>>
>>>>>> I think this would be
>>>>>> a good feature to
>>>>>> improve security.
>>>>>>
>>>>>> Let me know what you
>>>>>> think, and I will add
>>>>>> a ticket and look
>>>>>> into adding this over
>>>>>> the next few weeks.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen
>>>>>> Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com
>>>>>> - Cloud & Server
>>>>>> Hosting for HTML5
>>>>>> Video-Conferencing
>>>>>> OpenMeetings
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>
>>
>>
>> --
>> Best regards,
>> Maxim
>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
I would start with examine the logs
and will add missing key-value part to openmeetings.properties :)
On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <al...@the5stars.org>
wrote:
> Where and what ? :-)
>
> Ali
> On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
>
> you have to add new values to your config :)
>
> #206 is at demo-next
> seems to work as expected :)
>
> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> No, I did not change anything in openmeetings.properties as we want to
>> use om as before initially...
>>
>> ################## Time-based One Time Password ##################
>> ## Please NOTE these values need to be changed BEFORE users will set-up
>> OTP for themselves
>> ## otherwise they can't login
>>
>> # NOTE Config->application.name will be used if blank
>> otp.issuer=
>> otp.ntp.server=pool.ntp.org
>> ## milliseconds
>> otp.ntp.timeout=3000
>>
>>
>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>>
>> Anything suspicious in the log?
>> Have you updated openmeetings.properties with "otp" specific values?
>>
>> from mobile (sorry for typos ;)
>>
>>
>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found) in
>>> stand alone app.
>>>
>>> Ali
>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>
>>> Seems ok, and translated...
>>>
>>> Ali
>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>
>>> Seems to be implemented
>>> I would appreciate if someone can test this new functionality
>>> (And wording :)))
>>>
>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>>> seba.wagner@gmail.com> wrote:
>>>>
>>>>> Sry I did not have enough time. But it would be a good feature to add.
>>>>>
>>>>> Also a good message we can share around enhancing OpenMeetings
>>>>> security. Relevant for many education/public environments.
>>>>>
>>>>
>>>> I agree :))
>>>> Will update JIRA/demo-next when will have something working :)
>>>>
>>>>
>>>>>
>>>>> Thx
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>>
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>>
>>>>>> will try to implement it :)
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>>
>>>>>>> +1
>>>>>>>
>>>>>>> Yes, why not...
>>>>>>>
>>>>>>> Ali
>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>>
>>>>>>> we already have BSD 3-clause:
>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>>> will need to add one line only :)
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>
>>>>>>>> There seem to be a few options for Google using Java
>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>>
>>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>>> scanning but there should be a way :)
>>>>>>>>
>>>>>>>> The BSD license would require us to add a copy left into our
>>>>>>>> License file, but in general it would be compatible imho.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Hello Seb,
>>>>>>>>>
>>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>>
>>>>>>>>> I would
>>>>>>>>> +1 this feature :)
>>>>>>>>>
>>>>>>>>> The problems we'll need to solve
>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>>
>>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>>
>>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>>
>>>>>>>>>> But I think it would be a good option to have available for
>>>>>>>>>> users. As well as a good feature to advertise for. Especially in order to
>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may
>>>>>>>>>> require to have 2 factor auth for applications in order for using it.
>>>>>>>>>>
>>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> I would like to add a ticket to investigate and look into adding
>>>>>>>>>>> 2 factor authentication to OpenMeetings. As an optional feature, default
>>>>>>>>>>> would be turned off.
>>>>>>>>>>>
>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>>>
>>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth
>>>>>>>>>>> on or off
>>>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>>>> auth on/off for an individual user
>>>>>>>>>>>
>>>>>>>>>>> This would not affect past installations.
>>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>>
>>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>>
>>>>>>>>>>> Let me know what you think, and I will add a ticket and look
>>>>>>>>>>> into adding this over the next few weeks.
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Seb
>>>>>>>>>>>
>>>>>>>>>>> Sebastian Wagner
>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>>
>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Best regards,
>>>>>>> Maxim
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
>
> --
> Best regards,
> Maxim
>
>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Where and what ? :-)
Ali
On 12/27/22 8:13 AM, Maxim Solodovnik wrote:
> you have to add new values to your config :)
>
> #206 is at demo-next
> seems to work as expected :)
>
> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> No, I did not change anything in openmeetings.properties as we
> want to use om as before initially...
>
> ################## Time-based One Time Password ##################
> ## Please NOTE these values need to be changed BEFORE users will
> set-up OTP for themselves
> ## otherwise they can't login
>
> # NOTE Config->application.name <http://application.name> will be
> used if blank
> otp.issuer=
> otp.ntp.server=pool.ntp.org <http://pool.ntp.org>
> ## milliseconds
> otp.ntp.timeout=3000
>
>
> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>> Anything suspicious in the log?
>> Have you updated openmeetings.properties with "otp" specific values?
>>
>> from mobile (sorry for typos ;)
>>
>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> Could not login from moodle plugin, and (HTTP Status 404 –
>> Not Found) in stand alone app.
>>
>> Ali
>>
>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>>
>>> Seems ok, and translated...
>>>
>>> Ali
>>>
>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>>> Seems to be implemented
>>>> I would appreciate if someone can test this new functionality
>>>> (And wording :)))
>>>>
>>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik
>>>> <so...@gmail.com> wrote:
>>>>
>>>>
>>>>
>>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com
>>>> <se...@gmail.com> wrote:
>>>>
>>>> Sry I did not have enough time. But it would be a
>>>> good feature to add.
>>>>
>>>> Also a good message we can share around enhancing
>>>> OpenMeetings security. Relevant for many
>>>> education/public environments.
>>>>
>>>>
>>>> I agree :))
>>>> Will update JIRA/demo-next when will have something
>>>> working :)
>>>>
>>>>
>>>> Thx
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for
>>>> HTML5 Video-Conferencing OpenMeetings
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik
>>>> <so...@gmail.com> wrote:
>>>>
>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>
>>>> will try to implement it :)
>>>>
>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary
>>>> <al...@the5stars.org> wrote:
>>>>
>>>> +1
>>>>
>>>> Yes, why not...
>>>>
>>>> Ali
>>>>
>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>> we already have BSD 3-clause:
>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>
>>>>> will need to add one line only :)
>>>>>
>>>>> On Wed, 3 Aug 2022 at 12:25,
>>>>> seba.wagner@gmail.com
>>>>> <se...@gmail.com> wrote:
>>>>>
>>>>> There seem to be a few options for
>>>>> Google using Java
>>>>> E.g.
>>>>> https://github.com/wstrange/GoogleAuth
>>>>>
>>>>> I don't quite see in that lib how it
>>>>> generates the QR code for scanning but
>>>>> there should be a way :)
>>>>>
>>>>> The BSD license would require us to
>>>>> add a copy left into our License file,
>>>>> but in general it would be compatible
>>>>> imho.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions,
>>>>> OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud &
>>>>> Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim
>>>>> Solodovnik <so...@gmail.com> wrote:
>>>>>
>>>>> Hello Seb,
>>>>>
>>>>> Sorry for a late response, I'm on
>>>>> vacation :)
>>>>>
>>>>> I would
>>>>> +1 this feature :)
>>>>>
>>>>> The problems we'll need to solve
>>>>> - add 2fa mechanisms other than
>>>>> email (not sure if apps like
>>>>> "Google authenticator" has open
>>>>> source API :(, we can use telegram
>>>>> API ....)
>>>>> - we'll need to move this out of
>>>>> om_user db table (maybe with
>>>>> activation_hash and
>>>>> *reset-password-hash*
>>>>>
>>>>> Need to be investigated and
>>>>> carefully refactored :)
>>>>>
>>>>> from mobile (sorry for typos ;)
>>>>>
>>>>> On Wed, Aug 3, 2022, 10:15
>>>>> seba.wagner@gmail.com
>>>>> <se...@gmail.com> wrote:
>>>>>
>>>>> Not many pros or cons in this
>>>>> discussion.
>>>>>
>>>>> But I think it would be a good
>>>>> option to have available for
>>>>> users. As well as a good
>>>>> feature to advertise for.
>>>>> Especially in order to use
>>>>> OpenMeetings in a
>>>>> Gov/Education environment
>>>>> where compliance may require
>>>>> to have 2 factor auth for
>>>>> applications in order for
>>>>> using it.
>>>>>
>>>>> So I assume I can create some
>>>>> tickets and get this on the way.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>>
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions,
>>>>> OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud
>>>>> & Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Mon, 1 Aug 2022 at 09:31,
>>>>> seba.wagner@gmail.com
>>>>> <se...@gmail.com> wrote:
>>>>>
>>>>> I would like to add a
>>>>> ticket to investigate and
>>>>> look into adding 2 factor
>>>>> authentication to
>>>>> OpenMeetings. As an
>>>>> optional feature, default
>>>>> would be turned off.
>>>>>
>>>>> There are various
>>>>> libraries to achieve 2
>>>>> factor auth. I would
>>>>> probably prefer using the
>>>>> Google Authenticator as a
>>>>> method since it seems the
>>>>> most widely adopted
>>>>> authenticator.
>>>>>
>>>>> In terms of turning it
>>>>> on/off I would add 2 flags:
>>>>> - On a per server basis a
>>>>> flag to generally turn 2
>>>>> factor auth on or off
>>>>> - On a per individual
>>>>> account basis so you can
>>>>> turn 2 factor auth on/off
>>>>> for an individual user
>>>>>
>>>>> This would not affect past
>>>>> installations.
>>>>> This would not affect
>>>>> logging in via Soap/Rest.
>>>>>
>>>>> I think this would be a
>>>>> good feature to improve
>>>>> security.
>>>>>
>>>>> Let me know what you
>>>>> think, and I will add a
>>>>> ticket and look into
>>>>> adding this over the next
>>>>> few weeks.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen
>>>>> Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com -
>>>>> Cloud & Server Hosting for
>>>>> HTML5 Video-Conferencing
>>>>> OpenMeetings
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
you have to add new values to your config :)
#206 is at demo-next
seems to work as expected :)
On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <al...@the5stars.org>
wrote:
> No, I did not change anything in openmeetings.properties as we want to use
> om as before initially...
>
> ################## Time-based One Time Password ##################
> ## Please NOTE these values need to be changed BEFORE users will set-up
> OTP for themselves
> ## otherwise they can't login
>
> # NOTE Config->application.name will be used if blank
> otp.issuer=
> otp.ntp.server=pool.ntp.org
> ## milliseconds
> otp.ntp.timeout=3000
>
>
> On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
>
> Anything suspicious in the log?
> Have you updated openmeetings.properties with "otp" specific values?
>
> from mobile (sorry for typos ;)
>
>
> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found) in
>> stand alone app.
>>
>> Ali
>> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>
>> Seems ok, and translated...
>>
>> Ali
>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>
>> Seems to be implemented
>> I would appreciate if someone can test this new functionality
>> (And wording :)))
>>
>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>>> seba.wagner@gmail.com> wrote:
>>>
>>>> Sry I did not have enough time. But it would be a good feature to add.
>>>>
>>>> Also a good message we can share around enhancing OpenMeetings
>>>> security. Relevant for many education/public environments.
>>>>
>>>
>>> I agree :))
>>> Will update JIRA/demo-next when will have something working :)
>>>
>>>
>>>>
>>>> Thx
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>>
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>>>> wrote:
>>>>
>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>>
>>>>> will try to implement it :)
>>>>>
>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <
>>>>> ali.alhaidary@the5stars.org> wrote:
>>>>>
>>>>>> +1
>>>>>>
>>>>>> Yes, why not...
>>>>>>
>>>>>> Ali
>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>>
>>>>>> we already have BSD 3-clause:
>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>>> will need to add one line only :)
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>
>>>>>>> There seem to be a few options for Google using Java
>>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>>
>>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>>> scanning but there should be a way :)
>>>>>>>
>>>>>>> The BSD license would require us to add a copy left into our License
>>>>>>> file, but in general it would be compatible imho.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Hello Seb,
>>>>>>>>
>>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>>
>>>>>>>> I would
>>>>>>>> +1 this feature :)
>>>>>>>>
>>>>>>>> The problems we'll need to solve
>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like
>>>>>>>> "Google authenticator" has open source API :(, we can use telegram API ....)
>>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>>
>>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>>
>>>>>>>> from mobile (sorry for typos ;)
>>>>>>>>
>>>>>>>>
>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>>
>>>>>>>>> But I think it would be a good option to have available for users.
>>>>>>>>> As well as a good feature to advertise for. Especially in order to use
>>>>>>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>>>>>>> have 2 factor auth for applications in order for using it.
>>>>>>>>>
>>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> I would like to add a ticket to investigate and look into adding
>>>>>>>>>> 2 factor authentication to OpenMeetings. As an optional feature, default
>>>>>>>>>> would be turned off.
>>>>>>>>>>
>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>>
>>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth
>>>>>>>>>> on or off
>>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>>> auth on/off for an individual user
>>>>>>>>>>
>>>>>>>>>> This would not affect past installations.
>>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>>
>>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>>
>>>>>>>>>> Let me know what you think, and I will add a ticket and look into
>>>>>>>>>> adding this over the next few weeks.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Seb
>>>>>>>>>>
>>>>>>>>>> Sebastian Wagner
>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>>
>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>>
>>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> Maxim
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
No, I did not change anything in openmeetings.properties as we want to
use om as before initially...
################## Time-based One Time Password ##################
## Please NOTE these values need to be changed BEFORE users will set-up
OTP for themselves
## otherwise they can't login
# NOTE Config->application.name will be used if blank
otp.issuer=
otp.ntp.server=pool.ntp.org
## milliseconds
otp.ntp.timeout=3000
On 12/27/22 4:44 AM, Maxim Solodovnik wrote:
> Anything suspicious in the log?
> Have you updated openmeetings.properties with "otp" specific values?
>
> from mobile (sorry for typos ;)
>
> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> Could not login from moodle plugin, and (HTTP Status 404 – Not
> Found) in stand alone app.
>
> Ali
>
> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>>
>> Seems ok, and translated...
>>
>> Ali
>>
>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>>> Seems to be implemented
>>> I would appreciate if someone can test this new functionality
>>> (And wording :)))
>>>
>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik
>>> <so...@gmail.com> wrote:
>>>
>>>
>>>
>>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com
>>> <se...@gmail.com> wrote:
>>>
>>> Sry I did not have enough time. But it would be a good
>>> feature to add.
>>>
>>> Also a good message we can share around enhancing
>>> OpenMeetings security. Relevant for many
>>> education/public environments.
>>>
>>>
>>> I agree :))
>>> Will update JIRA/demo-next when will have something working :)
>>>
>>>
>>> Thx
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for
>>> HTML5 Video-Conferencing OpenMeetings
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik
>>> <so...@gmail.com> wrote:
>>>
>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>
>>> will try to implement it :)
>>>
>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary
>>> <al...@the5stars.org> wrote:
>>>
>>> +1
>>>
>>> Yes, why not...
>>>
>>> Ali
>>>
>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>> we already have BSD 3-clause:
>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>
>>>> will need to add one line only :)
>>>>
>>>> On Wed, 3 Aug 2022 at 12:25,
>>>> seba.wagner@gmail.com <se...@gmail.com>
>>>> wrote:
>>>>
>>>> There seem to be a few options for Google
>>>> using Java
>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>
>>>> I don't quite see in that lib how it
>>>> generates the QR code for scanning but
>>>> there should be a way :)
>>>>
>>>> The BSD license would require us to add a
>>>> copy left into our License file, but in
>>>> general it would be compatible imho.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server
>>>> Hosting for HTML5 Video-Conferencing
>>>> OpenMeetings
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Wed, 3 Aug 2022 at 16:12, Maxim
>>>> Solodovnik <so...@gmail.com> wrote:
>>>>
>>>> Hello Seb,
>>>>
>>>> Sorry for a late response, I'm on
>>>> vacation :)
>>>>
>>>> I would
>>>> +1 this feature :)
>>>>
>>>> The problems we'll need to solve
>>>> - add 2fa mechanisms other than email
>>>> (not sure if apps like "Google
>>>> authenticator" has open source API :(,
>>>> we can use telegram API ....)
>>>> - we'll need to move this out of
>>>> om_user db table (maybe with
>>>> activation_hash and *reset-password-hash*
>>>>
>>>> Need to be investigated and carefully
>>>> refactored :)
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>> On Wed, Aug 3, 2022, 10:15
>>>> seba.wagner@gmail.com
>>>> <se...@gmail.com> wrote:
>>>>
>>>> Not many pros or cons in this
>>>> discussion.
>>>>
>>>> But I think it would be a good
>>>> option to have available for users.
>>>> As well as a good feature to
>>>> advertise for. Especially in order
>>>> to use OpenMeetings in a
>>>> Gov/Education environment where
>>>> compliance may require to have 2
>>>> factor auth for applications in
>>>> order for using it.
>>>>
>>>> So I assume I can create some
>>>> tickets and get this on the way.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>>
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions,
>>>> OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud &
>>>> Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Mon, 1 Aug 2022 at 09:31,
>>>> seba.wagner@gmail.com
>>>> <se...@gmail.com> wrote:
>>>>
>>>> I would like to add a ticket to
>>>> investigate and look into
>>>> adding 2 factor authentication
>>>> to OpenMeetings. As an
>>>> optional feature, default would
>>>> be turned off.
>>>>
>>>> There are various libraries to
>>>> achieve 2 factor auth. I would
>>>> probably prefer using the
>>>> Google Authenticator as a
>>>> method since it seems the most
>>>> widely adopted authenticator.
>>>>
>>>> In terms of turning it on/off I
>>>> would add 2 flags:
>>>> - On a per server basis a flag
>>>> to generally turn 2 factor auth
>>>> on or off
>>>> - On a per individual
>>>> account basis so you can turn 2
>>>> factor auth on/off for an
>>>> individual user
>>>>
>>>> This would not affect past
>>>> installations.
>>>> This would not affect logging
>>>> in via Soap/Rest.
>>>>
>>>> I think this would be a good
>>>> feature to improve security.
>>>>
>>>> Let me know what you think, and
>>>> I will add a ticket and look
>>>> into adding this over the next
>>>> few weeks.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions,
>>>> OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud
>>>> & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
Anything suspicious in the log?
Have you updated openmeetings.properties with "otp" specific values?
from mobile (sorry for typos ;)
On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <al...@the5stars.org>
wrote:
> Could not login from moodle plugin, and (HTTP Status 404 – Not Found) in
> stand alone app.
>
> Ali
> On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>
> Seems ok, and translated...
>
> Ali
> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>
> Seems to be implemented
> I would appreciate if someone can test this new functionality
> (And wording :)))
>
> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>>
>>
>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <
>> seba.wagner@gmail.com> wrote:
>>
>>> Sry I did not have enough time. But it would be a good feature to add.
>>>
>>> Also a good message we can share around enhancing OpenMeetings security.
>>> Relevant for many education/public environments.
>>>
>>
>> I agree :))
>> Will update JIRA/demo-next when will have something working :)
>>
>>
>>>
>>> Thx
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>>
>>>> will try to implement it :)
>>>>
>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <al...@the5stars.org>
>>>> wrote:
>>>>
>>>>> +1
>>>>>
>>>>> Yes, why not...
>>>>>
>>>>> Ali
>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>>
>>>>> we already have BSD 3-clause:
>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>>> will need to add one line only :)
>>>>>
>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>>> seba.wagner@gmail.com> wrote:
>>>>>
>>>>>> There seem to be a few options for Google using Java
>>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>>
>>>>>> I don't quite see in that lib how it generates the QR code for
>>>>>> scanning but there should be a way :)
>>>>>>
>>>>>> The BSD license would require us to add a copy left into our License
>>>>>> file, but in general it would be compatible imho.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>> Video-Conferencing OpenMeetings
>>>>>>
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hello Seb,
>>>>>>>
>>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>>
>>>>>>> I would
>>>>>>> +1 this feature :)
>>>>>>>
>>>>>>> The problems we'll need to solve
>>>>>>> - add 2fa mechanisms other than email (not sure if apps like "Google
>>>>>>> authenticator" has open source API :(, we can use telegram API ....)
>>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>>> activation_hash and *reset-password-hash*
>>>>>>>
>>>>>>> Need to be investigated and carefully refactored :)
>>>>>>>
>>>>>>> from mobile (sorry for typos ;)
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>
>>>>>>>> Not many pros or cons in this discussion.
>>>>>>>>
>>>>>>>> But I think it would be a good option to have available for users.
>>>>>>>> As well as a good feature to advertise for. Especially in order to use
>>>>>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>>>>>> have 2 factor auth for applications in order for using it.
>>>>>>>>
>>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>>
>>>>>>>>> I would like to add a ticket to investigate and look into adding 2
>>>>>>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>>>>>>> would be turned off.
>>>>>>>>>
>>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>>> the most widely adopted authenticator.
>>>>>>>>>
>>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth on
>>>>>>>>> or off
>>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>>> auth on/off for an individual user
>>>>>>>>>
>>>>>>>>> This would not affect past installations.
>>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>>
>>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>>
>>>>>>>>> Let me know what you think, and I will add a ticket and look into
>>>>>>>>> adding this over the next few weeks.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Seb
>>>>>>>>>
>>>>>>>>> Sebastian Wagner
>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>>
>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>>
>>>>>>>>
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> Maxim
>>>>>
>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>
>
> --
> Best regards,
> Maxim
>
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Could not login from moodle plugin, and (HTTP Status 404 – Not Found) in
stand alone app.
Ali
On 12/26/22 5:18 PM, Ali Alhaidary wrote:
>
> Seems ok, and translated...
>
> Ali
>
> On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
>> Seems to be implemented
>> I would appreciate if someone can test this new functionality
>> (And wording :)))
>>
>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>
>>
>> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com
>> <se...@gmail.com> wrote:
>>
>> Sry I did not have enough time. But it would be a good
>> feature to add.
>>
>> Also a good message we can share around enhancing
>> OpenMeetings security. Relevant for many education/public
>> environments.
>>
>>
>> I agree :))
>> Will update JIRA/demo-next when will have something working :)
>>
>>
>> Thx
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik
>> <so...@gmail.com> wrote:
>>
>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>
>> will try to implement it :)
>>
>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary
>> <al...@the5stars.org> wrote:
>>
>> +1
>>
>> Yes, why not...
>>
>> Ali
>>
>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>> we already have BSD 3-clause:
>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>
>>> will need to add one line only :)
>>>
>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com
>>> <se...@gmail.com> wrote:
>>>
>>> There seem to be a few options for Google using
>>> Java
>>> E.g. https://github.com/wstrange/GoogleAuth
>>>
>>> I don't quite see in that lib how it generates
>>> the QR code for scanning but there should be a
>>> way :)
>>>
>>> The BSD license would require us to add a copy
>>> left into our License file, but in general it
>>> would be compatible imho.
>>>
>>> Thanks
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting
>>> for HTML5 Video-Conferencing OpenMeetings
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik
>>> <so...@gmail.com> wrote:
>>>
>>> Hello Seb,
>>>
>>> Sorry for a late response, I'm on vacation :)
>>>
>>> I would
>>> +1 this feature :)
>>>
>>> The problems we'll need to solve
>>> - add 2fa mechanisms other than email (not
>>> sure if apps like "Google authenticator" has
>>> open source API :(, we can use telegram API
>>> ....)
>>> - we'll need to move this out of om_user db
>>> table (maybe with activation_hash and
>>> *reset-password-hash*
>>>
>>> Need to be investigated and carefully
>>> refactored :)
>>>
>>> from mobile (sorry for typos ;)
>>>
>>> On Wed, Aug 3, 2022, 10:15
>>> seba.wagner@gmail.com
>>> <se...@gmail.com> wrote:
>>>
>>> Not many pros or cons in this discussion.
>>>
>>> But I think it would be a good option to
>>> have available for users. As well as a
>>> good feature to advertise for.
>>> Especially in order to use OpenMeetings
>>> in a Gov/Education environment where
>>> compliance may require to have 2 factor
>>> auth for applications in order for using
>>> it.
>>>
>>> So I assume I can create some tickets
>>> and get this on the way.
>>>
>>> Thanks
>>> Seb
>>>
>>>
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server
>>> Hosting for HTML5 Video-Conferencing
>>> OpenMeetings
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Mon, 1 Aug 2022 at 09:31,
>>> seba.wagner@gmail.com
>>> <se...@gmail.com> wrote:
>>>
>>> I would like to add a ticket to
>>> investigate and look into adding 2
>>> factor authentication to
>>> OpenMeetings. As an
>>> optional feature, default would be
>>> turned off.
>>>
>>> There are various libraries to
>>> achieve 2 factor auth. I would
>>> probably prefer using the Google
>>> Authenticator as a method since it
>>> seems the most widely adopted
>>> authenticator.
>>>
>>> In terms of turning it on/off I
>>> would add 2 flags:
>>> - On a per server basis a flag to
>>> generally turn 2 factor auth on or off
>>> - On a per individual account basis
>>> so you can turn 2 factor auth on/off
>>> for an individual user
>>>
>>> This would not affect past
>>> installations.
>>> This would not affect logging in via
>>> Soap/Rest.
>>>
>>> I think this would be a good feature
>>> to improve security.
>>>
>>> Let me know what you think, and I
>>> will add a ticket and look into
>>> adding this over the next few weeks.
>>>
>>> Thanks
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions,
>>> OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud &
>>> Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>>
>> --
>> Best regards,
>> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
Seems ok, and translated...
Ali
On 12/26/22 8:37 AM, Maxim Solodovnik wrote:
> Seems to be implemented
> I would appreciate if someone can test this new functionality
> (And wording :)))
>
> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>
>
> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com
> <se...@gmail.com> wrote:
>
> Sry I did not have enough time. But it would be a good feature
> to add.
>
> Also a good message we can share around enhancing OpenMeetings
> security. Relevant for many education/public environments.
>
>
> I agree :))
> Will update JIRA/demo-next when will have something working :)
>
>
> Thx
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik
> <so...@gmail.com> wrote:
>
> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>
> will try to implement it :)
>
> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary
> <al...@the5stars.org> wrote:
>
> +1
>
> Yes, why not...
>
> Ali
>
> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>> we already have BSD 3-clause:
>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>
>> will need to add one line only :)
>>
>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com
>> <se...@gmail.com> wrote:
>>
>> There seem to be a few options for Google using Java
>> E.g. https://github.com/wstrange/GoogleAuth
>>
>> I don't quite see in that lib how it generates
>> the QR code for scanning but there should be a
>> way :)
>>
>> The BSD license would require us to add a copy
>> left into our License file, but in general it
>> would be compatible imho.
>>
>> Thanks
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting
>> for HTML5 Video-Conferencing OpenMeetings
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik
>> <so...@gmail.com> wrote:
>>
>> Hello Seb,
>>
>> Sorry for a late response, I'm on vacation :)
>>
>> I would
>> +1 this feature :)
>>
>> The problems we'll need to solve
>> - add 2fa mechanisms other than email (not
>> sure if apps like "Google authenticator" has
>> open source API :(, we can use telegram API ....)
>> - we'll need to move this out of om_user db
>> table (maybe with activation_hash and
>> *reset-password-hash*
>>
>> Need to be investigated and carefully
>> refactored :)
>>
>> from mobile (sorry for typos ;)
>>
>> On Wed, Aug 3, 2022, 10:15
>> seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>> Not many pros or cons in this discussion.
>>
>> But I think it would be a good option to
>> have available for users. As well as a
>> good feature to advertise for. Especially
>> in order to use OpenMeetings in a
>> Gov/Education environment where
>> compliance may require to have 2 factor
>> auth for applications in order for using it.
>>
>> So I assume I can create some tickets and
>> get this on the way.
>>
>> Thanks
>> Seb
>>
>>
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server
>> Hosting for HTML5 Video-Conferencing
>> OpenMeetings
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Mon, 1 Aug 2022 at 09:31,
>> seba.wagner@gmail.com
>> <se...@gmail.com> wrote:
>>
>> I would like to add a ticket to
>> investigate and look into adding 2
>> factor authentication to
>> OpenMeetings. As an optional feature,
>> default would be turned off.
>>
>> There are various libraries to
>> achieve 2 factor auth. I would
>> probably prefer using the Google
>> Authenticator as a method since it
>> seems the most widely adopted
>> authenticator.
>>
>> In terms of turning it on/off I would
>> add 2 flags:
>> - On a per server basis a flag to
>> generally turn 2 factor auth on or off
>> - On a per individual account basis
>> so you can turn 2 factor auth on/off
>> for an individual user
>>
>> This would not affect past installations.
>> This would not affect logging in via
>> Soap/Rest.
>>
>> I think this would be a good feature
>> to improve security.
>>
>> Let me know what you think, and I
>> will add a ticket and look into
>> adding this over the next few weeks.
>>
>> Thanks
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions,
>> OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud &
>> Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>>
>> --
>> Best regards,
>> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
Seems to be implemented
I would appreciate if someone can test this new functionality
(And wording :)))
On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <so...@gmail.com> wrote:
>
>
> On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> Sry I did not have enough time. But it would be a good feature to add.
>>
>> Also a good message we can share around enhancing OpenMeetings security.
>> Relevant for many education/public environments.
>>
>
> I agree :))
> Will update JIRA/demo-next when will have something working :)
>
>
>>
>> Thx
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>>
>>> will try to implement it :)
>>>
>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <al...@the5stars.org>
>>> wrote:
>>>
>>>> +1
>>>>
>>>> Yes, why not...
>>>>
>>>> Ali
>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>>
>>>> we already have BSD 3-clause:
>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>>> will need to add one line only :)
>>>>
>>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>>> seba.wagner@gmail.com> wrote:
>>>>
>>>>> There seem to be a few options for Google using Java
>>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>>
>>>>> I don't quite see in that lib how it generates the QR code for
>>>>> scanning but there should be a way :)
>>>>>
>>>>> The BSD license would require us to add a copy left into our License
>>>>> file, but in general it would be compatible imho.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>>
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hello Seb,
>>>>>>
>>>>>> Sorry for a late response, I'm on vacation :)
>>>>>>
>>>>>> I would
>>>>>> +1 this feature :)
>>>>>>
>>>>>> The problems we'll need to solve
>>>>>> - add 2fa mechanisms other than email (not sure if apps like "Google
>>>>>> authenticator" has open source API :(, we can use telegram API ....)
>>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>>> activation_hash and *reset-password-hash*
>>>>>>
>>>>>> Need to be investigated and carefully refactored :)
>>>>>>
>>>>>> from mobile (sorry for typos ;)
>>>>>>
>>>>>>
>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>
>>>>>>> Not many pros or cons in this discussion.
>>>>>>>
>>>>>>> But I think it would be a good option to have available for users.
>>>>>>> As well as a good feature to advertise for. Especially in order to use
>>>>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>>>>> have 2 factor auth for applications in order for using it.
>>>>>>>
>>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>>
>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>>
>>>>>>>> I would like to add a ticket to investigate and look into adding 2
>>>>>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>>>>>> would be turned off.
>>>>>>>>
>>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>>> the most widely adopted authenticator.
>>>>>>>>
>>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth on
>>>>>>>> or off
>>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>>> auth on/off for an individual user
>>>>>>>>
>>>>>>>> This would not affect past installations.
>>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>>
>>>>>>>> I think this would be a good feature to improve security.
>>>>>>>>
>>>>>>>> Let me know what you think, and I will add a ticket and look into
>>>>>>>> adding this over the next few weeks.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Seb
>>>>>>>>
>>>>>>>> Sebastian Wagner
>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>>
>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>>
>>>>>>>
>>>>
>>>> --
>>>> Best regards,
>>>> Maxim
>>>>
>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>
>
> --
> Best regards,
> Maxim
>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
On Thu, 22 Dec 2022 at 14:01, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> Sry I did not have enough time. But it would be a good feature to add.
>
> Also a good message we can share around enhancing OpenMeetings security.
> Relevant for many education/public environments.
>
I agree :))
Will update JIRA/demo-next when will have something working :)
>
> Thx
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>>
>> will try to implement it :)
>>
>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <al...@the5stars.org>
>> wrote:
>>
>>> +1
>>>
>>> Yes, why not...
>>>
>>> Ali
>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>>
>>> we already have BSD 3-clause:
>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>>> will need to add one line only :)
>>>
>>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <
>>> seba.wagner@gmail.com> wrote:
>>>
>>>> There seem to be a few options for Google using Java
>>>> E.g. https://github.com/wstrange/GoogleAuth
>>>>
>>>> I don't quite see in that lib how it generates the QR code for scanning
>>>> but there should be a way :)
>>>>
>>>> The BSD license would require us to add a copy left into our License
>>>> file, but in general it would be compatible imho.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>>
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hello Seb,
>>>>>
>>>>> Sorry for a late response, I'm on vacation :)
>>>>>
>>>>> I would
>>>>> +1 this feature :)
>>>>>
>>>>> The problems we'll need to solve
>>>>> - add 2fa mechanisms other than email (not sure if apps like "Google
>>>>> authenticator" has open source API :(, we can use telegram API ....)
>>>>> - we'll need to move this out of om_user db table (maybe with
>>>>> activation_hash and *reset-password-hash*
>>>>>
>>>>> Need to be investigated and carefully refactored :)
>>>>>
>>>>> from mobile (sorry for typos ;)
>>>>>
>>>>>
>>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <
>>>>> seba.wagner@gmail.com> wrote:
>>>>>
>>>>>> Not many pros or cons in this discussion.
>>>>>>
>>>>>> But I think it would be a good option to have available for users. As
>>>>>> well as a good feature to advertise for. Especially in order to use
>>>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>>>> have 2 factor auth for applications in order for using it.
>>>>>>
>>>>>> So I assume I can create some tickets and get this on the way.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>>
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>> Video-Conferencing OpenMeetings
>>>>>>
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>>
>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>>> seba.wagner@gmail.com> wrote:
>>>>>>
>>>>>>> I would like to add a ticket to investigate and look into adding 2
>>>>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>>>>> would be turned off.
>>>>>>>
>>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>>> the most widely adopted authenticator.
>>>>>>>
>>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>>> - On a per server basis a flag to generally turn 2 factor auth on
>>>>>>> or off
>>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>>> auth on/off for an individual user
>>>>>>>
>>>>>>> This would not affect past installations.
>>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>>
>>>>>>> I think this would be a good feature to improve security.
>>>>>>>
>>>>>>> Let me know what you think, and I will add a ticket and look into
>>>>>>> adding this over the next few weeks.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Seb
>>>>>>>
>>>>>>> Sebastian Wagner
>>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>>> http://arrakeen-solutions.co.nz/
>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>>> Video-Conferencing OpenMeetings
>>>>>>>
>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>>
>>>>>>
>>>
>>> --
>>> Best regards,
>>> Maxim
>>>
>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
Sry I did not have enough time. But it would be a good feature to add.
Also a good message we can share around enhancing OpenMeetings security.
Relevant for many education/public environments.
Thx
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <so...@gmail.com> wrote:
> https://issues.apache.org/jira/browse/OPENMEETINGS-2755
>
> will try to implement it :)
>
> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <al...@the5stars.org>
> wrote:
>
>> +1
>>
>> Yes, why not...
>>
>> Ali
>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>>
>> we already have BSD 3-clause:
>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
>> will need to add one line only :)
>>
>> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>>> There seem to be a few options for Google using Java
>>> E.g. https://github.com/wstrange/GoogleAuth
>>>
>>> I don't quite see in that lib how it generates the QR code for scanning
>>> but there should be a way :)
>>>
>>> The BSD license would require us to add a copy left into our License
>>> file, but in general it would be compatible imho.
>>>
>>> Thanks
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>>> wrote:
>>>
>>>> Hello Seb,
>>>>
>>>> Sorry for a late response, I'm on vacation :)
>>>>
>>>> I would
>>>> +1 this feature :)
>>>>
>>>> The problems we'll need to solve
>>>> - add 2fa mechanisms other than email (not sure if apps like "Google
>>>> authenticator" has open source API :(, we can use telegram API ....)
>>>> - we'll need to move this out of om_user db table (maybe with
>>>> activation_hash and *reset-password-hash*
>>>>
>>>> Need to be investigated and carefully refactored :)
>>>>
>>>> from mobile (sorry for typos ;)
>>>>
>>>>
>>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
>>>> wrote:
>>>>
>>>>> Not many pros or cons in this discussion.
>>>>>
>>>>> But I think it would be a good option to have available for users. As
>>>>> well as a good feature to advertise for. Especially in order to use
>>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>>> have 2 factor auth for applications in order for using it.
>>>>>
>>>>> So I assume I can create some tickets and get this on the way.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>>
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>>
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>>
>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>>> seba.wagner@gmail.com> wrote:
>>>>>
>>>>>> I would like to add a ticket to investigate and look into adding 2
>>>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>>>> would be turned off.
>>>>>>
>>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>>> the most widely adopted authenticator.
>>>>>>
>>>>>> In terms of turning it on/off I would add 2 flags:
>>>>>> - On a per server basis a flag to generally turn 2 factor auth on or
>>>>>> off
>>>>>> - On a per individual account basis so you can turn 2 factor
>>>>>> auth on/off for an individual user
>>>>>>
>>>>>> This would not affect past installations.
>>>>>> This would not affect logging in via Soap/Rest.
>>>>>>
>>>>>> I think this would be a good feature to improve security.
>>>>>>
>>>>>> Let me know what you think, and I will add a ticket and look into
>>>>>> adding this over the next few weeks.
>>>>>>
>>>>>> Thanks
>>>>>> Seb
>>>>>>
>>>>>> Sebastian Wagner
>>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>>> http://arrakeen-solutions.co.nz/
>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>>> Video-Conferencing OpenMeetings
>>>>>>
>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>>
>>>>>
>>
>> --
>> Best regards,
>> Maxim
>>
>>
>
> --
> Best regards,
> Maxim
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
https://issues.apache.org/jira/browse/OPENMEETINGS-2755
will try to implement it :)
On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <al...@the5stars.org>
wrote:
> +1
>
> Yes, why not...
>
> Ali
> On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
>
> we already have BSD 3-clause:
> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
> will need to add one line only :)
>
> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> There seem to be a few options for Google using Java
>> E.g. https://github.com/wstrange/GoogleAuth
>>
>> I don't quite see in that lib how it generates the QR code for scanning
>> but there should be a way :)
>>
>> The BSD license would require us to add a copy left into our License
>> file, but in general it would be compatible imho.
>>
>> Thanks
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
>> wrote:
>>
>>> Hello Seb,
>>>
>>> Sorry for a late response, I'm on vacation :)
>>>
>>> I would
>>> +1 this feature :)
>>>
>>> The problems we'll need to solve
>>> - add 2fa mechanisms other than email (not sure if apps like "Google
>>> authenticator" has open source API :(, we can use telegram API ....)
>>> - we'll need to move this out of om_user db table (maybe with
>>> activation_hash and *reset-password-hash*
>>>
>>> Need to be investigated and carefully refactored :)
>>>
>>> from mobile (sorry for typos ;)
>>>
>>>
>>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
>>> wrote:
>>>
>>>> Not many pros or cons in this discussion.
>>>>
>>>> But I think it would be a good option to have available for users. As
>>>> well as a good feature to advertise for. Especially in order to use
>>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>>> have 2 factor auth for applications in order for using it.
>>>>
>>>> So I assume I can create some tickets and get this on the way.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>>
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>>
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>>
>>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>>> seba.wagner@gmail.com> wrote:
>>>>
>>>>> I would like to add a ticket to investigate and look into adding 2
>>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>>> would be turned off.
>>>>>
>>>>> There are various libraries to achieve 2 factor auth. I would
>>>>> probably prefer using the Google Authenticator as a method since it seems
>>>>> the most widely adopted authenticator.
>>>>>
>>>>> In terms of turning it on/off I would add 2 flags:
>>>>> - On a per server basis a flag to generally turn 2 factor auth on or
>>>>> off
>>>>> - On a per individual account basis so you can turn 2 factor
>>>>> auth on/off for an individual user
>>>>>
>>>>> This would not affect past installations.
>>>>> This would not affect logging in via Soap/Rest.
>>>>>
>>>>> I think this would be a good feature to improve security.
>>>>>
>>>>> Let me know what you think, and I will add a ticket and look into
>>>>> adding this over the next few weeks.
>>>>>
>>>>> Thanks
>>>>> Seb
>>>>>
>>>>> Sebastian Wagner
>>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>>> http://arrakeen-solutions.co.nz/
>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>>> Video-Conferencing OpenMeetings
>>>>>
>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>>
>>>>
>
> --
> Best regards,
> Maxim
>
>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Ali Alhaidary <al...@the5stars.org>.
+1
Yes, why not...
Ali
On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
> we already have BSD 3-clause:
> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
> will need to add one line only :)
>
> On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com
> <se...@gmail.com> wrote:
>
> There seem to be a few options for Google using Java
> E.g. https://github.com/wstrange/GoogleAuth
>
> I don't quite see in that lib how it generates the QR code for
> scanning but there should be a way :)
>
> The BSD license would require us to add a copy left into our
> License file, but in general it would be compatible imho.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik
> <so...@gmail.com> wrote:
>
> Hello Seb,
>
> Sorry for a late response, I'm on vacation :)
>
> I would
> +1 this feature :)
>
> The problems we'll need to solve
> - add 2fa mechanisms other than email (not sure if apps like
> "Google authenticator" has open source API :(, we can use
> telegram API ....)
> - we'll need to move this out of om_user db table (maybe with
> activation_hash and *reset-password-hash*
>
> Need to be investigated and carefully refactored :)
>
> from mobile (sorry for typos ;)
>
> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com
> <se...@gmail.com> wrote:
>
> Not many pros or cons in this discussion.
>
> But I think it would be a good option to have available
> for users. As well as a good feature to advertise for.
> Especially in order to use OpenMeetings in a Gov/Education
> environment where compliance may require to have 2 factor
> auth for applications in order for using it.
>
> So I assume I can create some tickets and get this on the way.
>
> Thanks
> Seb
>
>
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com
> <se...@gmail.com> wrote:
>
> I would like to add a ticket to investigate and look
> into adding 2 factor authentication to OpenMeetings.
> As an optional feature, default would be turned off.
>
> There are various libraries to achieve 2 factor auth.
> I would probably prefer using the Google Authenticator
> as a method since it seems the most widely adopted
> authenticator.
>
> In terms of turning it on/off I would add 2 flags:
> - On a per server basis a flag to generally turn 2
> factor auth on or off
> - On a per individual account basis so you can turn 2
> factor auth on/off for an individual user
>
> This would not affect past installations.
> This would not affect logging in via Soap/Rest.
>
> I think this would be a good feature to improve security.
>
> Let me know what you think, and I will add a
> ticket and look into adding this over the next few weeks.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for
> HTML5 Video-Conferencing OpenMeetings
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
>
> --
> Best regards,
> Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
we already have BSD 3-clause:
https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
will need to add one line only :)
On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> There seem to be a few options for Google using Java
> E.g. https://github.com/wstrange/GoogleAuth
>
> I don't quite see in that lib how it generates the QR code for scanning
> but there should be a way :)
>
> The BSD license would require us to add a copy left into our License file,
> but in general it would be compatible imho.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Hello Seb,
>>
>> Sorry for a late response, I'm on vacation :)
>>
>> I would
>> +1 this feature :)
>>
>> The problems we'll need to solve
>> - add 2fa mechanisms other than email (not sure if apps like "Google
>> authenticator" has open source API :(, we can use telegram API ....)
>> - we'll need to move this out of om_user db table (maybe with
>> activation_hash and *reset-password-hash*
>>
>> Need to be investigated and carefully refactored :)
>>
>> from mobile (sorry for typos ;)
>>
>>
>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>>> Not many pros or cons in this discussion.
>>>
>>> But I think it would be a good option to have available for users. As
>>> well as a good feature to advertise for. Especially in order to use
>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>> have 2 factor auth for applications in order for using it.
>>>
>>> So I assume I can create some tickets and get this on the way.
>>>
>>> Thanks
>>> Seb
>>>
>>>
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>> seba.wagner@gmail.com> wrote:
>>>
>>>> I would like to add a ticket to investigate and look into adding 2
>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>> would be turned off.
>>>>
>>>> There are various libraries to achieve 2 factor auth. I would
>>>> probably prefer using the Google Authenticator as a method since it seems
>>>> the most widely adopted authenticator.
>>>>
>>>> In terms of turning it on/off I would add 2 flags:
>>>> - On a per server basis a flag to generally turn 2 factor auth on or
>>>> off
>>>> - On a per individual account basis so you can turn 2 factor
>>>> auth on/off for an individual user
>>>>
>>>> This would not affect past installations.
>>>> This would not affect logging in via Soap/Rest.
>>>>
>>>> I think this would be a good feature to improve security.
>>>>
>>>> Let me know what you think, and I will add a ticket and look into
>>>> adding this over the next few weeks.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>>
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
we already have BSD 3-clause:
https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
will need to add one line only :)
On Wed, 3 Aug 2022 at 12:25, seba.wagner@gmail.com <se...@gmail.com>
wrote:
> There seem to be a few options for Google using Java
> E.g. https://github.com/wstrange/GoogleAuth
>
> I don't quite see in that lib how it generates the QR code for scanning
> but there should be a way :)
>
> The BSD license would require us to add a copy left into our License file,
> but in general it would be compatible imho.
>
> Thanks
> Seb
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com>
> wrote:
>
>> Hello Seb,
>>
>> Sorry for a late response, I'm on vacation :)
>>
>> I would
>> +1 this feature :)
>>
>> The problems we'll need to solve
>> - add 2fa mechanisms other than email (not sure if apps like "Google
>> authenticator" has open source API :(, we can use telegram API ....)
>> - we'll need to move this out of om_user db table (maybe with
>> activation_hash and *reset-password-hash*
>>
>> Need to be investigated and carefully refactored :)
>>
>> from mobile (sorry for typos ;)
>>
>>
>> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>>> Not many pros or cons in this discussion.
>>>
>>> But I think it would be a good option to have available for users. As
>>> well as a good feature to advertise for. Especially in order to use
>>> OpenMeetings in a Gov/Education environment where compliance may require to
>>> have 2 factor auth for applications in order for using it.
>>>
>>> So I assume I can create some tickets and get this on the way.
>>>
>>> Thanks
>>> Seb
>>>
>>>
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>>
>>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <
>>> seba.wagner@gmail.com> wrote:
>>>
>>>> I would like to add a ticket to investigate and look into adding 2
>>>> factor authentication to OpenMeetings. As an optional feature, default
>>>> would be turned off.
>>>>
>>>> There are various libraries to achieve 2 factor auth. I would
>>>> probably prefer using the Google Authenticator as a method since it seems
>>>> the most widely adopted authenticator.
>>>>
>>>> In terms of turning it on/off I would add 2 flags:
>>>> - On a per server basis a flag to generally turn 2 factor auth on or
>>>> off
>>>> - On a per individual account basis so you can turn 2 factor
>>>> auth on/off for an individual user
>>>>
>>>> This would not affect past installations.
>>>> This would not affect logging in via Soap/Rest.
>>>>
>>>> I think this would be a good feature to improve security.
>>>>
>>>> Let me know what you think, and I will add a ticket and look into
>>>> adding this over the next few weeks.
>>>>
>>>> Thanks
>>>> Seb
>>>>
>>>> Sebastian Wagner
>>>> Director Arrakeen Solutions, OM-Hosting.com
>>>> http://arrakeen-solutions.co.nz/
>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>>> Video-Conferencing OpenMeetings
>>>>
>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>>
>>>
--
Best regards,
Maxim
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
There seem to be a few options for Google using Java
E.g. https://github.com/wstrange/GoogleAuth
I don't quite see in that lib how it generates the QR code for scanning but
there should be a way :)
The BSD license would require us to add a copy left into our License file,
but in general it would be compatible imho.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com> wrote:
> Hello Seb,
>
> Sorry for a late response, I'm on vacation :)
>
> I would
> +1 this feature :)
>
> The problems we'll need to solve
> - add 2fa mechanisms other than email (not sure if apps like "Google
> authenticator" has open source API :(, we can use telegram API ....)
> - we'll need to move this out of om_user db table (maybe with
> activation_hash and *reset-password-hash*
>
> Need to be investigated and carefully refactored :)
>
> from mobile (sorry for typos ;)
>
>
> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> Not many pros or cons in this discussion.
>>
>> But I think it would be a good option to have available for users. As
>> well as a good feature to advertise for. Especially in order to use
>> OpenMeetings in a Gov/Education environment where compliance may require to
>> have 2 factor auth for applications in order for using it.
>>
>> So I assume I can create some tickets and get this on the way.
>>
>> Thanks
>> Seb
>>
>>
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>>> I would like to add a ticket to investigate and look into adding 2
>>> factor authentication to OpenMeetings. As an optional feature, default
>>> would be turned off.
>>>
>>> There are various libraries to achieve 2 factor auth. I would
>>> probably prefer using the Google Authenticator as a method since it seems
>>> the most widely adopted authenticator.
>>>
>>> In terms of turning it on/off I would add 2 flags:
>>> - On a per server basis a flag to generally turn 2 factor auth on or off
>>> - On a per individual account basis so you can turn 2 factor
>>> auth on/off for an individual user
>>>
>>> This would not affect past installations.
>>> This would not affect logging in via Soap/Rest.
>>>
>>> I think this would be a good feature to improve security.
>>>
>>> Let me know what you think, and I will add a ticket and look into adding
>>> this over the next few weeks.
>>>
>>> Thanks
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by "seba.wagner@gmail.com" <se...@gmail.com>.
There seem to be a few options for Google using Java
E.g. https://github.com/wstrange/GoogleAuth
I don't quite see in that lib how it generates the QR code for scanning but
there should be a way :)
The BSD license would require us to add a copy left into our License file,
but in general it would be compatible imho.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
<https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <so...@gmail.com> wrote:
> Hello Seb,
>
> Sorry for a late response, I'm on vacation :)
>
> I would
> +1 this feature :)
>
> The problems we'll need to solve
> - add 2fa mechanisms other than email (not sure if apps like "Google
> authenticator" has open source API :(, we can use telegram API ....)
> - we'll need to move this out of om_user db table (maybe with
> activation_hash and *reset-password-hash*
>
> Need to be investigated and carefully refactored :)
>
> from mobile (sorry for typos ;)
>
>
> On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> Not many pros or cons in this discussion.
>>
>> But I think it would be a good option to have available for users. As
>> well as a good feature to advertise for. Especially in order to use
>> OpenMeetings in a Gov/Education environment where compliance may require to
>> have 2 factor auth for applications in order for using it.
>>
>> So I assume I can create some tickets and get this on the way.
>>
>> Thanks
>> Seb
>>
>>
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>>
>> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <se...@gmail.com>
>> wrote:
>>
>>> I would like to add a ticket to investigate and look into adding 2
>>> factor authentication to OpenMeetings. As an optional feature, default
>>> would be turned off.
>>>
>>> There are various libraries to achieve 2 factor auth. I would
>>> probably prefer using the Google Authenticator as a method since it seems
>>> the most widely adopted authenticator.
>>>
>>> In terms of turning it on/off I would add 2 flags:
>>> - On a per server basis a flag to generally turn 2 factor auth on or off
>>> - On a per individual account basis so you can turn 2 factor
>>> auth on/off for an individual user
>>>
>>> This would not affect past installations.
>>> This would not affect logging in via Soap/Rest.
>>>
>>> I think this would be a good feature to improve security.
>>>
>>> Let me know what you think, and I will add a ticket and look into adding
>>> this over the next few weeks.
>>>
>>> Thanks
>>> Seb
>>>
>>> Sebastian Wagner
>>> Director Arrakeen Solutions, OM-Hosting.com
>>> http://arrakeen-solutions.co.nz/
>>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>>> Video-Conferencing OpenMeetings
>>>
>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>>
>>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Seb,
Sorry for a late response, I'm on vacation :)
I would
+1 this feature :)
The problems we'll need to solve
- add 2fa mechanisms other than email (not sure if apps like "Google
authenticator" has open source API :(, we can use telegram API ....)
- we'll need to move this out of om_user db table (maybe with
activation_hash and *reset-password-hash*
Need to be investigated and carefully refactored :)
from mobile (sorry for typos ;)
On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
wrote:
> Not many pros or cons in this discussion.
>
> But I think it would be a good option to have available for users. As well
> as a good feature to advertise for. Especially in order to use OpenMeetings
> in a Gov/Education environment where compliance may require to have 2
> factor auth for applications in order for using it.
>
> So I assume I can create some tickets and get this on the way.
>
> Thanks
> Seb
>
>
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> I would like to add a ticket to investigate and look into adding 2 factor
>> authentication to OpenMeetings. As an optional feature, default would be
>> turned off.
>>
>> There are various libraries to achieve 2 factor auth. I would
>> probably prefer using the Google Authenticator as a method since it seems
>> the most widely adopted authenticator.
>>
>> In terms of turning it on/off I would add 2 flags:
>> - On a per server basis a flag to generally turn 2 factor auth on or off
>> - On a per individual account basis so you can turn 2 factor auth on/off
>> for an individual user
>>
>> This would not affect past installations.
>> This would not affect logging in via Soap/Rest.
>>
>> I think this would be a good feature to improve security.
>>
>> Let me know what you think, and I will add a ticket and look into adding
>> this over the next few weeks.
>>
>> Thanks
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>
Re: [DISCUSS] 2 factor authentication for OpenMeetings
Posted by Maxim Solodovnik <so...@gmail.com>.
Hello Seb,
Sorry for a late response, I'm on vacation :)
I would
+1 this feature :)
The problems we'll need to solve
- add 2fa mechanisms other than email (not sure if apps like "Google
authenticator" has open source API :(, we can use telegram API ....)
- we'll need to move this out of om_user db table (maybe with
activation_hash and *reset-password-hash*
Need to be investigated and carefully refactored :)
from mobile (sorry for typos ;)
On Wed, Aug 3, 2022, 10:15 seba.wagner@gmail.com <se...@gmail.com>
wrote:
> Not many pros or cons in this discussion.
>
> But I think it would be a good option to have available for users. As well
> as a good feature to advertise for. Especially in order to use OpenMeetings
> in a Gov/Education environment where compliance may require to have 2
> factor auth for applications in order for using it.
>
> So I assume I can create some tickets and get this on the way.
>
> Thanks
> Seb
>
>
>
> Sebastian Wagner
> Director Arrakeen Solutions, OM-Hosting.com
> http://arrakeen-solutions.co.nz/
> https://om-hosting.com - Cloud & Server Hosting for HTML5
> Video-Conferencing OpenMeetings
>
> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>
>
> On Mon, 1 Aug 2022 at 09:31, seba.wagner@gmail.com <se...@gmail.com>
> wrote:
>
>> I would like to add a ticket to investigate and look into adding 2 factor
>> authentication to OpenMeetings. As an optional feature, default would be
>> turned off.
>>
>> There are various libraries to achieve 2 factor auth. I would
>> probably prefer using the Google Authenticator as a method since it seems
>> the most widely adopted authenticator.
>>
>> In terms of turning it on/off I would add 2 flags:
>> - On a per server basis a flag to generally turn 2 factor auth on or off
>> - On a per individual account basis so you can turn 2 factor auth on/off
>> for an individual user
>>
>> This would not affect past installations.
>> This would not affect logging in via Soap/Rest.
>>
>> I think this would be a good feature to improve security.
>>
>> Let me know what you think, and I will add a ticket and look into adding
>> this over the next few weeks.
>>
>> Thanks
>> Seb
>>
>> Sebastian Wagner
>> Director Arrakeen Solutions, OM-Hosting.com
>> http://arrakeen-solutions.co.nz/
>> https://om-hosting.com - Cloud & Server Hosting for HTML5
>> Video-Conferencing OpenMeetings
>>
>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url>
>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
>>
>