Table of Contents
Installation
Get source
Go to the web application vendor directory.
Clone this repository.
git clone https://git-repo.iml.unibe.ch/iml-open-source/mfa-client.git
Configuration
The files in the subdir src:
cd mfa-client/src
Copy “mfaconfig.php.dist” to “mfaconfig.php”.
Open the mfa server admin and create a new web app. You get an id and a secret for your aplication.
In the config enter the url of api, id and secret.
<?php
return [
"api" => "https://mfa.example.com/api/",
"appid" => "c1cabd22fbdb698861ad08b27de7399a",
"shared_secret" => "p9wjjXSewZq0VkM1t5Sm3ZbI4ATEVetU",
// "user"=> $_SERVER['REMOTE_USER']??'',
"debug" => false,
];
Activate MFA after logon
This step depends on your code. You need to find a good place to embed the MFA process.
<?php
...
// enable MFA:
include "<APPROOT>/vendor/mfa-client/src/mfa-ensure.php";
...
Give access to user settings on mfa server
If a user is logged in and solves a mfa challenge then he jumps back to theapplication. You should offer a link to the user that jumps to the mfa server to edit his own settings there.
A good place is the user profile page in your app.
📌 Example:
<?php
// load class
require "<APPROOT>/vendor/mfa-client/mfaclient.class.php";
// initialize client
$oMfa = new mfaclient();
// $oMfa->debug(true);
// $oMfa->setUser($this->getUserid());
// show a button; set a complete url where to jump back
// (a)
// very simple variant
// echo $oMfa->getButtonSetup();
// (b)
// You can customize the button and set another url
echo $oMfa->getButtonSetup(
"<button class=\"btn btn-secondary\">MFA settings</button>",
// 2nd param is a full url to jump back
// set one if it is not the current page
// "https://myapp.example.com/profile"
);
This renders an html form with hidden fields to transmit app id, user id and a HMAC code to the MFA server. This form is valid for 1 minute.