Table of Contents
Installation
Get the source code
Using git
cd /var/www
git clone https://git-repo.iml.unibe.ch/iml-open-source/mfa-server.git
This creates the folder /var/www/mfa-server/.
Download archive
Got to https://git-repo.iml.unibe.ch/iml-open-source/mfa-server and on top right click [Code] to select your favourite package format (Zip, tar, ..).
This is an example for tgz format:
cd /var/www
mkdir mfa-server
cd mfa-server
wget https://git-repo.iml.unibe.ch/iml-open-source/mfa-server/-/archive/main/mfa-server-main.tar.gz
tar -xzf mfa-server-main.tar.gz
rm -f mfa-server-main.tar.gz
Set webroot
The webroot is located in the subdir public_html.
This you need to setup for document root in your apache.
<VirtualHost>
...
DocumentRoot /var/www/mfa/public_html
...
</VirtualHost>
Protect /admin
Protect the administration web ui by securing to the /admin/ folder. You can protect it with any method: SSO, ip restriction, basic auth.
This is just an example for Basic auth with LDAP (requires enabled authnz_ldap_module + ldap_module in Apache httpd).
<VirtualHost>
...
<Location "/admin">
Require valid-user
AuthType Basic
AuthName "MFA Backend"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldap.example.com:636/ou=?uid?sub?(objectClass=posixAccount)(memberOf=cn=MFA Backend Users,ou=...)" SSL
AuthLDAPBindDN "<Bind user>"
AuthLDAPBindPassword "<Bind password>"
</Location>
</VirtualHost>