Yubico Forum https://forum.yubico.com/ |
|
Tutorial: Deploying PHP Validation Server and KSM https://forum.yubico.com/viewtopic.php?f=5&t=393 |
Page 1 of 1 |
Author: | FloAtFokus [ Thu Aug 27, 2009 11:16 am ] |
Post subject: | Tutorial: Deploying PHP Validation Server and KSM |
This Tutorial provides a step-by-step guide of how to deploy a PHP validation server including the KSM Requirements: - PHP Web Server - MySQL Database - Yubikey USB Token 1. DOWNLOAD CONFIGURATION TOOL First of all modify your Yubikey since we are not able to read the AES128 of our Yubikey. Keep in mind that you can't login to services from Yubico once you modified your Yubikey. Fortunately you can upload your modified Yubikey data to Yubico here to get it running with the Yubico server again: http://www.yubico.com/developers/aeskeys/ Ok, let's start with downloading and installing personalization tool. There is a binary version for Windows. http://www.yubico.com/developers/personalization/ 2. MODIFY YOUR YUBIKEY Run the application "Yubico Configuration Utility" from Start Menu. Select: "Create a dynamic Yubikey Configuration (OTP mode)" Use a public identity Desired Length: 6 Public ID String: ff 50 7d b6 68 de (I will use these example values in the tutorial but you can choose any other value) Fixed Value NEXT Use a private identity ID String: a9 f9 de ff 36 22 NEXT AES Key: e1 6e 6e c2 5c 31 46 94 01 9e 44 40 ff c3 43 3b NEXT Output Format Flags: Send ENTER as the last keystroke NEXT The yubikeys are currently unprotected and I want to keep it that way NEXT Write to configuration 1 RUN Close the application 3. DOWNLOAD YUBIKEY KEY STORAGE MODULE Start your browser and go to http://code.google.com/p/yubikey-ksm/ Switch to source tab and copy the adress to your favourite SVN tool to download the sources. Create a new directory on your PHP server named "yubico" Create a new subdirectory on your PHP server named "ksm" Copy all checked out files into the "ksm" directory. 4. SETUP MYSQL TABLES FOR KSM Open ykksm-db.sql in a text editor. Copy the "create table yubikeys" request and modify the first line to "create table ksm_yubikeys" Execute the SQL command in your MySQL database to create a new table. (In fact you can execute the complete sql file but I prefer to have all yubikey tables in the same database with the same MySQL user) Insert new entry for your modified Yubikey: INSERT INTO ksm_yubikeys (id, serialNr, publicName, created, internalName, aesKey, lockCode, creator, active, hardware) VALUES (NULL , '1', 'vvgcitnhhjtu', '0000-00-00 00:00:00', 'a9f9deff3622', 'e16e6ec25c314694019e4440ffc3433b ', '', '', '1', '1'); 5. CONFIGURE KEY STORAGE MODULE Open ykksm-config.php in a text editor and update your MySQL configuration. Open ykksm-decrypt.php in a text editor and modify the MYSQL queries since we decided to choose another name for our MySQL table in the last step. Search for " yubikeys" and replace with " ksm_yubikeys". 6. TEST THE NEW KSM WITH YOUR YUBIKEY Launch your favourite browser and go to http://www.youraddress.com/yubico/ksm/y ... t.php?otp= Put the cursor at the end of the browser's address field and tip with your finger on the Yubikey button to generate a one time password. You should see something like this: OK counter=0001 low=ef28 high=2f use=04 7. DOWNLOAD YUBIKEY PHP VALIDATION SERVER Launch your favourite browser and go to http://code.google.com/p/yubikey-val-server-php/ Switch to source tab and copy the adress to your favourite SVN tool to download the sources. Create a new subdirectory of "yubico" directory on your PHP server named "validation" Copy all checked out files into the "validation" directory. 8. SETUP MYSQL TABLES FOR VALIDATION SERVER Same procedure as in step 4... Open ykval-db.sql in a text editor and copy the 2 "CREATE TABLE" SQL queries. Modify the queries to "CREATE TABLE val_clients" and "CREATE TABLE val_yubikeys". Insert new entry to the val_clients table: INSERT INTO val_clients (id, active, created, secret, email, notes) VALUES (1, 1, '2009-08-27 00:00:00', '', 'foo@bar.com', 'test'); 9. CONFIGURE VALIDATION SERVER SOURCES Open ykval-config.php in a text editor and update your MySQL configuration Open ykval-verify.php and ykval-common.php in a text editor and modify the MYSQL queries since we chosed other names for our MySQL tables. Search for " yubikeys" and replace with " val_yubikeys" and " clients" with " val_clients". Update the address for the key storage module in ykval-config.php: Replace "http://ykkms1.example.com/wsapi/decrypt?otp=" with "http://www.youraddress.com/yubico/ksm/ykksm-decrypt.php?otp=" 10. TEST THE VALIDATION SERVER Launch your favourite browser and go to http://www.youraddress.com/yubico/valid ... ?id=1&otp= Put the cursor at the end of the browser's address field and tip with your finger on the Yubikey button to generate a one time password. You should see something like this: h=nrZbVl6d+p8fh1CEPFdCfzneOYY= t=2009-08-27T10:06:01Z0193 status=OK |
Author: | network-marvels [ Thu Aug 27, 2009 4:48 pm ] |
Post subject: | Re: Tutorial: Deploying PHP Validation Server and KSM |
Thank you for posting the detailed step by step guide !!! |
Author: | bertunad [ Tue Aug 17, 2010 6:20 pm ] |
Post subject: | Re: Tutorial: Deploying PHP Validation Server and KSM |
Hi your explanation is really straight foward very good. However I am having a problem with the last part it is giving me an internal error. Can you help? with this url http://localhost/yubico/ksm/ykksm-decry ... vefreukcud Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, admin@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. |
Author: | bertunad [ Tue Aug 17, 2010 6:27 pm ] |
Post subject: | Re: Tutorial: Deploying PHP Validation Server and KSM |
sorry I'm still in step 6 till the setup of ksm |
Author: | bertunad [ Tue Aug 17, 2010 9:10 pm ] |
Post subject: | Re: Tutorial: Deploying PHP Validation Server and KSM |
Hi I managed to find what was the problem the server module rewrite was not enabled. However I have another problem now Notice: Use of undefined constant LOG_LOCAL0 - assumed 'LOG_LOCAL0' in C:\wamp\www\yubico\ksm\ykksm-config.php on line 6 Warning: openlog() expects parameter 3 to be long, string given in C:\wamp\www\yubico\ksm\ykksm-decrypt.php on line 34 ERR Syslog open error |
Author: | bertunad [ Tue Aug 17, 2010 9:25 pm ] |
Post subject: | Re: Tutorial: Deploying PHP Validation Server and KSM |
Another step foward I had to change LOG_LOCAL0 to LOG_USER Now another problem arises when validating and followed step by step your explanation I keep havin the error http 404 not found |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |