This tutorial will focus on the yubikey server. Thus, I will not go into the details of Glassfish/MySQL Setup.
1. DOWNLOAD YUBIKEY CONFIGURATION TOOL
First of all modify your Yubikey since we are not able to read the AES128 of our Yubikey. Keep in mind that you can't login to services from Yubico once you modified your Yubikey until you uploaded your modified Yubikey data to Yubico here:
http://www.yubico.com/developers/aeskeys/Download and install personalization tool. There is a binary version for Windows.
http://www.yubico.com/developers/personalization/2. MODIFY YOUR YUBIKEY
Run the application "Yubico Configuration Utility" from Start Menu.
Select: "Create a dynamic Yubikey Configuration (OTP mode)"
Use a public identity
Desired Length: 6
Public ID String: ff 50 7d b6 68 de (I will use this example value in the tutorial but you can choose any other value)
Fixed Value
NEXT
Do not use a private identity
NEXT
AES Key: e1 6e 6e c2 5c 31 46 94 01 9e 44 40 ff c3 43 3b
NEXT
Output Format Flags: Send ENTER as the last keystroke
NEXT
The yubikeys are currently unprotected and I want to keep it that way
NEXT
Write to configuration 1
RUN
Close the application
3. SETUP LOCAL GLASSFISH SERVER
Download Glassfish Server from sun:
https://glassfish.dev.java.net/public/d ... index.htmlUnzip and run setup.xml with ant.
Start Glassfish Server: "asadmin start-domain domain1".
Launch your browser and go to
http://localhost:8080/ to see if it's running.
Go to
http://localhost:4848/ (default name: admin / default pass: adminadmin) to open the configuration.
4. SETUP MYSQL FOR GLASSFISH
Download and install MySQL.
Download and install JDBC Connector as described in here:
http://www.albeesonline.com/blog/2008/0 ... on-server/5. SETUP YUBIKEY JAVA VALIDATION SERVER
Launch your browser and go to
http://code.google.com/p/yubikey-server-j/.
Switch to the source tab and check out the files provided by the svn.
Run eclipse (or your favourite Java Dev Tool).
New Java Project / Create Project from existing source / select the directory just checked out
Now you will see a warning: "base.jar is missing".
Right mouse click on the project / Build Path / Configure Build Path.
Remove the base.jar.
Add jars... / select your project / resources / yubico-base-1.1.jar / Ok
Go to the src package and open the file "web.xml".
Configure your MySQL db_user, db_password and db_url (e.g. "jdbc:mysql://:3306/yubico?autoReconnect=true").
The next step is a little bit weird but it caused an error on my glassfish ("The content of element type "servlet" must match..."):
Thus you need to change this. You have to do this for both servlet nodes in the web.xml: Cut the line "<load-on-startup>1</load-on-startup>" out of the servlet node and paste it beneath the last init-param of the same servlet node.
6. EXPORT YUBIKEY SERVER TO GLASSFISH
In eclipse right mouse click on build.xml / Run as / Ant build...
This will generate a file named "wsapi.war" in the "out" directory of your project.
Launch your Glassfish Admin Console in a browser (
http://localhost:4848/) and go to Applications / Web Applications.
Deploy / select the "wsapi.war" you've just created / Ok
Launch your favourite browser and go to
http://localhost:8080/wsapi/verify?id=1&otp=Put your finger on the Yubikey USB token. At the moment this will cause an error because we have to create and fill the MySQL database first.
7. CONFIGURE MYSQL DATABASE FOR YUBIKEY JAVA SERVER
This page provides a guide for the MySQL tables:
yubico-val-server/db.htmI prefer GUI tools such as MySQL Administrator or PhpMyAdmin but you can use normal command line as well.
You should have a databse named "yubico" in your local MySQL.
Execute these queries on your MySQL database:
yubico-val-server/db_schema.sqlUnfortunately the "yubikeys" table misses a column named "sessionUse", thus we need to add it with the following query:
alter table yubikeys add column sessionUse varchar(60);
8. INSERT YOUR YUBIKEY INTO DATABASE
In step 2 we reprogrammed our Yubikey. Now we need to insert those values into the "yubikey" table of our database. But first of all the public ID and the AES128 key must be converted into Base64.
Search for a Hexa --> Base64 Converter in Google (I like this one:
http://home2.paulschou.net/tools/xlate/)
Attention: Do not convert from String to Base64 (ZmY1MDdkYjY2OGRl is NOT a valid Base64 encoding for the public Id)
Public ID: a9 f9 de ff 36 22 --> Base64: qfne/zYi
AES Key: e1 6e 6e c2 5c 31 46 94 01 9e 44 40 ff c3 43 3b --> Base64: 4W5uwlwxRpQBnkRA/8NDOw==
The column "tokenId" represents the Base64 encoded public Id and the secret represents the Base64 encoded AES Key.
INSERT INTO yubikeys (client_id, active, tokenId, secret, created, accessed) VALUES ('1', '1', 'qfne/zYi','4W5uwlwxRpQBnkRA/8NDOw==',now(),now());
9. TEST YOUR NEW SERVER
Launch your favourite browser and go to
http://localhost:8080/wsapi/verify?id=1&otp=Point to the end of the address field, put your finger on the Yubikey USB token. Now you should see something like this:
t=2009-08-27T17:33:57Z0515
status=OK
h=mtPBJ9BrYCjEqO88a8wfk2IoG1E=
Login
FAQ
Search
