Yubico Forum

Project name: Joomla! CMS - Yubikey Authentication Plugin

License: GNU GPL v2

Description: Joomla! Content Management System two-factor authentication plugin for use with the Yubico Yubikey one-time-password device. An accompanying component is included to manage Yubikey users. With this authentication plugin you may selectively choose which Joomla users will require a Yubikey device to log into Joomla. The plugin and accompanying component are compatible with Joomla! versions 1.5, 1.6 and 2.5.

Platforms: Any platform the Joomla! CMS is compatible with.

Webpage: Joomla! Extensions Directory (JED) | Google Code

Tutorial: External Link

Screenshots: External Link

Updates: ATTENTION: I do not monitor new threads in this forum on a regular basis however I am subscribed to this thread. So please post problems you are having with the plugin to this thread if you want help from me so that I will get an email notification of your post. - James

Updates:

Plug-in

Joomla! 2.5 Support - Rev 1.0 (26FEB12)
* Ported the plug-in to Joomla! 2.5.
* Added the most current version of the Yubico.php class file to the plug-in
* Added the ability to enable/disable the HTTPS and HTTPSVERIFY features of the connection to the Yubico Yubikey authentication server the plug-in uses.

2.0 (29JAN11)
* This newest version is for Joomla! 1.6 only. The functionality remains the same as the Joomla! 1.5 version of the plugin. Some minor cosmetic changes were made to the Joomla! 1.6 version. The older Joomla! 1.5 version of the plugin will remain available for download but development will only continue with the Joomla! 1.6 version. You can distinguish the Joomla! 1.5 and 1.6 versions by looking at the plug-in's revision number. The Joomla! 1.5 version of the plugin will have a 1.x revision number and the Joomla! 1.6 version will have a 2.x revision number.

1.5 (17MAY10)
* Plug-in now uses the official Yubico PHP class for Yubikey authentication. The Yubico PHP class implements the new Yubikey Validation Protocol Version 2.0. You can read more about Yubikey Validation Protocol Version 2.0 at the Yubico homepage: http://www.yubico.com/developers/version2/.
* To upgrade simply install the new version of the plug-in into your Joomla! installation. You DO NOT need to uninstall the previous version of this plug-in if you have it installed.

1.0
* First revision of Joomla! 1.5 Yubikey two-factor authentication plugin released.

Component

Joomla! 2.5 Support - Rev 1.0 (26FEB12)
* Ported the component to Joomla! 2.5.
* Added the ability to filter users in the Yubikey user listing in the component.

2.0 (29JAN11)
* This newest version is for Joomla! 1.6 only. The functionality remains the same as the Joomla! 1.5 version of the component. Some minor cosmetic changes were made to the Joomla! 1.6 version. The older Joomla! 1.5 version of the component will remain available for download but development will only continue with the Joomla! 1.6 version. You can distinguish the Joomla! 1.5 and 1.6 versions by looking at the component's revision number. The Joomla! 1.5 version of the component will have a 1.x revision number and the Joomla! 1.6 version will have a 2.x revision number.

1.3 (13MAY10)
* Fixed a bug that would cause the component installation to fail on versions of Joomla! 1.5.10 or greater with an error message similar to "Component Install: Could not copy PHP install file".

1.2
- Reconfigured the installation routine so that it can handle future upgrades of the component better.

1.1
* Fixed annoying PHP notices when saving Yubikey user edits or new users
* Added Javascript to disable the Enter/Return key on the Yubikey edit and new user pages. This now allows you to directly use a Yubikey to enter the Yubikey ID while still allowing you to click the Edit/New button in the toolbar. The Yubikey ID will automatically be extracted from the one-time-password string entered by a Yubikey.
* Fixed a couple of misspellings in text labels.

1.0
* First revision of Joomla! 1.5 Yubikey two-factor authentication component released.

Hi James ,

Apologies if incorrect place to post..

I think this is genius - Was looking for something exactly like this for client site.

I bought the Yubico key and am testing.

Trying on a site of ours and tried on a fresh Joomla 1.5 install.

I followed instructions and got my Client ID and API key.

I logon using username and password+Yubikey OTP and to no avail ( All other plugins disabled and user setup with correct Yubikey ID )

On the same server Im using the Yubikey with Wordpress plugin and works fine..

Any light you can shed?

Cheers!
Stephen

Do you get any kind of error message after you enter the username and password and press the login button? Also you can try to enable the debugging mode in Joomla! to display any PHP errors or warnings that may be occurring. In Joomla! 1.5 you can turn on debugging my logging into the admin interface and clicking Global Configuration->Server->Error Reporting, and then select "Maximum" from the drop-down list and then press the Save button.

One other thing to check is that you are actually doing the OTP password and not the static password function of the Yubikey. I don't have access to the latest version of the Yubikey so I am not sure if the static password feature is enabled by default or not.

Finally, just to verify, when you are doing the password you are just typing in the user account password and then immediately pressing the yubikey OTP button and not including that plus sign (+) in the middle right? Some people may take my instructions literally and include that plus sign in the middle of the password when it shouldn't be there.

Let me know whether or not you make any progress with this. I am happy to keep troubleshooting this with you.

- James

Stephen,

I just noticed someone had posted a comment on the plug-in's Joomla! Extension Directory page which may also help you out. Here is the relevant snippet from the comment:



So it looks like actually clicking on the Joomla! login button causes problems for some people. Try waiting a little bit after pressing the Yubikey button to see if it will log you into the Joomla! site automatically.

- James

I can't seem to get this to work properly. Whenever a yubikey user tries to login, I continually get this error:

Fatal error: Cannot redeclare _pear_call_destructors() (previously declared in /home/laptop15/public_html/heartvantage/libraries/pear/PEAR.php:773) in /usr/lib/php/PEAR.php on line 777

I have
1) Uninstalled every Yubikey component/plugin and removed the db tables
2) Reinstalled them
3) Configured the plugin properly
4) Re-added the Yubikey users

and I still get this error. If the user is not a yubikey user, their login works just fine. It also works fine (that is it denies me access) whenever a yubikey user tries to login and gets their information wrong. It's only when a Yubikey user has a valid password that should be let in that I get this error.

Any advice/suggestions would be most appreciated!

On first glance it seems like you have 2 PEAR libraries that may be conflicting with each other. One located at "/home/laptop15/public_html/heartvantage/libraries/pear/PEAR.php" and the other at "/usr/lib/php/PEAR.php". It sounds like the the destructor() function is trying to be defined twice which causes the error to be thrown. I would first try to confirm that your PEAR installation is working properly with your PHP install. Here is a link to the PEAR documentation which has some tests you can try:

http://pear.php.net/manual/en/installation.checking.php

In particular focus on those tests that verify your PHP installation is configured to work properly with PEAR.

Thanks for the reply James.

I was hoping and trying to not get nearly that deep into the problem. The irony is that a few weeks back this worked fine.

We have a shared webhosting account with InMotion, we don't own our own servers. As such, I've had no need to install or do any coding with Pear. The only usage of it has been what comes with the standard Joomla framework and now this Yubikey plugin. I can't imagine the PEAR installation is messed up since it's a shared commercial server.

The only thing I can think of is some other plugin/component we added since then is initializing those Pear classes before Yubikey does. I still don't understand the problem, though, since all of files are always included using require_once which should alleviate the problem of double declaring functions.

There was a recent security update to PHP so your hosting provider may have upgraded the PHP installation on the server which may have caused something to break with your PEAR configuration. For kicks you can try renaming that "/home/laptop15/public_html/heartvantage/libraries/pear/PEAR.php" file to something else like "/home/laptop15/public_html/heartvantage/libraries/pear/PEAR.BAK.php" to effectively disable it to see if that has any effect. Renaming the file may fix the problem or cause a bunch of other ones but it is something simple that you can try. You can rename that file back to what it was if this causes a bunch of other problems.

I tried renaming the file as suggested. As you might expect it broke some other things that said needed PEAR but were unable to find it.