Loading...
 
Skip to main content

History: PluginTOTP

View published page Collapse Into Edit Sessions

Preview of version: 26

New in Tiki22

PluginTOTP

What is Time-Based One-Time Password?

A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers. TOTPs are derived from a secret seed password given at user registration in the form of QR code or in plaintext. TOTPs (and their seeds) are deployed on either hardware security tokens or as soft tokens, meaning mobile device apps that display the numbers. Typically, the temporary passcode expires after 30, 60, 120 or 240 seconds.

TOTP (Time-based One-time Password algorithm) is a different use case than Two-factor authentication, which protects a Tiki instance. This permits to manage the key (instead of putting on a smartphone) to connect to another site (which may or many not be a Tiki)

Using PluginTOTP in Tiki!

Let's suppose I am trying to connect to my Admin Dashboard, I begin by entering my username and password. Then I’m prompted for the TOTP, which I read off of the token and type into the third login field. Once I’ve done so, I’m logged in.

You need to act fast because these codes start expiring, which if I’m too slow, sometimes yields a login misfire and I need to try again with a fresher TOTP.

Step 1 : Activate pluginTOTP

Go to Control Pannel, search TOTP, check the PluginTOTP preferences and Click Apply to save changes.

Search TOTP in control pannel to activate the plugin
Click to expand

Step 2 : Configure pluginTOTP

You need to setup a wiki login page with following input fields :

  • Username Field
  • Password Field
  • TOTP Code Field

PluginTOTP CODE SNIPET
Copy to clipboard
{totp secret="YOUR SECRET TOTP CODE" interval="INTERVAL IN SECONDS" issuer="YOUR ISSUER PAGE"}

If you want to use advanced options of the pluginTOTP, click at the Help button (at right corner of your wiki-page editor), search TOTP in PluginHelp tab.

You should now see something like this!

TOTP QR Code Scan procedure
Click to expand

Step 3 : Authenticate

Finally, when authenticating on page "Log In” (e.g. http://www.example.com/tiki-login_scr.php?totpForm), take the code generated by Google Authenticator® App and enter it in the totpCode Field you recently created.


Code:
https://gitlab.com/tikiwiki/tiki/-/blob/master/lib/wiki-plugins/wikiplugin_totp.php
See also :
https://doc.tiki.org/tiki-editpage.php?page=Two-factor+authentication

PluginTOTP

History

Advanced
Information Version
Marc Laporte use relative links 47
Elifeleti Mukisa Dan 46
Elifeleti Mukisa Dan 45
Elifeleti Mukisa Dan 44
Elifeleti Mukisa Dan Adding new generated qrcode image 43
Marc Laporte 42
Ndiwayesu 41
Ndiwayesu 40
Ndiwayesu 39
Ndiwayesu 38
Ndiwayesu 37
Ndiwayesu 36
Ndiwayesu 35
Ndiwayesu 34
Marc Laporte The URL for the code arrives via PluginPluginManager 33
Ndiwayesu 32
Ndiwayesu 31
Ndiwayesu 30
Ndiwayesu 29
Ndiwayesu 28
Ndiwayesu 27
Ndiwayesu 26
Ndiwayesu 25
Ndiwayesu 24
Ndiwayesu 23
Ndiwayesu 22
Ndiwayesu 21
Ndiwayesu 20
Ndiwayesu 19
Ndiwayesu 18
Ndiwayesu 17
Ndiwayesu 16
Ndiwayesu 15
Ndiwayesu 14
Ndiwayesu 13
Ndiwayesu 12
Ndiwayesu 11
Ndiwayesu 10
Ndiwayesu 9
Ndiwayesu 8
Ndiwayesu 7
Ndiwayesu 6
Marc Laporte 5
Mike Finko 4
Marc Laporte 3
Marc Laporte 2
Marc Laporte 1