Seems to be implemented I would appreciate if someone can test this new functionality (And wording :)))
On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <solomax...@gmail.com> wrote: > > > On Thu, 22 Dec 2022 at 14:01, seba.wag...@gmail.com <seba.wag...@gmail.com> > wrote: > >> Sry I did not have enough time. But it would be a good feature to add. >> >> Also a good message we can share around enhancing OpenMeetings security. >> Relevant for many education/public environments. >> > > I agree :)) > Will update JIRA/demo-next when will have something working :) > > >> >> Thx >> Seb >> >> Sebastian Wagner >> Director Arrakeen Solutions, OM-Hosting.com >> http://arrakeen-solutions.co.nz/ >> https://om-hosting.com - Cloud & Server Hosting for HTML5 >> Video-Conferencing OpenMeetings >> >> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >> >> >> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >> >>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755 >>> >>> will try to implement it :) >>> >>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary <ali.alhaid...@the5stars.org> >>> wrote: >>> >>>> +1 >>>> >>>> Yes, why not... >>>> >>>> Ali >>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote: >>>> >>>> we already have BSD 3-clause: >>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479 >>>> will need to add one line only :) >>>> >>>> On Wed, 3 Aug 2022 at 12:25, seba.wag...@gmail.com < >>>> seba.wag...@gmail.com> wrote: >>>> >>>>> There seem to be a few options for Google using Java >>>>> E.g. https://github.com/wstrange/GoogleAuth >>>>> >>>>> I don't quite see in that lib how it generates the QR code for >>>>> scanning but there should be a way :) >>>>> >>>>> The BSD license would require us to add a copy left into our License >>>>> file, but in general it would be compatible imho. >>>>> >>>>> Thanks >>>>> Seb >>>>> >>>>> Sebastian Wagner >>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>> http://arrakeen-solutions.co.nz/ >>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>> Video-Conferencing OpenMeetings >>>>> >>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>> >>>>> >>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik <solomax...@gmail.com> >>>>> wrote: >>>>> >>>>>> Hello Seb, >>>>>> >>>>>> Sorry for a late response, I'm on vacation :) >>>>>> >>>>>> I would >>>>>> +1 this feature :) >>>>>> >>>>>> The problems we'll need to solve >>>>>> - add 2fa mechanisms other than email (not sure if apps like "Google >>>>>> authenticator" has open source API :(, we can use telegram API ....) >>>>>> - we'll need to move this out of om_user db table (maybe with >>>>>> activation_hash and *reset-password-hash* >>>>>> >>>>>> Need to be investigated and carefully refactored :) >>>>>> >>>>>> from mobile (sorry for typos ;) >>>>>> >>>>>> >>>>>> On Wed, Aug 3, 2022, 10:15 seba.wag...@gmail.com < >>>>>> seba.wag...@gmail.com> wrote: >>>>>> >>>>>>> Not many pros or cons in this discussion. >>>>>>> >>>>>>> But I think it would be a good option to have available for users. >>>>>>> As well as a good feature to advertise for. Especially in order to use >>>>>>> OpenMeetings in a Gov/Education environment where compliance may >>>>>>> require to >>>>>>> have 2 factor auth for applications in order for using it. >>>>>>> >>>>>>> So I assume I can create some tickets and get this on the way. >>>>>>> >>>>>>> Thanks >>>>>>> Seb >>>>>>> >>>>>>> >>>>>>> >>>>>>> Sebastian Wagner >>>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>>> http://arrakeen-solutions.co.nz/ >>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>>> Video-Conferencing OpenMeetings >>>>>>> >>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>>> >>>>>>> >>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wag...@gmail.com < >>>>>>> seba.wag...@gmail.com> wrote: >>>>>>> >>>>>>>> I would like to add a ticket to investigate and look into adding 2 >>>>>>>> factor authentication to OpenMeetings. As an optional feature, default >>>>>>>> would be turned off. >>>>>>>> >>>>>>>> There are various libraries to achieve 2 factor auth. I would >>>>>>>> probably prefer using the Google Authenticator as a method since it >>>>>>>> seems >>>>>>>> the most widely adopted authenticator. >>>>>>>> >>>>>>>> In terms of turning it on/off I would add 2 flags: >>>>>>>> - On a per server basis a flag to generally turn 2 factor auth on >>>>>>>> or off >>>>>>>> - On a per individual account basis so you can turn 2 factor >>>>>>>> auth on/off for an individual user >>>>>>>> >>>>>>>> This would not affect past installations. >>>>>>>> This would not affect logging in via Soap/Rest. >>>>>>>> >>>>>>>> I think this would be a good feature to improve security. >>>>>>>> >>>>>>>> Let me know what you think, and I will add a ticket and look into >>>>>>>> adding this over the next few weeks. >>>>>>>> >>>>>>>> Thanks >>>>>>>> Seb >>>>>>>> >>>>>>>> Sebastian Wagner >>>>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>>>> http://arrakeen-solutions.co.nz/ >>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>>>> Video-Conferencing OpenMeetings >>>>>>>> >>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>>>> >>>>>>> >>>> >>>> -- >>>> Best regards, >>>> Maxim >>>> >>>> >>> >>> -- >>> Best regards, >>> Maxim >>> >> > > -- > Best regards, > Maxim > -- Best regards, Maxim
