The following section has been added :)
################## Time-based One Time Password ################## ## Please NOTE these values need to be changed BEFORE users will set-up OTP for themselves ## otherwise they can't login # NOTE Config->application.name will be used if blank otp.issuer= otp.ntp.server=pool.ntp.org ## milliseconds otp.ntp.timeout=3000 from mobile (sorry for typos ;) On Wed, Dec 28, 2022, 16:25 Ali Alhaidary <ali.alhaid...@the5stars.org> wrote: > Is it possible just to pint it out please? > > Ali > On 12/27/22 6:53 PM, Maxim Solodovnik wrote: > > I would start with examine the logs > > and will add missing key-value part to openmeetings.properties :) > > On Tue, 27 Dec 2022 at 19:00, Ali Alhaidary <ali.alhaid...@the5stars.org> > wrote: > >> Where and what ? :-) >> >> Ali >> On 12/27/22 8:13 AM, Maxim Solodovnik wrote: >> >> you have to add new values to your config :) >> >> #206 is at demo-next >> seems to work as expected :) >> >> On Tue, 27 Dec 2022 at 10:37, Ali Alhaidary <ali.alhaid...@the5stars.org> >> wrote: >> >>> No, I did not change anything in openmeetings.properties as we want to >>> use om as before initially... >>> >>> ################## Time-based One Time Password ################## >>> ## Please NOTE these values need to be changed BEFORE users will set-up >>> OTP for themselves >>> ## otherwise they can't login >>> >>> # NOTE Config->application.name will be used if blank >>> otp.issuer= >>> otp.ntp.server=pool.ntp.org >>> ## milliseconds >>> otp.ntp.timeout=3000 >>> >>> >>> On 12/27/22 4:44 AM, Maxim Solodovnik wrote: >>> >>> Anything suspicious in the log? >>> Have you updated openmeetings.properties with "otp" specific values? >>> >>> from mobile (sorry for typos ;) >>> >>> >>> On Mon, Dec 26, 2022, 22:54 Ali Alhaidary <ali.alhaid...@the5stars.org> >>> wrote: >>> >>>> Could not login from moodle plugin, and (HTTP Status 404 – Not Found) >>>> in stand alone app. >>>> >>>> Ali >>>> On 12/26/22 5:18 PM, Ali Alhaidary wrote: >>>> >>>> Seems ok, and translated... >>>> >>>> Ali >>>> On 12/26/22 8:37 AM, Maxim Solodovnik wrote: >>>> >>>> Seems to be implemented >>>> I would appreciate if someone can test this new functionality >>>> (And wording :))) >>>> >>>> On Thu, 22 Dec 2022 at 14:14, Maxim Solodovnik <solomax...@gmail.com> >>>> wrote: >>>> >>>>> >>>>> >>>>> On Thu, 22 Dec 2022 at 14:01, seba.wag...@gmail.com < >>>>> seba.wag...@gmail.com> wrote: >>>>> >>>>>> Sry I did not have enough time. But it would be a good feature to >>>>>> add. >>>>>> >>>>>> Also a good message we can share around enhancing OpenMeetings >>>>>> security. Relevant for many education/public environments. >>>>>> >>>>> >>>>> I agree :)) >>>>> Will update JIRA/demo-next when will have something working :) >>>>> >>>>> >>>>>> >>>>>> Thx >>>>>> Seb >>>>>> >>>>>> Sebastian Wagner >>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>> http://arrakeen-solutions.co.nz/ >>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>> Video-Conferencing OpenMeetings >>>>>> >>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>> >>>>>> >>>>>> On Thu, 22 Dec 2022 at 18:37, Maxim Solodovnik <solomax...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> https://issues.apache.org/jira/browse/OPENMEETINGS-2755 >>>>>>> >>>>>>> will try to implement it :) >>>>>>> >>>>>>> On Wed, 3 Aug 2022 at 13:45, Ali Alhaidary < >>>>>>> ali.alhaid...@the5stars.org> wrote: >>>>>>> >>>>>>>> +1 >>>>>>>> >>>>>>>> Yes, why not... >>>>>>>> >>>>>>>> Ali >>>>>>>> On 8/3/22 8:34 AM, Maxim Solodovnik wrote: >>>>>>>> >>>>>>>> we already have BSD 3-clause: >>>>>>>> https://github.com/apache/openmeetings/blob/master/LICENSE#L2479 >>>>>>>> will need to add one line only :) >>>>>>>> >>>>>>>> On Wed, 3 Aug 2022 at 12:25, seba.wag...@gmail.com < >>>>>>>> seba.wag...@gmail.com> wrote: >>>>>>>> >>>>>>>>> There seem to be a few options for Google using Java >>>>>>>>> E.g. https://github.com/wstrange/GoogleAuth >>>>>>>>> >>>>>>>>> I don't quite see in that lib how it generates the QR code for >>>>>>>>> scanning but there should be a way :) >>>>>>>>> >>>>>>>>> The BSD license would require us to add a copy left into our >>>>>>>>> License file, but in general it would be compatible imho. >>>>>>>>> >>>>>>>>> Thanks >>>>>>>>> Seb >>>>>>>>> >>>>>>>>> Sebastian Wagner >>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>>>>> http://arrakeen-solutions.co.nz/ >>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>>>>> Video-Conferencing OpenMeetings >>>>>>>>> >>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik < >>>>>>>>> solomax...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Hello Seb, >>>>>>>>>> >>>>>>>>>> Sorry for a late response, I'm on vacation :) >>>>>>>>>> >>>>>>>>>> I would >>>>>>>>>> +1 this feature :) >>>>>>>>>> >>>>>>>>>> The problems we'll need to solve >>>>>>>>>> - add 2fa mechanisms other than email (not sure if apps like >>>>>>>>>> "Google authenticator" has open source API :(, we can use telegram >>>>>>>>>> API ....) >>>>>>>>>> - we'll need to move this out of om_user db table (maybe with >>>>>>>>>> activation_hash and *reset-password-hash* >>>>>>>>>> >>>>>>>>>> Need to be investigated and carefully refactored :) >>>>>>>>>> >>>>>>>>>> from mobile (sorry for typos ;) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, Aug 3, 2022, 10:15 seba.wag...@gmail.com < >>>>>>>>>> seba.wag...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Not many pros or cons in this discussion. >>>>>>>>>>> >>>>>>>>>>> But I think it would be a good option to have available for >>>>>>>>>>> users. As well as a good feature to advertise for. Especially in >>>>>>>>>>> order to >>>>>>>>>>> use OpenMeetings in a Gov/Education environment where compliance may >>>>>>>>>>> require to have 2 factor auth for applications in order for using >>>>>>>>>>> it. >>>>>>>>>>> >>>>>>>>>>> So I assume I can create some tickets and get this on the way. >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> Seb >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Sebastian Wagner >>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>>>>>>> http://arrakeen-solutions.co.nz/ >>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>>>>>>> Video-Conferencing OpenMeetings >>>>>>>>>>> >>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Mon, 1 Aug 2022 at 09:31, seba.wag...@gmail.com < >>>>>>>>>>> seba.wag...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> I would like to add a ticket to investigate and look into >>>>>>>>>>>> adding 2 factor authentication to OpenMeetings. As an optional >>>>>>>>>>>> feature, >>>>>>>>>>>> default would be turned off. >>>>>>>>>>>> >>>>>>>>>>>> There are various libraries to achieve 2 factor auth. I would >>>>>>>>>>>> probably prefer using the Google Authenticator as a method since >>>>>>>>>>>> it seems >>>>>>>>>>>> the most widely adopted authenticator. >>>>>>>>>>>> >>>>>>>>>>>> In terms of turning it on/off I would add 2 flags: >>>>>>>>>>>> - On a per server basis a flag to generally turn 2 factor auth >>>>>>>>>>>> on or off >>>>>>>>>>>> - On a per individual account basis so you can turn 2 factor >>>>>>>>>>>> auth on/off for an individual user >>>>>>>>>>>> >>>>>>>>>>>> This would not affect past installations. >>>>>>>>>>>> This would not affect logging in via Soap/Rest. >>>>>>>>>>>> >>>>>>>>>>>> I think this would be a good feature to improve security. >>>>>>>>>>>> >>>>>>>>>>>> Let me know what you think, and I will add a ticket and look >>>>>>>>>>>> into adding this over the next few weeks. >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> Seb >>>>>>>>>>>> >>>>>>>>>>>> Sebastian Wagner >>>>>>>>>>>> Director Arrakeen Solutions, OM-Hosting.com >>>>>>>>>>>> http://arrakeen-solutions.co.nz/ >>>>>>>>>>>> https://om-hosting.com - Cloud & Server Hosting for HTML5 >>>>>>>>>>>> Video-Conferencing OpenMeetings >>>>>>>>>>>> >>>>>>>>>>>> <https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url> >>>>>>>>>>>> <https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Best regards, >>>>>>>> Maxim >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Best regards, >>>>>>> Maxim >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Best regards, >>>>> Maxim >>>>> >>>> >>>> >>>> -- >>>> Best regards, >>>> Maxim >>>> >>>> >> >> -- >> Best regards, >> Maxim >> >> > > -- > Best regards, > Maxim > >
