2-factor authentication for owncloud mobile devices

Question
1

Hi, I just configured privacyidea HOTP for my owncloud setup (ubuntu,
mysql) and it works perfectly.
The issue arises when I try to run it off my owncloud for iOS app. Because
the HOTP 6 digit passcode is valid for single use, although I can configure
it on the iOS app, I cannot actually use it because it expires when I
refresh the content.
Is there a way of locking a passcode to a specific device so that the
passcode can be reused an unlimited number of times on that specific device?

Thanks for your help.

2

Your observation is right.

OwnCloud really sucks at the client side authentication, since it caches
passwords and does not use authentication tokens like OAuth or anything
else. You have the same problem with the desktop client, which will
result in locked tokens.

Fixing things in the backend (privacyidea) that are broken in the
frontend (owncloud) is the wrong approach.

However, you can assign a second token to the user, a simple pass token,
which only consists of the OTP PIN - i.e. a fixed password. Since this
is what this software which I also finally banned from my computers is
capable of handling.

This way you can use a SPASS token for the iOS app an true OTP for the
web app.

Kind regards
CorneliusAm Sonntag, den 31.01.2016, 06:57 -0800 schrieb Prism:

Hi, I just configured privacyidea HOTP for my owncloud setup (ubuntu,
mysql) and it works perfectly.
The issue arises when I try to run it off my owncloud for iOS app.
Because the HOTP 6 digit passcode is valid for single use, although I
can configure it on the iOS app, I cannot actually use it because it
expires when I refresh the content.
Is there a way of locking a passcode to a specific device so that the
passcode can be reused an unlimited number of times on that specific
device?

Thanks for your help.


For professional services and consultancy regarding two factor
authentication please visit
Support - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In and enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/824a041f-fdec-4e07-ba73-55f88bffd6f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)