yubico: make the Yubico cloud URL configurable
This patch adds a field to Config -> Tokens -> Yubico which can
contain another validation server than the Yubico servers.
If there is no configuration stored we still use the Yubico
servers as default, but we switch to the https-URL.
diff --git a/privacyidea/lib/tokens/yubicotoken.py b/privacyidea/lib/tokens/yubicotoken.py
index 7b69fe1…ddfad8b 100644
— a/privacyidea/lib/tokens/yubicotoken.py
+++ b/privacyidea/lib/tokens/yubicotoken.py
@@ -51,7 +51,7 @@ import binascii
YUBICO_LEN_ID = 12
YUBICO_LEN_OTP = 44
-YUBICO_URL = “http://api.yubico.com/wsapi/2.0/verify”
+DEFAULT_YUBICO_URL = "https://api.yubico.com/wsapi/2.0/verify"
DEFAULT_CLIENT_ID = 20771
DEFAULT_API_KEY = “9iE9DRkPHQDJbAFFC31/dum5I54=”
@@ -138,6 +138,7 @@ class YubicoTokenClass(TokenClass):
apiId = get_from_config("yubico.id", DEFAULT_CLIENT_ID)
apiKey = get_from_config("yubico.secret", DEFAULT_API_KEY)
-
YUBICO_URL = get_from_config("yubico.url", DEFAULT_YUBICO_URL) if apiKey == DEFAULT_API_KEY or apiId == DEFAULT_CLIENT_ID: log.warning("Usage of default apiKey or apiId not recomended!")
diff --git a/privacyidea/static/components/config/views/config.token.yubico.html b/privacyidea/static/components/config/views/config.token.yubico.html
index 4902201…7c6546f 100644
— a/privacyidea/static/components/config/views/config.token.yubico.html
+++ b/privacyidea/static/components/config/views/config.token.yubico.html
@@ -30,4 +30,13 @@
ng-model=“form[‘yubico.secret’]” name=“yubicoKey”>
+
- Yubico URL
- <input type=“url”
-
required -
class="form-control" -
placeholder="https://api.yubico.com/wsapi/2.0/verify" -
ng-model="form['yubico.url']" name="yubicoURL">
+
–
The only problem with troubleshooting is that the trouble shoots back.