+1
Yes, why not...
Ali
On 8/3/22 8:34 AM, Maxim Solodovnik wrote:
we already have BSD 3-clause:
https://github.com/apache/openmeetings/blob/master/LICENSE#L2479
will need to add one line only :)
On Wed, 3 Aug 2022 at 12:25, [email protected]
<[email protected]> wrote:
There seem to be a few options for Google using Java
E.g. https://github.com/wstrange/GoogleAuth
I don't quite see in that lib how it generates the QR code for
scanning but there should be a way :)
The BSD license would require us to add a copy left into our
License file, but in general it would be compatible imho.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Wed, 3 Aug 2022 at 16:12, Maxim Solodovnik
<[email protected]> wrote:
Hello Seb,
Sorry for a late response, I'm on vacation :)
I would
+1 this feature :)
The problems we'll need to solve
- add 2fa mechanisms other than email (not sure if apps like
"Google authenticator" has open source API :(, we can use
telegram API ....)
- we'll need to move this out of om_user db table (maybe with
activation_hash and *reset-password-hash*
Need to be investigated and carefully refactored :)
from mobile (sorry for typos ;)
On Wed, Aug 3, 2022, 10:15 [email protected]
<[email protected]> wrote:
Not many pros or cons in this discussion.
But I think it would be a good option to have available
for users. As well as a good feature to advertise for.
Especially in order to use OpenMeetings in a Gov/Education
environment where compliance may require to have 2 factor
auth for applications in order for using it.
So I assume I can create some tickets and get this on the way.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for HTML5
Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
On Mon, 1 Aug 2022 at 09:31, [email protected]
<[email protected]> wrote:
I would like to add a ticket to investigate and look
into adding 2 factor authentication to OpenMeetings.
As an optional feature, default would be turned off.
There are various libraries to achieve 2 factor auth.
I would probably prefer using the Google Authenticator
as a method since it seems the most widely adopted
authenticator.
In terms of turning it on/off I would add 2 flags:
- On a per server basis a flag to generally turn 2
factor auth on or off
- On a per individual account basis so you can turn 2
factor auth on/off for an individual user
This would not affect past installations.
This would not affect logging in via Soap/Rest.
I think this would be a good feature to improve security.
Let me know what you think, and I will add a
ticket and look into adding this over the next few weeks.
Thanks
Seb
Sebastian Wagner
Director Arrakeen Solutions, OM-Hosting.com
http://arrakeen-solutions.co.nz/
https://om-hosting.com - Cloud & Server Hosting for
HTML5 Video-Conferencing OpenMeetings
<https://www.youracclaim.com/badges/da4e8828-743d-4968-af6f-49033f10d60a/public_url><https://www.youracclaim.com/badges/b7e709c6-aa87-4b02-9faf-099038475e36/public_url>
--
Best regards,
Maxim
