derhansen / mfa_yubikey
YubiKey OTP MFA provider - YubiKey OTP MFA provider for the TYPO3 backend login.
Maintainers
Package info
github.com/derhansen/mfa_yubikey
Type:typo3-cms-extension
pkg:composer/derhansen/mfa_yubikey
Fund package maintenance!
Requires
- typo3/cms-core: ^14.3
README
What is it?
A MFA provider for TYPO3 CMS which implements YubiKey OTP authentication
Screenshot
Documentation
Configuration steps:
- Obtain Yubico Client ID and Secret Key at https://upgrade.yubico.com/getapikey/
- Enter you Yubico Client ID and Yubico Client Key in the extension settings
- Switch to backend user settings and choose "Manage multi-factor authentication" in "Account security" tab
- Setup the "YubiKey OTP MFA authentication" MFA provider by adding at least one YubiKey
- (Optional) Ensure to set the "YubiKey OTP MFA authentication" as default MFA provider
Using a self-hosted YubiCloud instance
Instead of using the official Yubico YubiCloud validation service, you can run your own OTP validation server. This is useful for organizations that require full control over their infrastructure or cannot use external services.
To use a self-hosted validation server:
- Set up a self-hosted OTP validation server (see Yubico's self-hosted OTP validation guide)
- In the extension settings, set the "YubiCloud API URL" to the URL of your own validation server
- Enter the Client ID and Secret Key configured on your self-hosted instance
Versions
| Version | TYPO3 | PHP | Support/Development |
|---|---|---|---|
| 4.x | 14.x | 8.2 - 8.5 | Features, Bugfixes, Security Updates |
| 3.x | 13.x | 8.2 - 8.5 | Features, Bugfixes, Security Updates |
| 2.x | 12.x | 8.1 - 8.4 | Security Updates |
| 1.x | 11.5 | 7.4 - 8.4 | Support dropped |
Reporting a Vulnerability
Please report vulnerabilities to security@typo3.org.
Support and updates
The extension is hosted on GitHub. Please report feedback, bugs and change requests directly at https://github.com/derhansen/mfa_yubikey