Ticket Control

Mydigipass.com – The Cloud Factor

Administrators always appreciate the ability to harden, for example, administrator login to web applications, blogs, or content management systems by means of a two-factor authentication solution. Mydigipass.com cloud authentication by Vasco is ideal for this (Figure 5). One advantage of this solution is that the administrator does not need to install and operate any back-end software because it is provided by Vasco in the cloud (see also the "OAuth API" box).

Figure 5: The Mydigipass.com cloud application enriches web applications with two-factor authentication.

Figure 6: The online demo token by Vasco lets users test secure login on Mydigipass.com.

The front end is a software OTP token for iOS, Android, or BlackBerry smartphones; alternatively, client software with Java support is available for mobile phones. Furthermore, you can integrate hardware tokens, which Vasco distributes to people at IT fairs.

As the first step, users must register [23] and install the free software token via the respective app stores. The Java client software is transferred to your mobile via a URL download link. For smaller community sites with one URL, up to 100 users, and 1,000 authentication transactions per year, Mydigipass.com's "Starter Edition" is completely free of charge. Larger packages start from US$ 3,000 (EUR 2,000) per year, but include 500 users and 10,000 authentication operations (Premium), or 10,000 users and 250,000 authentication operations (Executive) per year.

Hardening Drupal with Mydigipass

The Mydigipass module can also be used to harden the popular Drupal CMS by adding the Mydigipass login API (Figure 7). The following guide explains the installation and configuration based on Drupal 6.27. The main requirement is that the web server can reach the Mydigipass.com web service with an outbound HTTPS connection. If the web server resides behind a firewall, you need to open port 443/TCP on the web server for the mydigipass.com domain.

Figure 7: Configuring the Mydigipass plugin is simple using the Drupal module configurator. A special mode allows you to test the setup without immediately being locked out of the CMS.

In our lab, the plugin only worked correctly with "Clean URLs" enabled in Drupal. Clean URLs creates legible URLs without special characters. The Drupal admin can enable them by clicking Administer | Clean URLs | Enabled . Because the web server must also support this feature, the administrator must enable the rewrite module on the Apache web server.

To begin, download the tarball with the plugin [24] and unpack it in the sites/all/modules/mydigipass directory of your Drupal installation (e.g., /var/www/drupal/sites/all/modules/mydigipass). Next, register for a developer account below https://developer.mydigipass.com, then log in and go to the Sandbox section. From there, click Connect a test site and type an identifier and a display name for your site; they can be identical.

As the Redirect uri , enter http://<Your-Domain>/mydigipass/callback . After creating your site, your client_id and client_secret are displayed on the portal site. Enter these values in the appropriate fields of the Mydigipass module in Drupal (Administer | MYDIGIPASS.COM ). Press the radio button for Sandbox | developer in Environment and enable Mydigipass.com integration.

Mixed-Mode Testing

For your first tests, you will want to enable Mixed mode to be on the safe side. Then, you can continue to log in to your Drupal installation with your username and password if something goes awry with your Mydigipass.com integration attempt. In the course of the module configuration, you can customize the various button styles for the login button and create data fields for your user accounts, if desired.

Finally, you must connect your Drupal user account with the user registered at Mydigipass. To do so, select My Account | Edit in Drupal and press the Connect with MYDIGIPASS.COM button. If everything works out, Drupal reports The user has been successfully linked to MYDIGIPASS.COM , and you can log in to Drupal via Mydigipass. Before you can log in to Drupal via Mydigipass for the first time, however, you must first log out of the developer portal and Drupal and close the browser to clear the session cookies. See also the "Mydigipass Reservations" box.