strong authentication openid & yubico
DESCRIPTION
This cookbook shows you how to use an YubiKey for Strong authentication with OpenIDTRANSCRIPT
![Page 1: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/1.jpg)
MARET Consulting | 109, chemin du Pont-du-Centenaire | CH 1228 Plan-les-Ouates | Tél +41 22 727 05 57 | Fax +41 22 727 05 50 | www.maret-consulting.ch
Conseil en technologies
Strong Authentication & OpenID
Using YUBICO & Clavid
17-2-2009Sylvain Maret
![Page 2: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/2.jpg)
Conseil en technologieswww.maret-consulting.ch
Introduction
This cookbook shows you how to use an YubiKey for Strong authentication with OpenID
We will use Clavid as a OpenID provider (IDP) This solution is really easy to implement No need to install software You just an YubiKey from Yubico
![Page 3: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/3.jpg)
Conseil en technologieswww.maret-consulting.ch
About Yubico
Provide a USB Device for Strong Authentication Use AES Standard No need to install software (driver) Not a expensive solution Provide a One Time Password event based
For more information: http://www.yubico.com
![Page 4: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/4.jpg)
Conseil en technologieswww.maret-consulting.ch
About Clavid
A Swiss company providing OpenID based on:
Swiss Post Digital Certificate All SSL Client Digital Certificate X509 Yubikey Axsionics And Username & Password (no Strong
Authentication……) And Soon more !
![Page 5: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/5.jpg)
Conseil en technologieswww.maret-consulting.ch
Let’s define the scenario
Use a Strong Authentication PIN Code and an Yubikey
Use OpenID Clavid.ch http://www.clavid.ch/
Use Plaxo to test this example
![Page 6: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/6.jpg)
Conseil en technologieswww.maret-consulting.ch
Connect to Plaxo and choose OpenID
![Page 7: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/7.jpg)
Conseil en technologieswww.maret-consulting.ch
Enter your OpenID Account from Clavid.ch
![Page 8: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/8.jpg)
Conseil en technologieswww.maret-consulting.ch
You are redirected to Clavid.ch: Your Identity Provider
![Page 9: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/9.jpg)
Conseil en technologieswww.maret-consulting.ch
Enter you PIN Code and Put your Finger on your Ubikey
![Page 10: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/10.jpg)
Conseil en technologieswww.maret-consulting.ch
Ok, now you are redirected to Plaxo: That it
![Page 11: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/11.jpg)
Conseil en technologieswww.maret-consulting.ch
If you want to force Strong Authentication with Yubikey
![Page 12: Strong Authentication OpenID & Yubico](https://reader034.vdocuments.net/reader034/viewer/2022052507/558b558dd8b42a42698b4642/html5/thumbnails/12.jpg)
Conseil en technologieswww.maret-consulting.ch
"Le conseil et l'expertise pour le choix et la mise
en oeuvre des technologies innovantes dans la sécurité
des systèmes d'information et de l'identité numérique"