Creating ICP identity anchor with Yubikey - yubikey

Can anyone tell me how my Yubikey 5NFC should be configured so that I can use it to set up an internet identity anchor on internet identity / https://identity.ic0.app
I downloaded yubikey software and configured it to be used with OTP FIDO2 and PIV applications but ICP login page will not read my yubikey and allow me create an identity anchor.
Do I need to set up my yubikey using the SDK desktop download or do I need an entirely different key?

Related

Is it possible to configure jenkins to use a hardware key for sign in?

I have a usb yubikey which I use for ssh and to log in on some websites.
Can I configure my jenkins server to allow for and force sign in using a yubikey too? I feel like that would be much more secure than a password.
We have implemented https://saaspass.com/.
It uses a SAML plugin in Jenkins and then we use our mobile phones as a hardware key but if you have a YubiKey with NFC / USB-C mobile compatible you could use that in addition, so it becomes MFA.
We disabled the SMS version but saaspass does allow you to configure which authentication options you want enabled.

Certificate use on azure-active-directory proxy

We have a solution / security requirements from our customer:
1. Multi-Factor Authentication: Users digital identities will be established by authenticating users using their assigned username, password and an approved Multi-Factor Authentication (MFA) method.
2. Conditional Access to restrict connectivity from Home PCs, etc:
a. For users on new devices: Access will be restricted to authorised devices. Authorised devices will be verified using a device certificates (sometimes referred to as a client certificate) issued by the customer’s Public Key Infrastructure (PKI) service when a device is first enrolled.
b. For users on older devices: Access will be restricted by an IP address range.
We have prototyped the use of an Azure Application Proxy (to meet Requirement #1 for MFA above). However, through testing we’ve found that we can’t get the certificates to work via the proxy.
Installed the Cert on the JBOSS app server sitting behind the AAD PRoxy. This then gets blocked by the proxy.
I would like to register the Cert (or multiple certs) on the proxy, to allow secure access from the client devices to the Azure platform (App Servers / Proxy or gateway) .
There is no option in the Azure AAD to install a cert.

How to implement two-factor authentication in Spotfire

I am new to Spotfire. I am trying to implement two factor authentication for Spotfire Web player login. The instructions provided on Spotfire support portal is not specific. Can anybody help me on this?
Well, the only form of two-factor authentication that is supported out-of-the-box would be the combination of some standard authentication method (such as plain username/password) with X.509 client certificates (which could be stored on smart cards or such).
Another option could be to utilize some external authentication provider (typically using OpenID Connect) and configure two-factor authentication there.

Sending an Internet request without prompting

In my application, I just want to upload some data on the server without interacting with the user.
How do I silently upload data on the server in J2ME without asking the user for Internet usage?
In order to upload silently, the user must approve at least once that it allows you to connect to the internet, as specified by the MIDP 2.0 Security Architecture.
First you have to sign your Midlet with a certificate from a Certificate Authority (commonly refered as CAs) as Verisign, Thawte, Java Verified, etc. You have to choose your CA depending on the devices you are targeting. The device will just recognize the CAs installed as root certificates. If it doesn't have the root certificate of the CA you chose, it will not be a secure third-party application. This is explained in simple steps in the Nokia Wiki
The second step is to set in your JAD file the next line
MIDlet-Permissions: javax.microedition.io.Connector.http
This will ask for http connections permission since it is installed.
In this way the user will just be noticed once, and will be allowed to set the permission permanently. Some devices will not allow a permanent permission if the application is not signed.
This is impossible. All the phones ask the user before letting an application use internet services.
One possibility could be signing the application somehow, but that would work on very few phones, if any.
If your application is signed by Java Verify or similar you will be able to let the user say they allow all future http connections, rather than having to authorise them all singularly.

Authentication,Authorization And Accounting?

If radius is Authuntication protocol why use kerberos,pap,chap,... ?
The Remote Authentication Dial-In User Service (RADIUS) protocol provides authentication, authorization, and accounting (AAA) for dial-in infrastructures, and it uses the same account and password to log into your company network through modem, WiFi, or a VPN tunnel. RADIUS has many carrier-grade features (the whole accounting part, for example) and is designed to operate in explicitly configured backbone networks.
But it is not well suited for PC and workstation networks and doesn't have the single-sign-on capability offered by Kerberos.
On the Other Hand, Kerberos provides an encrypted authentication service using shared secret keys. Kerberos can also support authentication via public key cryptography, but this is not covered by RFC 4120. Kerberos does not provide an authorization service, but Kerberos does support pass-through to other authorization services. Kerberos does not provide an accounting service.
For More Information about the PAP and CHAP, refer the following url
http://www.zeroshell.net/eng/kerberos/
and this url too you can refer
http://www.firewall.cx/ftopict-2679-.html
RADIUS (Remote Authentication Dial In User Service), defined in RFC 2865, is a protocol for remote user authentication and accounting.
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Suppose you have Vodafone or Orange Telecom operator's connectivity at your home for internet connectivity.so,you will be needing a particular user id and password to access that.
Here Radius Protocol is used.
Technically, if you see the network file(.pcap file) that Wireshark Tool uses.
You will see that it contains Attribute Value Pairs that contains user name, password fields.
Radius uses CHAP password.So, it is more secured in terms of middle attack.
I hope you got my point

Resources