User's documentation
Page tree
Important notice! This documentation is out of date and refers to Soffid version 2

Soffid 3 documentation is available https://bookstack.soffid.com

Skip to end of metadata
Go to start of metadata

Soffid 3 documentation

You can find the Soffid 3 documentation following the next link: https://bookstack.soffid.com/books/two-factor-authentication-2fa-VsJ

Installation

To install LinOPT service, please follow the next steps.

Install docker

The docker service is required to run the LinOPT service

sudo apt-get install docker.io


Install portainer

Portainer is an optional UI to manager the docker service easily.

Install mariadb

The LinOTP service only works with mariadb, you could use the mariadb container or another existing mariadb database in your environment.

Configure the external service

Create linotp database

It is required to create the linotp database.

// Enter to the mariadb container shell
mysql -u root -p;
create database linotp;
use linotp; 


Create table usertable

After the installation of MariaDB and the creation of the database, it is required to create this table to allow Soffid to manage users.

CREATE TABLE `usertable` (
  `id` varchar(50) DEFAULT NULL,
  `user` varchar(50) DEFAULT NULL,
  `telephoneNumber` varchar(50) DEFAULT NULL,
  `mobile` varchar(50) DEFAULT NULL,
  `mail` varchar(50) DEFAULT NULL,
  `sn` varchar(50) DEFAULT NULL,
  `givenName` varchar(50) DEFAULT NULL,
  `password` varchar(60) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;


Add a user/pass and grants

The user/pass will be used when the linout container will be created.

create user linotp identified by 'YOUR_PASSWORD';
grant all on *.* to linotp;


Create LinOTP container

Create the soffid/linotp container: https://hub.docker.com/r/soffid/linotp

  • Publish the port 443 of the container to 1443

To access the LinOTP web console: https://localhost:1443/manage

  • The user is admin and the password is the one configured previously as the environment attribute ADMIN_PASSWORD


Create SQL Resolver

In the LinOTP web console go to:  Configuration LinOTP > UserIdResolvers > New (button) > SQL (type)

Now use the attributes below:

This is the attribute mapping:

{"userid":"id","username":"user","phone":"telephoneNumber","mobile":"mobile","email":"mail","surname":"sn","givenname":"givenName","password":"password" }




Create a Realm



Soffid configuration

Mapping to the agent to manage LinOTP users

Finally to allow to manage user accounts with LinOTP it is required to create a rest agent with the next mapping against the LinOTP service.

The mapping: agent-configuration-linotp.xml


Enable the service in Soffid

After the installation and configuration of the service you should include in the Soffid configuration

Please follow the steps of this link Authentication methods#EnableLinOTPintegration and then the next section Authentication methods#SecondFactorAuthenticationconfiguration.


  • No labels