IPv6 für Google2FA - Zwei-Faktor Authentifizierung für Zarafa/Kopano WebApp | Zarafa/Kopano WebApp Plugin allows the use of Google two-factor authentication

Google2FA

Google Authenticator

The Zarafa/Kopano WebApp Plugin Google2FA allows the use of Google two-factor authentication with the free Google Authenticator App (Android, iOS, BlackBerry, Windows Phone) in conjunction with the WebApp application.

The two-factor authentication provides an additional protection for the WebApp. After activation you require a one-time code to log on next to your password. You get this code from the Google Authenticator App.

Features
  • Immediately ready to run
  • Multilingual (currently English, German, French, Dutch)
  • Quality assured by Kopano developer
  • User-oriented configuration (configuration for a company with cental administration is possible)
  • Configure the authenticator App via QR code or manually
  • Generation of QR Code with Google (default) or on your own server
  • Whitelist with subnets to login without 2FA (IPv4 and IPv6), support for trusted HTTP proxies
  • Data will be saved in WebApp settings (default) or in a MySQL-DB
  • A code can only be used on-time
  • Support for time-independent single-use emergency codes
Feedback

I would be very happy if you give me feedback if the plugin is running as expected, what suggestions you have, or if you notice errors.

If you like this plugin, I am pleased to receive a donation.

11 thoughts on “Google2FA”

  1. HI,

    I think your plugin is awsome. However i got a question. I changend the background image on the themplate in kopano and this works. If i enable you plugin then after login i see the old background for some seconds. (this is only on accounts that have the google2fa enabled).

    How can ichange this behaviour?

    1. After some mail exchange, the situation is as follows:
      The token page always uses the standard theme with the standard background image (not the theme defined in the WebApp config.php). If the user has choose another theme in the settings, this theme will be used after login. If this theme uses another background image, this image appears for a few seconds. This behaviour is ok.

  2. Does this also work with the Kopano Deskapp?

    Also, can it be enabled on a per user basis?

    I’m using the community version of Kopano – any issues there?

    1. >> Does this also work with the Kopano Deskapp?
      You have to use whitelist (see download section).

      >> Also, can it be enabled on a per user basis?
      Yes (see configuration section).

      >> I’m using the community version of Kopano – any issues there?
      Unknown to me (see tested versions in download section).

  3. Hallo Norman,
    vielen Dank für dein Plugin, das funktioniert super.
    Eine Frage habe ich dennoch:
    Ist es möglich mit
    define(‘PLUGIN_GOOGLE2FA_WHITELIST’, gethostbyname (‘xxx.yyy.de’);
    Einen Dyndns Eintrag auf die Whitelist zu setzen? Also immer wenn jemand von xxx.yyy.de kommt, das er dann nicht durch die 2 FA muss? Denn sonst funktioniert die Desktapp leider nicht mehr.
    Wenn ja, würdest du mir zwei Beispiele schicken für IPv4 und V6? Meine Versuche sind leider gescheitert 🙁
    Viele Grüße
    Andreas

    1. Hallo Andreas,

      sorry für die späte Antwort – irgendwie habe ich den Kommentar übersehen.

      So wie es in den Beispielen in der config.php beschrieben ist sollte es mit V4 und V6 funktionieren.
      Ich verwende es seit Jahren erfolgreich. Nimm doch einfach mal beide Versionen (V4/V6) mit auf.

      define('PLUGIN_GOOGLE2FA_WHITELIST', gethostbyname('xxx.yyy.de') . "," . dns_get_record('xxx.yyy.de', DNS_AAAA)[0]["ipv6"] . "/64");

      Gruß, Norman

  4. Hello,

    I have a issue with PLUGIN_GOOGLE2FA_WHITELIST. I enter my subnet however afte i do this it never skaes me for a code again? not from inside my subnet and also not from external. i am using latest build of kopano. any ideas?

    1. Thanks for the hint. After a mail communication an error could be found, which prevents the query of the code when specifying a proxy. This will be fixed in the upcoming version.

  5. Hi,

    Can we also set for example ip addres 192.168.2.20 – 192.168.2.254 in whitelist? Amd what should be the format?

    1. Hi! The IP addresses must be listed comma separated. Alternatively, you can create such a string via PHP.

Leave a Reply

Your email address will not be published.