The Zarafa/Kopano WebApp Plugin Google2FA allows the use of Google two-factor authentication with the free Google Authenticator App (Android, iOS, BlackBerry, Windows Phone) in conjunction with the WebApp application.
The two-factor authentication provides an additional protection for the WebApp. After activation you require a one-time code to log on next to your password. You get this code from the Google Authenticator App.
Features
- Immediately ready to run
- Multilingual (currently English, German, French, Dutch)
- Quality assured by Kopano developer
- User-oriented configuration (configuration for a company with cental administration is possible)
- Configure the authenticator App via QR code or manually
- Generation of QR Code with Google (default) or on your own server
- Whitelist with subnets to login without 2FA (IPv4 and IPv6), support for trusted HTTP proxies
- Data will be saved in WebApp settings (default) or in a MySQL-DB
- A code can only be used on-time
- Support for time-independent single-use emergency codes
Feedback
I would be very happy if you give me feedback if the plugin is running as expected, what suggestions you have, or if you notice errors.
If you like this plugin, I am pleased to receive a donation.
HI,
I think your plugin is awsome. However i got a question. I changend the background image on the themplate in kopano and this works. If i enable you plugin then after login i see the old background for some seconds. (this is only on accounts that have the google2fa enabled).
How can ichange this behaviour?
After some mail exchange, the situation is as follows:
The token page always uses the standard theme with the standard background image (not the theme defined in the WebApp config.php). If the user has choose another theme in the settings, this theme will be used after login. If this theme uses another background image, this image appears for a few seconds. This behaviour is ok.
Does this also work with the Kopano Deskapp?
Also, can it be enabled on a per user basis?
I’m using the community version of Kopano – any issues there?
>> Does this also work with the Kopano Deskapp?
You have to use whitelist (see download section).
>> Also, can it be enabled on a per user basis?
Yes (see configuration section).
>> I’m using the community version of Kopano – any issues there?
Unknown to me (see tested versions in download section).
Hallo Norman,
vielen Dank für dein Plugin, das funktioniert super.
Eine Frage habe ich dennoch:
Ist es möglich mit
define(‘PLUGIN_GOOGLE2FA_WHITELIST’, gethostbyname (‘xxx.yyy.de’);
Einen Dyndns Eintrag auf die Whitelist zu setzen? Also immer wenn jemand von xxx.yyy.de kommt, das er dann nicht durch die 2 FA muss? Denn sonst funktioniert die Desktapp leider nicht mehr.
Wenn ja, würdest du mir zwei Beispiele schicken für IPv4 und V6? Meine Versuche sind leider gescheitert 🙁
Viele Grüße
Andreas
Hallo Andreas,
sorry für die späte Antwort – irgendwie habe ich den Kommentar übersehen.
So wie es in den Beispielen in der config.php beschrieben ist sollte es mit V4 und V6 funktionieren.
Ich verwende es seit Jahren erfolgreich. Nimm doch einfach mal beide Versionen (V4/V6) mit auf.
define('PLUGIN_GOOGLE2FA_WHITELIST', gethostbyname('xxx.yyy.de') . "," . dns_get_record('xxx.yyy.de', DNS_AAAA)[0]["ipv6"] . "/64");Gruß, Norman
Hello,
I have a issue with PLUGIN_GOOGLE2FA_WHITELIST. I enter my subnet however afte i do this it never skaes me for a code again? not from inside my subnet and also not from external. i am using latest build of kopano. any ideas?
Thanks for the hint. After a mail communication an error could be found, which prevents the query of the code when specifying a proxy. This will be fixed in the upcoming version.
Hi,
Can we also set for example ip addres 192.168.2.20 – 192.168.2.254 in whitelist? Amd what should be the format?
Hi! The IP addresses must be listed comma separated. Alternatively, you can create such a string via PHP.
Hello,
very nice plugin, Thank! But i do not undertand how i can disable 2factor for the deskapp? Should i set there some path or binary in whitelist?
In the new version 0.6.0 there is the possibility to use the DeskApp without two-factor authentication.
Since mcrypt been deprecated, does libsodium will be used in future version ?
openssl will be supported in version 0.7.0
Hi All,
With the latest f2a plugin the whitelist is not working anymore. all is asked for f2a code even trusted ip adresses.
Hallo,
Super Plugin!!
Nur zur Info falls jemand anderes das Problem hat!
Habe von php5 auf php7 umgestellt.
Danach wurde der QR code nicht mehr angezeigt.
Das kann man lösen durch Nachinstallation von php7.x-gd.
(7.x entsprechend der php version. z.Bsp in Debian mit php7.0:
apt-get install php7.0-gd)
Hi,
For the first time I tried to install the plugin on Ubuntu 20.04.
It did not work anymore. A blank screen after login.
The solution above (apt-get install php7.4-gd) did not help.
Hallo Norman,
vielen Dank für das Klasse Plugin. Es funktioniert bei mir sogar mit der Version 4 von WebApp. Das einzige ist der QR Code, der wurde mir nicht angezeigt. Aber mit dem String darunter konnte ich meine App (ich nutze TOTP für Android) einrichten und mich mit dem Code der App anmelden. Super Sache.
Viele Grüße.
Marcel
Hi
I’m moving Kopano server to a new instalation. Is it possibile to transfer existing 2fa settings also, so existing users would not have to rescan/reenable the plugin.
Thanx in advance.