Skip to content
This repository has been archived by the owner on Jun 13, 2024. It is now read-only.

tvdijen/simplesamlphp-module-cmdotcom

Repository files navigation

SMS as Second Factor module

Build Status Coverage Status Scrutinizer Code Quality Type Coverage Psalm Level

Caution

This module has been abandoned since June 13, 2024. It should still work, and I don't mind reviving it, but my personal use-case for this module no longer exists. Feel free to hit me up if you need this module and together we can work things out.

This module is implemented as an Authentication Processing Filter. That means it can be configured in the global config.php file or the SP remote or IdP hosted metadata.

Prerequisites

To be able to use this module, you have to register at CM.com to get an API-key for their RESTful API.

How to setup the module

First you need to enable the module; in config.php, search for the module.enable key and add cmdotcom with value true:

    'module.enable' => [
         'cmdotcom' => true,
         …
    ],

In order to process the passcode SMS in this module, you need set the mandatory API-key to interact with the CM.com RESTful API in the productToken setting.

You can optionally set the mobilePhoneAttribute to the name of the attribute that contains the user's mobile phone number. The default attribute if this setting is left out is mobile.

If the attribute defined above is not available for a user, an error message will be shown, and the user will not be allowed through the filter. Please make sure that you select an attribute that is available to all users.

By default the SMS will originate from Example, but this can be changed using the optional originator setting. The maximum length is 16 digits for a phonenumber or 11 alphanumerical characters [a-zA-Z0-9]. Example: 'CMTelecom'.

Another default is that the OTP received by SMS can be entered within a period of three minutes. This can be adjusted by configuring the optional validFor setting to the number of seconds the code should be valid.

Finally, it is possible for the OTP code to be automatically pushed to a mobile app. To do this, set the optional allowPush to true and set the appKey to match your mobile app.

This module is using libphonenumber-for-php to parse recipient phonenumbers and normalize them. If you experience undeliverable SMS, you can try to set your defaultRegion to the CLDR two-letter region-code format for your region.

Add the filter to your Identity Provider hosted metadata authproc filters list, specifying the attribute you've selected.

    90 => [
        'class' => 'cmdotcom:OTP',
        'productToken' => 'secret',
        'mobilePhoneAttribute' => 'mobile',
        'originator' => 'CM Telecom',
        'validFor' => 600,
        'defaultRegion' => 'NL',
    ],

This setup uses no persistent storage at all. This means that the user will always be asked to enter a passcode each time she logs in.