Skip to content

OpenOTP

To set up OpenOTP, an open-source multi-factor authentication (MFA) solution for various platforms, you will need to install the required software, configure it with the server, and set up the user clients. Here is a step-by-step guide to install and configure OpenOTP on an Ubuntu-based system.

Step 1: Install Required Packages

Before installing OpenOTP, ensure you have the necessary dependencies installed:

sudo apt update
sudo apt install apache2 php libapache2-mod-php php-mysql mariadb-server curl git unzip

Step 2: Install OpenOTP

OpenOTP requires an LDAP directory service, typically OpenLDAP or Active Directory, and is often used in combination with RCDevs WebADM. You will need to register for a free license at RCDevs’ website. You can download the software from their portal:

  1. Download WebADM from RCDevs WebADM Downloads (login required). Once downloaded, extract the WebADM package: tar -xzvf WebADM-x.x.x.tar.gz
  2. Install WebADM by running the installation script: cd WebADM-x.x.x sudo ./install.sh
  3. During the installation, you will be prompted for various configuration options such as the installation path, administrator email, and license key (which you received after registration).
  4. Install OpenOTP by navigating to the OpenOTP folder: cd /path/to/openotp/ sudo ./install.sh

Step 3: Configure WebADM

After installing WebADM and OpenOTP, configure your instance:

  1. Configure WebADM:
    • Open the WebADM configuration file: sudo nano /opt/webadm/conf/webadm.conf
    • Edit the settings to match your environment, such as setting up LDAP or AD details.
  2. Generate SSL Certificates: If you don’t have an SSL certificate yet, you can create one with Let’s Encrypt or use a self-signed certificate: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/webadm.key -out /etc/ssl/certs/webadm.crt Edit the WebADM configuration file to use the new certificate: ssl_certificate /etc/ssl/certs/webadm.crt; ssl_certificate_key /etc/ssl/private/webadm.key;
  3. Start WebADM: sudo systemctl start webadm sudo systemctl enable webadm
  4. Access the WebADM Web Interface:
    Navigate to https://your-server-ip-or-domain:8443 in your browser to configure the WebADM instance further.

Step 4: OpenOTP Configuration

  1. Access OpenOTP via WebADM:
    After WebADM is installed and configured, you can log in to the WebADM dashboard and manage OpenOTP settings.
  2. Configure Authentication Policies:
    • You can configure how users authenticate, including the choice between TOTP (Time-Based One-Time Password), HOTP (HMAC-based One-Time Password), SMS, push notifications, and others.
    • OpenOTP supports multi-factor authentication workflows.
  3. User Enrollment:
    Users need to be enrolled in OpenOTP either via LDAP, Active Directory, or manually created in WebADM.

Step 5: Setup OpenOTP Tokens

Users can use the OpenOTP Token App available for Android and iOS. This app allows users to generate one-time passwords (OTPs) for MFA.

  1. Download the OpenOTP Token App from Google Play or the App Store.
  2. Scan the QR Code generated during the enrollment process from the WebADM panel.

Step 6: Test the OpenOTP Setup

Once everything is set up, test the OpenOTP MFA by logging into a service that uses OpenOTP authentication and generating an OTP with the OpenOTP Token App or another compatible TOTP app (like Google Authenticator).

This setup guide assumes a basic configuration of OpenOTP with WebADM. Depending on your environment, you might need to configure it for integration with existing services like VPN, SSH, or Web Access. The WebADM and OpenOTP documentation will provide detailed information for more advanced configurations.

Leave a Reply

Your email address will not be published. Required fields are marked *