uotp

uotp is a full blown authentication and authorisation service made for micro services. The basic idea is that every micro service has a (long term) triple constisting of (name, realm, seed) and creates time based tokens. This basically revamps Kerberos in a simple way into the web area. uotp has been created and is maintained by ungleich.

Technologies Used

• Flask
• PyOTP
• Etcd

Installation

Alpine

# Update and Upgrade 
cat > /etc/apk/repositories << EOF
https://mirror.ungleich.ch/mirror/packages/alpine/edge/main
https://mirror.ungleich.ch/mirror/packages/alpine/edge/community
https://mirror.ungleich.ch/mirror/packages/alpine/edge/testing
EOF
apk update
apk upgrade

# Install Dependencies
apk add python3 git etcd etcd-ctl py3-grpcio

curl https://raw.githubusercontent.com/etcd-io/etcd/release-3.4/etcd.conf.yml.sample -o /etc/etcd/conf.yml

pip3 install git+https://code.ungleich.ch/ungleich-public/uotp.git@master


service etcd start

Create /etc/uotp/uotp.conf with something like the following configuration

BASE_PREFIX=/uotp/
ADMIN_REALM=ungleich-admin
AUTH_REALM=ungleich-auth
PORT=8000

and run uotp with the following command

uotp

Usage

Get Admin Credentials

Run the following commands in your uotp directory

uotp-client get-admin

Create Auth Account (or any account)

Run the following command in your uotp directory:

uotp-client create \
    --name auth --realm ungleich-auth \
    --admin-name admin --admin-realm ungleich-admin \
    --admin-seed admin_seed_here

In response, you would get a JSON object containing Message and Credentials of newly created account.

List All Accounts with credentials

uotp-client list \
    --admin-name admin_name_jere --admin-realm admin_realm_here \
    --admin-seed admin_seed_here

Verify OTP Credentials

uotp-client verify \
    --name user_name_here --realm user_realm_here \
    --seed user_seed_here --auth-name auth_name_here \
    --auth-realm auth_realm_here --auth-seed auth_seed_here

Delete OTP Account

TODO