OpenSSO, OpenID and Yubikey, the perfect personal SSO: cheap, and secure
As a new owner of an yubikey, I was looking the best way to integrate it with the web application I already use. While there is already an available OpenID provider which support Yubikey authentication, I prefer to manage my own system, using OpenSSO for sure
First, let me introduce the yubikey. This USB key act as an OTP (One Time Password) device, each time you press the button, the key compute a new password. This pasword must be verify, in the case of Yubikey, this is done by query a Webservices on a yubico (the company) server. Yubikey offers a lot of advantages than others classical OTP devices, including:
- The yubikey is see as an USB keyboard (class HID), no driver required!
- No battery, more longlife than anothers devices
- Very cheap, around 20 euros (ordered by 10, from France), transport and taxes included
So, why choose OpenSSO? For few years know, OpenSSO provides an extension to act as an OpenID provider, and an authentication class is available for the Yubikey.