Kumi
70b5235be8
Implement additional security and functionality in authentication with the introduction of docstrings, type hints, and extended verification logic in the TOTP model to prevent repeated token use, improving robustness against replay attacks. Simultaneously, established the groundwork for RADIUS (Remote Authentication Dial-In User Service) support by creating models and management commands essential for handling authentication, accounting packets, and web-based authentication challenges, broadening the system's capability to integrate with network access servers and services. Resolves issues with token replay attacks and sets the stage for scalable network authentication mechanisms. |
||
|---|---|---|
| .vscode | ||
| authentication | ||
| core | ||
| doc | ||
| frontend | ||
| kumidc | ||
| ldap | ||
| radius | ||
| .gitignore | ||
| config.dist.ini | ||
| LICENSE | ||
| manage.py | ||
| README.md | ||
| requirements.txt | ||
KumiDC
KumiDC is a simple Django-based OpenID Connect identity provider.
At its core, it uses Django OpenID Connect Provider by Juan Ignacio Fiorentino to provide the actual OIDC functionality, and adds a few fancy things on top.
- "Pretty" AdminLTE user interface
- Time-based One-Time Passwords for Two Factor Authentication
- Requirement to re-authenticate or enter 2FA token every five minutes
As it stands, this project is not complete. It works as an OIDC provider, although its security has not been tested to any extent.
We currently use it, in conjunction with oauth2-proxy, to add an authentication layer to applications on our internal network where protection against unauthorized access is not directly implemented, and not critical.