• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Extension Development

Paul Ellison

Basic Pleskian
I am looking to develop my own Plesk extension to implement Two Factor Authentication though a third party provider called Duo Security.

Having read a fair amount of documentation I have only found information about replacing/complementing the existing Username/Password login. Code from Google Authenticator and Clef extensions appears to be heavily obfuscated.

The Duo Security process I am trying to implement submits the username used in primary authentication and then offers the user with additional content loaded through an iFrame which is used to interact with the second factor. More details about the DuoWeb process is available here: https://duo.com/docs/duoweb

Is this the best place to get advice regarding this, or is there a specific Extension developer community?

Thanks
Paul
 
Update:

I have now created an extension framework, put together the settings page, and have values saving.
I have created a test hook (Auth.php) with the following to see if I can inhibit login. No luck so far.
Code:
class Modules_LdapAuth_Auth extends pm_Hook_Auth {

    public function auth($login, $password) {
        return false;
    }

    public function isEnabled() {
        return (bool)pm_Settings::get('enable');
    }

    public function breakChainOnFailure() {
        return true;
    }

}
 

Attachments

  • Screen Shot 2016-02-25 at 19.35.36.png
    Screen Shot 2016-02-25 at 19.35.36.png
    39.6 KB · Views: 7
Back
Top