Top Banner

Click here to load reader

Latch phpMyAdmin english

Jul 07, 2015

ReportDownload

Technology

Detailed Latch installation guide for phpMyAdmin. Step by step installation guide with figures and explanations for phpMyAdmin administrators. You can watch videos about installing and using Latch on YouTube (https://www.youtube.com/user/ElevenPaths) and Vimeo (http://vimeo.com/elevenpaths). For more information please visit Latch's website (https://latch.elevenpaths.com).

  • 1. ElevenPaths, radical and disruptive innovation in security solutions ElevenPaths [email protected] elevenpaths.com Latch plugin installation and user guide for phpMyAdmin Version 4.1 January 2015

2. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 2 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. TABLE OF CONTENT 1 Obtaining the Latch plugin .......................................................................................... 3 1.1 Prerequisites............................................................................................................................. 3 1.2 Obtaining application ID........................................................................................................... 3 1.3 Downloading the plugin............................................................................................................ 6 2 Installing the plugin..................................................................................................... 7 2.1 Configuring the plugin .............................................................................................................. 8 2.2 Uninstalling the plugin.............................................................................................................. 8 3 Use of the Latch plugin by end users............................................................................ 9 3.1 Pairing a user ............................................................................................................................ 9 3.2 Unpairing a user...................................................................................................................... 11 4 Resources ..................................................................................................................12 3. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 3 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. 1 Obtaining the Latch plugin 1.1 Prerequisites Any version of phpMyAdmin between 4.0.4 and 4.2.11. Not compatible with others versions. User installing the plugin should have write permissions in php. Curl extensions active in PHP (uncomment "extension=php_curl.dll" or "extension=curl.so" in Windows or Linux php.ini respectively. 1.2 Obtaining application ID To obtain the "Application ID" and the "Secret", which are essential to integrate Latch into a service, its necessary to register a developer account in Latch's website: https://latch.elevenpaths.com. On the upper right side, click on Developer area. Figure 01: Developer area in Latch webpage. In the next screen, tap the button Register as a developer and select Create a new developer account, a form will appear where you can fill up the required data. Mandatory fields are name, e- mail and password. Figure 02: Sign in form for developers. 4. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 4 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. Once completed, an email will be sent, with an activation code to activate the brand new account. Figure 03: Form to fill up with activation code. When the account is activated, the user will be able to create applications with Latch and access to developer documentation, including existing SDKs and plugins. To do so the developer must log on to the Latch website and then access the "Developer area" section (https://latch.elevenpaths.com/www/developerArea), where you can view your applications through the "My applications" section on the side menu. Figure 04: My applications section with user's configured applications. From the "Add a new application" button, the developer will create a new application, with the specified name, which you want to appear in the end users' mobile application. 5. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 5 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. Figure 05: Creating an application. The name will be shown on the mobile app. Information about the application is displayed when it is created and part of this data is editable. The basic data that the developer should use when installing the plugin are the "Application ID" and "Secret". In addition the following additional parameters are in place, which the developer may change at any time, that set the characteristics of your application: Name: This corresponds to the name of the application that end users see on their devices when they pair the service. They can customize it themselves on their own device if they so wish. Image: This corresponds to the application icon that will appear in the end-user's device; its size should not exceed 1MB. It is recommended to be in 24-bit png format without alpha channel, and its proportions are 1: 1. 2nd OTP factor (One-time password): This is only available to developers with a subscription model other than "Community". It enables the service to also be protected by a password, which is sent to the end user at the time he/she wants to access the service. The OTP setup can be: 1. Disabled: The option will not appear on the end user's mobile device. 2. Opt in: The end user may choose to use this option to protect the service. 3. Mandatory: The end user will receive a password every time he/she wants to access the service. This plugin allows for OTP from version 4.07 and later. Lock latches after request: This is only available to developers with a subscription model other than "Community". This enables the service to be locked automatically once it has been accessed. The Lock latches after request setup can be: 1. Disabled: The option will not appear on the end user's mobile device. 2. Opt in: The end user may choose to use this option to protect the service. 3. Mandatory: The service will be locked automatically once it has been accessed. In the latter case, the "Scheduled lock" option would disappear from the service details view. Contact email and Contact phone: These details will be displayed in the notifications that users will receive when there is a fraudulent attempt to access the service or any of its operations. Operations: This corresponds to each of the actions included in the service but independent of each other, and that the developer wants to protect with Latch. The number of operations that can be included depending on the model of subscription chosen. In each of the operations, a "2nd OTP factor" (OTP) and an "Lock latches after request" (LOR) can be used. It is not 6. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 6 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. compulsory to create operations and this will depend on the nature of the service to be protected. Note: This plugin does not support the use of operations. Tailored implementation through the SDK of the corresponding language must be carried out to add them. Once the setup is complete and the changes have been saved, the new application will appear on the list of the developer's applications. This can be edited whenever you want. Figure 06: Created application. It may be edited again at any moment. 1.3 Downloading the plugin From the side menu in developers area, the developer can access the Documentation & SDKs section. Inside it, there is a Plugins and SDKs menu. Links to different SDKs in different programming languages and plugins developed so far, are shown. Figure 07: Examples of SDKs and plugins available. The developer must tap the DOWNLOAD button for this plugin to access its source code from the Standard plugins section. A manual on the installation and use of the plugin can also be downloaded. 7. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 7 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. 2 Installing the plugin Once the administrator has downloaded the plugin, copy its content in phpMyAdmin root folder. LatchPlugin directory, LatchInstallation.php and LatchUninstallation.php files will be added. Figure 08: phpMyAdmin root directory after unzipping the plugin.. Execute LatchInstallation.php directly from the server. Figure 09: Executing LatchInstallation.php. This files should have been created in this locations: Folder Libraries: o File LatchPairing.php o File LatchPersistence.php o File LatchWrapper.php o File secondFactorValidation.php Folder Librariesplugins o Folder latch with several files. o Folder auth: File AuthenticationLatch.class.php Figure 10: LatchInstallation.php executed. 8. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 8 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rights Reserved. Index.php and config.inc.php are modified, so they are backed up to index.php.bak and config.inc.php.bak. Execute LatchInstallation.php just once. After executing this file you should eliminate from the root directory the LatchInstallation.php file, and the LatchPlugin folder. 2.1 Configuring the plugin Include "Application Id" and "Secret" in the LatchConfiguration.php file located in libraries/plugins/latch. . Figure 11: Including application id and secret in LatchConfiguration.php After this, the plugin is ready to be used by the users. 2.2 Uninstalling the plugin You have to execute the uninstall file LatchUninstallation.php in the same way as the LatchInstallation.php file. During unistalling process, the files previously created will be remoded, and the backed up files will be restored. Then eliminate such file from the uninstallation. Figure 12: Message in the browser after unistalling. 9. Latch plugin installation and user guide for phpMyAdmin V.4.1 January 2015 Page 9 of 132015 Telefnica Digital Identity & Privacy, S.L.U. All Rig