Latch plugin installation and user guide for Roundcube

Transcription

ElevenPaths, radical and disruptive
innovation in security solutions
Latch plugin installation
and user guide
for Roundcube
Version 4.1 – January 2015
ElevenPaths
[email protected]
elevenpaths.com
Latch plugin installation and user guide
for Roundcube
V.4.1 – January 2015
TABLE OF CONTENT
1 Obtaining the Latch plugin .......................................................................................... 3
1.1 Prerequisites ............................................................................................................................. 3
1.2 Obtaining application ID ........................................................................................................... 3
1.3 Downloading the plugin............................................................................................................ 6
2 Installing the plugin..................................................................................................... 7
2.1 Configuring the plugin .............................................................................................................. 8
2.2 Uninstalling the plugin .............................................................................................................. 9
3 Use of the Latch plugin by end users........................................................................... 10
3.1 Pairing a user .......................................................................................................................... 10
3.2 Unpairing a user...................................................................................................................... 12
4 Resources .................................................................................................................. 13
2015 © Telefónica Digital Identity & Privacy, S.L.U. All Rights Reserved.
Page 2 of 14
for Roundcube
1 Obtaining the Latch plugin
1.1 Prerequisites


Roundcube version 0.87 or later.
Curl extensions active in PHP (uncomment "extension=php_curl.dll" or "extension=curl.so"
in Windows or Linux php.ini respectively.
1.2 Obtaining application ID
To obtain the "Application ID" and the "Secret", which are essential to integrate Latch into a service,
it’s necessary to register a developer account in Latch's website: https://latch.elevenpaths.com. On
the upper right side, click on “Developer area”.
Figure 01: “Developer area” in Latch webpage.
In the next screen, tap the button “Register as a developer” and select “Create a new developer
account”, a form will appear where you can fill up the required data. Mandatory fields are name, email and password.
Figure 02: Sign in form for developers.
Page 3 of 14
for Roundcube
Once completed, an email will be sent, with an activation code to activate the brand new account.
Figure 03: Form to fill up with activation code.
When the account is activated, the user will be able to create applications with Latch and access to
developer documentation, including existing SDKs and plugins.
To do so the developer must log on to the Latch website and then access the "Developer area"
section (https://latch.elevenpaths.com/www/developerArea), where you can view your applications
through the "My applications" section on the side menu.
Figure 04: “My applications” section with user's configured applications.
From the "Add a new application" button, the developer will create a new application, with the
specified name, which you want to appear in the end users' mobile application.
Page 4 of 14
for Roundcube
Figure 05: Creating an application. The name will be shown on the mobile app.
Information about the application is displayed when it is created and part of this data is editable.
The basic data that the developer should use when installing the plugin are the "Application ID" and
"Secret". In addition the following additional parameters are in place, which the developer may
change at any time, that set the characteristics of your application:

Name: This corresponds to the name of the application that end users see on their devices when
they pair the service. They can customize it themselves on their own device if they so wish.

Image: This corresponds to the application icon that will appear in the end-user's device; its size
should not exceed 1MB. It is recommended to be in 24-bit png format without alpha channel,
and its proportions are 1: 1.

2nd OTP factor (One-time password): This is only available to developers with a subscription
model other than "Community". It enables the service to also be protected by a password, which
is sent to the end user at the time he/she wants to access the service. The OTP setup can be:
1. Disabled: The option will not appear on the end user's mobile device.
2. Opt in: The end user may choose to use this option to protect the service.
3. Mandatory: The end user will receive a password every time he/she wants to access the
service.

Lock latches after request: This is only available to developers with a subscription model other
than "Community". This enables the service to be locked automatically once it has been
accessed. The “Lock latches after request” setup can be:
1. Disabled: The option will not appear on the end user's mobile device.
2. Opt in: The end user may choose to use this option to protect the service.
3. Mandatory: The service will be locked automatically once it has been accessed. In the latter
case, the "Scheduled lock" option would disappear from the service details view.

Contact email and Contact phone: These details will be displayed in the notifications that users
will receive when there is a fraudulent attempt to access the service or any of its operations.

Operations: This corresponds to each of the actions included in the service but independent of
each other, and that the developer wants to protect with Latch. The number of operations that
can be included depending on the model of subscription chosen. In each of the operations, a
"2nd OTP factor" (OTP) and an "Lock latches after request" (LOR) can be used. It is not
compulsory to create operations and this will depend on the nature of the service to be
protected.
Page 5 of 14
for Roundcube
Note: This plugin does not support the use of operations. Tailored implementation through the
SDK of the corresponding language must be carried out to add them.
Once the setup is complete and the changes have been saved, the new application will appear on
the list of the developer's applications. This can be edited whenever you want.
Figure 06: Created application. It may be edited again at any moment.
1.3 Downloading the plugin
From the side menu in developers area, the developer can access the “Documentation & SDKs”
section. Inside it, there is a “Plugins and SDKs” menu. Links to different SDKs in different
programming languages and plugins developed so far, are shown.
Figure 07: Examples of SDKs and plugins available.
The developer must tap the “DOWNLOAD” button for this plugin to access its source code from the
“Standard plugins” section. A manual on the installation and use of the plugin can also be
downloaded.
Page 6 of 14
for Roundcube
2 Installing the plugin
Once the administrator has downloaded the plugin, it has to be added in its administration panel in
Roundcube. Unzip the downloaded plugin inside “latchRC” folder, and place the whole content
inside “plugins” folder, inside Roundcube folder set, as shown in the figure.
Figure 08: “latchRC” folder and the unzipped plugin.
Now, Latch plugin has to be enabled in Roundcube. Open the "main.inc.php” file with a text editor
and modify this value shown below, about Roundcube plugins:
 $rcmail_config['plugins'] = array();
This var has to be modified to include the name of the plugin “latchRC” inside the array, just as
shown in the figure.
Figure 09: Enabling Latch plugin with “main.inc.php” file.
Page 7 of 14
for Roundcube
2.1 Configuring the plugin
“Application ID” and “Secret” data generated before (see figure 05) has to be set as well.
This is manually done editing “config.inc.php” file , in “latchRC” folder. With any text editor, modify
the values of “Application ID” and “Secret” in the variables below:
 $rcmail_config['latch_appId'] = "";
 $rcmail_config['latch_appSecret'] = "";
Save the file.
Figure 10: Setting “Application ID” and “Secret” in “config.inc.php” file.
Users now have to go to the administration panel of their email account. “Preferences” will show a
new section named “Latch settings” where the user may add the token generated by its mobile
device. Press “Save” to save the data.
Figure 11: Preferences site where token has to be inserted.
Page 8 of 14
for Roundcube
2.2 Uninstalling the plugin
Uninstalling is simple. Administrator just have to undo the steps done during the installation.
The easier way is to comment out the line code referring the plugin array in main.inc.php. Add: //
just as the figure shows.
Figure 12: Comment out the line referring Latch and the plugin will not be operative.
Figure 13: When back to “Preferences”, Latch options will not be available anymore.
Page 9 of 14
for Roundcube
3 Use of the Latch plugin by end users
Latch does not affect in any case or in any way the usual operations with a service. It just allows or
denies actions over it, acting as an independent extra layer of security that, once removed or
without effect, will have no effect over the service, which will remain with their original state.
3.1 Pairing a user
When the plugin is configured, users may use it. They need the Latch application installed on their
mobile devices, and follow these steps:
Step 1: Within your account of the service that you want to pair, you must go to the site created
by the administrator for pairing with Latch. The way to access this site and its name are
completely dependent on the administrator.
Figure 14: The user should introduce the pairing code generated by Latch here.
Step 2: From the Latch app on the mobile device, the user has to generate the pairing code,
pressing on “Add a new service" at the bottom of the application, and pressing "Generate new
code" will take the user to a new screen where the pairing code will be displayed.
Step 3: Next the same characters displayed on the mobile device must be entered (before they
expire) on the site created by the administrator for pairing with Latch and then tap the button to
confirm the pairing. A notification will be received on the mobile device, announcing that the
service is already paired.
Page 10 of 14
for Roundcube
Figure 15: Button that generates
the pairing code.
Figure 16: Generated pairing code.
Figure 17: Notification after
successful pairing.
Step 4: After pairing, the user will be able to access the accounts list paired with Latch. Users can
check that the pairing was recently added. From this point users can lock and unlock access to
these services simply by tapping the button beside each service name.
Figure 18: Unlocked service.
Figure 19: Locked service.
To test Latch, the user needs to lock the service from Latch app , and try to access again introducing
the right credentials.
If the configuration is correct, the user will not be able to access in even if the correct credentials
were introduced. Additionally, a notification on the mobile device will be received, warning about
somebody trying to access the service. The notification includes the email and the phone that the
developer stated at when created (Figure 5).
Page 11 of 14
for Roundcube
Figure 20: A user accessing.
Figure 21: Notification of an
unauthorized access attempt.
After unlocking the service from Latch app and introducing the right credentials again, the user will
be able to access.
3.2 Unpairing a user
Simply access the section where the pairing initially took place and unpair throught the
corresponding element. Finally, an alert indicating that the service has been unpaired will be
displayed
Figure 22: Unpairing Latch.
Figure 23: Alert displaying the
service has been unpaired.
Page 12 of 14
for Roundcube
4 Resources
For more information about how to use Latch and testing more free features, please refer to the
user guide in Spanish and English:
1. Guía del usuario de Latch con Nevele Bank.
2. Latch user´s guide for Nevele Bank.
You can also access the following constantly expanded documentation:

Manuals in Spanish and English for integrating and using Latch with the available plugins, at the
Latch website and via the ElevenPaths Slideshare channel.

Videos with subtitles in Spanish and English for integrating and using Latch with the available
plugins on ElevenPaths' YouTube and Vimeo channels.

Manuals for integrating and using Latch in the organizations that have already implemented it
(Movistar, Tuenti, UNIR, USAL, etc.), at the Latch website and via the ElevenPaths Slideshare
channel.

Information about Latch API at the Latch website.
Page 13 of 14
for Roundcube
PUBLICATION:
January 2015
At ElevenPaths we have our own way of thinking when we talk
about security. Led by Chema Alonso, we are a team of experts
who are passionate about their work, who are eager to redefine
the industry and have great experience and knowledge about the
security sector.
Security threats in technology evolve at an increasingly quicker
and relentless pace. Thus, since June 2013, we have become a
startup company within Telefónica aimed at working in an agile
and dynamic way, transforming the concept of security and,
consequently, staying a step ahead of our attackers.
Our head office is in Spain, but we can also be found in the UK,
the USA, Brazil, Argentina and Colombia.
If you wish to know more about us, please contact us at:
elevenpaths.com
Blog.elevenpaths.com
@ElevenPaths
Facebook.com/ElevenPaths
YouTube.com/ElevenPaths
The information disclosed in this document is the property of Telefónica Digital Identity & Privacy, S.L.U. (“TDI&P”) and/or any other entity
within Telefónica Group and/or its licensors. TDI&P and/or any Telefonica Group entity or TDI&P’S licensors reserve all patent, copyright
and other proprietary rights to this document, including all design, manufacturing, reproduction, use and sales rights thereto, except to
the extent said rights are expressly granted to others. The information is this document is subject to change at any time, without notice.
Neither the whole nor any part of the information contained herein may be copied, distributed, adapted or reproduced in any material
form except with the prior written consent of TDI&P.
This document is intended only to assist the reader in the use of the product or service described in the document. In consideration of
receipt of this document, the recipient agrees to use such information for its own use and not for other use.
TDI&P shall not be liable for any loss or damage arising out from the use of the any information in this document or any error or omission
in such information or any incorrect use of the product or service. The use of the product or service described in this document are
regulated in accordance with the terms and conditions accepted by the reader.
TDI&P and its trademarks (or any other trademarks owned by Telefonica Group) are registered service marks. All rights reserved.
Page 14 of 14

Latch plugin installation and user guide for Roundcube

Transcription

Documents pareils

How to go about: Join the meeting: https://join.me/contraste

Glass pipes for sale - Hookah Online Store

v4: How to create a BartPE Rescue CD for Macrium

System Understanding

domogik-plugin-weather

APCI-8001, APCI-8008 CPCI-8004 - ADDI-DATA

7/16“ F 1/4“ - DeeZee Instructions

ImLib3D : An Efficient, Open Source, Medical Image Processing

dzz-dz91730-largejbolt

Press Release