Posted by Claudio Pasolini on 10/07/25 11:22 AM

MFA (Multi-Factor Authentication) for OpenACS

This package provides Time-based One-Time Password (TOTP) two-factor authentication (2FA) for OpenACS / NaviServer applications, compatible with Google Authenticator and similar apps (Authy, Microsoft Authenticator, FreeOTP, etc.).

It integrates seamlessly into the OpenACS authentication flow and uses the built-in ns_totp command from NaviServer and qrencode CLI via exec.

You can get the code with git clone https://github.com/claudio-48/mfa.git.

🚀 Features

Implements TOTP (RFC 6238) using ns_totp
User setup with QR code and Base32 secret
OTP verification with configurable time window tolerance (skew)
The decision to use the 2FA is left to the user, who can opt in and out at any moment
Optional enforcement of 2FA for all users (actually not implemented)
PostgreSQL schema and setup/verify pages included

Claudio

2: Re: Multi Factor Authentication package (response to 1)

Posted by Brian Fenton on 10/08/25 04:54 PM

Congrats, Claudio. This looks super interesting.

Brian

3: Re: Multi Factor Authentication package (response to 1)

Posted by Gustaf Neumann on 10/08/25 06:21 PM

Thank you, Claudio! This is a very nice contribution.

I've updated the docker compose instructions for gustafn/openacs:latest to include qrencode:

https://hub.docker.com/repository/docker/gustafn/openacs/general

4: Ihave Re: Multi Factor Authentication package (response to 1)

Posted by Claudio Pasolini on 10/10/25 06:52 PM

I have implemented the optional enforcement of the MFA for all users.
The package has been tested only with Google Authenticator.

Claudio

5: Re: Multi Factor Authentication package (response to 1)

Posted by Claudio Pasolini on 10/12/25 11:50 AM

I just made the last refinements, tested the package also with Authy and updated the repository at https://github.com/claudio-48/mfa.git.

Claudio

Forum OpenACS Development: Multi Factor Authentication package

MFA (Multi-Factor Authentication) for OpenACS

🚀 Features