Seed

From Swivel Knowledgebase
Revision as of 12:28, 21 May 2015 by Gfield (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Overview

Swivel supports the use of OATH HOTP such as used with the Swivel Token, and software tokens with a valid seed can be used to authenticate Swivel users. Hardware tokens are supplied with seeds each one for a specific hardware token, and do not need a seed generated.


Prerequisites

Swivel 3.9.6


Swivel OATH Seeds

Swivel OATH seeds for Swivel hardware Tokens are sent by email in an encrypted file, with the password sent by SMS text message and can then be imported. A seperate seed does not need to be generated.


Generating an OATH seed

The following command generates a Hexadecimal (base 16) seed for a software token authentication, it is possible to run this on the command line of a Swivel appliance through the CMI.

 head -10 /dev/urandom | md5sum | cut -b 1-30

Example:

e0b10ee3a4bb2598c0575539529f33

This seed should be assigned a serial number and can be imported into the Swivel administration console. It may be used with an appropriate software token such as Google Authenticator.

Different length seeds may be generated, for example using sha1sum (SHA1-HMAC is used for Google Authenticator):

 head -10 /dev/urandom | sha1sum | cut -b 1-40


Importing Token Seeds

There are two types of OATH Tokens: Event Based (HOTP) and Time Based (TOTP) Tokens. Before importing, you must confirm which type of Token is being used. From the Swivel Admin Console, under OATH > OATH Policies > Token Type, set this to HOTP or TOTP - this must be set BEFORE importing the Token Seeds.

Next, under OATH > OATH Tokens, you would click the 'Import' button and select the File Format from the dropdown menu or Browse to the file that contains the Token Seeds.

For further information on the token import options see Token.


Testing

Known Issues

Troubleshooting