PHPackages simplesamlphp/simplesamlphp-module-yubikey - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Authentication & Authorization](/categories/authentication) 4. / 5. simplesamlphp/simplesamlphp-module-yubikey ActiveSimplesamlphp-module[Authentication & Authorization](/categories/authentication) simplesamlphp/simplesamlphp-module-yubikey ========================================== A SimpleSAMLphp module that adds support for YubiKey devices. v1.1.0(4mo ago)59582[1 PRs](https://github.com/simplesamlphp/simplesamlphp-module-yubikey/pulls)LGPL-2.1-or-laterPHPPHP ^8.3CI passing Since Dec 23Pushed 1mo ago3 watchersCompare [ Source](https://github.com/simplesamlphp/simplesamlphp-module-yubikey)[ Packagist](https://packagist.org/packages/simplesamlphp/simplesamlphp-module-yubikey)[ RSS](/packages/simplesamlphp-simplesamlphp-module-yubikey/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (4)Versions (6)Used By (0) YubiKey ======= [](#yubikey) [![Build Status](https://github.com/simplesamlphp/simplesamlphp-module-yubikey/actions/workflows/php.yml/badge.svg)](https://github.com/simplesamlphp/simplesamlphp-module-yubikey/actions/workflows/php.yml/badge.svg)[![Coverage Status](https://camo.githubusercontent.com/b1eadb212c50d76fe7716b2e52ab9f0ff0dc95645985b7247b8245456cc0ef83/68747470733a2f2f636f6465636f762e696f2f67682f73696d706c6573616d6c7068702f73696d706c6573616d6c7068702d6d6f64756c652d797562696b65792f6272616e63682f6d61737465722f67726170682f62616467652e737667)](https://codecov.io/gh/simplesamlphp/simplesamlphp-module-yubikey)[![Scrutinizer Code Quality](https://camo.githubusercontent.com/fb10fff8105d9d2d1cf3f5d733929752af2786cf5697a5f2097b1b37e7474501/68747470733a2f2f7363727574696e697a65722d63692e636f6d2f672f73696d706c6573616d6c7068702f73696d706c6573616d6c7068702d6d6f64756c652d797562696b65792f6261646765732f7175616c6974792d73636f72652e706e673f623d6d6173746572)](https://scrutinizer-ci.com/g/simplesamlphp/simplesamlphp-module-yubikey/?branch=master)[![Type Coverage](https://camo.githubusercontent.com/343afdbf4e22e260dceb90c79b34e86321c8fcac302ea87422b65c9790018896/68747470733a2f2f73686570686572642e6465762f6769746875622f73696d706c6573616d6c7068702f73696d706c6573616d6c7068702d6d6f64756c652d797562696b65792f636f7665726167652e737667)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-yubikey)[![Psalm Level](https://camo.githubusercontent.com/c41b6b9aac717eab9ef982720191cc06bedb73c9a49e560bf2ae19102250de11/68747470733a2f2f73686570686572642e6465762f6769746875622f73696d706c6573616d6c7068702f73696d706c6573616d6c7068702d6d6f64756c652d797562696b65792f6c6576656c2e737667)](https://shepherd.dev/github/simplesamlphp/simplesamlphp-module-yubikey) This is a SimpleSAMLphp module to leverage YubiKey devices to authenticate users in different ways. For the moment, it provides an authentication processing filter that allows you to require a user to use a YubiKey to complete authentication, effectively implementing two-factor authentication. This filter can be combined with any other authentication source, provided that the identifier (or identifiers) of the key registered for that user is available as an attribute. Installation ------------ [](#installation) Once you have installed SimpleSAMLphp, installing this module is very simple. Just execute the following command in the root of your SimpleSAMLphp installation: ``` vendor/bin/composer require simplesamlphp/simplesamlphp-module-yubikey ``` Then, you need to do is to enable the Yubikey module: in `config.php`, search for the `module.enable` key and set `yubikey` to true: ``` 'module.enable' => [ 'yubikey' => true, … ], ``` OTP authentication processing filter ------------------------------------ [](#otp-authentication-processing-filter) This filter allows you to ask for YubiKey authentication before proceeding further. As any other processing filter, it can be configured either in the general configuration, in the authsources, in the hosted IdP metadata or in the remote SP metadata. See [documentation](documentation). You can configure the filter by adding an authproc filter with the class `yubikey:OTP`. At the very least, you will need an API client identifier and an API key. By default, the filter will let you use [YubiCloud](YubiCload), which will require you to [register](register) to obtain a client identifier and an API key. If you would like to run the YubiKey validation server yourself (i.e. the server running the API), [you can also do it](https://developers.yubico.com/Software_Projects/Yubico_OTP/YubiCloud_Validation_Servers)(you can also do it). In that case, you will need to configure the hostname of your validation server instead of the default addresses. Here are all the options available: ### API configuration options [](#api-configuration-options) - `api_client_id`: The client identifier to present to the API. This option is **mandatory**. - `api_key`: The key that grants you access to the YubiKey API. This option is **mandatory**. - `api_hosts`: An array containing the hosts where the API can be contacted to authenticate a given YubiKey. Please note that **all hosts will be queried**, and **all the responses must be successful**in order to consider the authentication of a device to be successful. Therefore, if you want to use your own API with high availability, you should only specify one hostname here and configure a high availability setup for that hostname. This is optional and defaults to Yubico's public API servers, those being: - `api.yubico.com` ### Operational configuration options [](#operational-configuration-options) - `abort_if_missing`: A boolean value telling whether the whole login process should be aborted if the user has no YubiKey devices registered (set to `true`) or continue, skipping YubiKey authentication (set to `false`). Optional. Defaults to `false`. - `key_id_attribute`: This is the name of an attribute that holds one or more YubiKey device identifiers that are known and accepted for the user. Optional. Defaults to `yubikey`. ### Assurance configuration options [](#assurance-configuration-options) - `assurance_attribute`: This is the name of an attribute that we will use to indicate that a successful authentication with the YubiKey device was performed (only when authentication was successful, of course). Optional. Defaults to `eduPersonAssurance`. - `assurance_value`: This is the value that we will add to the attribute specified by `assurance_attribute`. Optional. Defaults to `OTP`. ### Health Score 54 — FairBetter than 97% of packages Maintenance83 Actively maintained with recent releases Popularity21 Limited adoption so far Community18 Small or concentrated contributor base Maturity82 Battle-tested with a long release history Bus Factor1 Top contributor holds 94.2% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~1094 days Total 4 Last Release 141d ago Major Versions v0.1.1 → v1.0.02023-01-23 PHP version history (2 changes)v1.0.0PHP >=7.4 || ^8.0 v1.1.0PHP ^8.3 ### Community Maintainers ![](https://www.gravatar.com/avatar/579a16ea8afccc6ab420c393f0e573296fe46dcd293aa4f3b71eefc158ebf3e4?d=identicon)[jaime](/maintainers/jaime) ![](https://www.gravatar.com/avatar/9221e348303eeda74e85236a8bff9b919a90d10e3a478fe1cbb9d833f68d0150?d=identicon)[thijskh](/maintainers/thijskh) ![](https://www.gravatar.com/avatar/d424231c85138609ae230ccd5002c8025fd5dce7f51b2f1778f69ba3a49a4efa?d=identicon)[tvdijen](/maintainers/tvdijen) --- Top Contributors [![tvdijen](https://avatars.githubusercontent.com/u/841045?v=4)](https://github.com/tvdijen "tvdijen (130 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (3 commits)")[![jaimeperez](https://avatars.githubusercontent.com/u/1942728?v=4)](https://github.com/jaimeperez "jaimeperez (3 commits)")[![gregharvey](https://avatars.githubusercontent.com/u/238550?v=4)](https://github.com/gregharvey "gregharvey (1 commits)")[![thijskh](https://avatars.githubusercontent.com/u/3808792?v=4)](https://github.com/thijskh "thijskh (1 commits)") --- Tags otpsimplesamlphpyubikey ### Embed Badge ![Health badge](/badges/simplesamlphp-simplesamlphp-module-yubikey/health.svg) ``` [![Health](https://phpackages.com/badges/simplesamlphp-simplesamlphp-module-yubikey/health.svg)](https://phpackages.com/packages/simplesamlphp-simplesamlphp-module-yubikey) ``` ### Alternatives [spomky-labs/otphp A PHP library for generating one time passwords according to RFC 4226 (HOTP Algorithm) and the RFC 6238 (TOTP Algorithm) and compatible with Google Authenticator 1.5k46.1M118](/packages/spomky-labs-otphp) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)