3-Factor Authentication and Vicidial WebPhone

Discussions about development of VICIDIAL and astGUIclient

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

3-Factor Authentication and Vicidial WebPhone

Postby jerryriggin » Thu Apr 20, 2017 1:36 pm

Greetings, All.

I have a client who needs to allow agents to login as local agents over the public IP. To make this secure, in addition to password conventions, I plan to text a one-time-code to the agent's cell phone (setup in the vicidial_users table) after they have entered their username and password. Then they will be required to enter the code they received to authenticate.

I have 2 questions.

1. This seems relatively simple -- am I re-inventing the wheel?
2. Does the Vicidial web phone and/or the PBXWebPhone use port 5060 or an HTTPS tunnel for SIP? If 5060, that makes it a bit less simple to be secure. In that case what is the best way insert the agent's current IP from login request into the SIP invite for the login call?

Thanks for your thoughts.

BTW: I will post all the code here.
jerryriggin
 
Posts: 14
Joined: Sun Oct 30, 2011 10:45 pm

Re: 3-Factor Authentication and Vicidial WebPhone

Postby mflorell » Fri Apr 21, 2017 5:51 am

I've never set up 3-factor authentication like that, but we did just add IP-whitelisting per user group and web resource to the svn/trunk codebase recently though.

As for WebRTC, while Asterisk uses SIP accounts for it, it is very different and operates over it's own port for the encrypted RTP stream. Are you using it now?
mflorell
Site Admin
 
Posts: 15668
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: 3-Factor Authentication and Vicidial WebPhone

Postby jerryriggin » Fri Apr 21, 2017 9:49 am

I have played with some of the resources at https://webrtc.org/, but it also says "Signaling methods and protocols are not specified by WebRTC." So my understanding is that signalling is determined by the application. There are many signaling methods listed at https://github.com/muaz-khan/WebRTC-Exp ... gnaling.md, so I was wondering what methods the new Vicidial web phone and PBXWebPhone, and which would integrate best with my 3-factor authentication scheme. I guess my basic question is, once I have established an HTTPS connection with the remote agent's browser, what else is required to register the agent's phone so it can get the login call from Vicidial. Do I need to use STUN and/or TURN servers?

I know I could install PBXWebPhone or the Vicidial web phone and experiment, (and I will) but I'm just trying to gather as much information on the required config before I begin.
jerryriggin
 
Posts: 14
Joined: Sun Oct 30, 2011 10:45 pm

Re: 3-Factor Authentication and Vicidial WebPhone

Postby chornyi_taras » Fri Apr 21, 2017 10:02 am

I think that you can secure port 8089(default web sockets port used by PBXWebphone) for signalling and use turn server for sending audio to asterisk(Vicidial).
ViciBox: 7.0.3 | VERSION: 2.12-560aBUILD: 160617-1427 | Webphone: PBXWebPhone

Skype: tarasukcho
chornyi_taras
 
Posts: 52
Joined: Tue Jun 14, 2016 3:41 pm
Location: L'viv, Ukraine

Re: 3-Factor Authentication and Vicidial WebPhone

Postby mflorell » Fri Apr 21, 2017 11:45 am

If you send an email in to support@vicidial.com, then mcargile will send you the instructions for using the beta VICIphone WebRTC phone. We have several clients and non-clients using it in production at this point, and it seems to be fairly stable when using Asterisk 11 servers.
mflorell
Site Admin
 
Posts: 15668
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: 3-Factor Authentication and Vicidial WebPhone

Postby chornyi_taras » Fri Apr 21, 2017 12:37 pm

mflorell wrote:If you send an email in to support@vicidial.com, then mcargile will send you the instructions for using the beta VICIphone WebRTC phone. We have several clients and non-clients using it in production at this point, and it seems to be fairly stable when using Asterisk 11 servers.

Matt did you patch asterisk 11? Cause AFAIK asterisk version that sipped with vicibox desn not work with latest firefox(issue related to webrtc support in asterisk)
ViciBox: 7.0.3 | VERSION: 2.12-560aBUILD: 160617-1427 | Webphone: PBXWebPhone

Skype: tarasukcho
chornyi_taras
 
Posts: 52
Joined: Tue Jun 14, 2016 3:41 pm
Location: L'viv, Ukraine

Re: 3-Factor Authentication and Vicidial WebPhone

Postby mflorell » Fri Apr 21, 2017 12:46 pm

I know we patched either Asterisk 11 or VICIphone, because we just set a new client up with the VICI webphone last week and it's been working great for them. To be clear, I didn't personally do the patching :)
mflorell
Site Admin
 
Posts: 15668
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: 3-Factor Authentication and Vicidial WebPhone

Postby jerryriggin » Fri Apr 21, 2017 12:57 pm

Thanks! I'm installing PBXWebphone on ViciBox v2.14b0.5 virtual machine according to your wiki and other relevant posts. I'll develop the 3-factor authentication on that system and post again when get confused, which will likely not be too long. :)
jerryriggin
 
Posts: 14
Joined: Sun Oct 30, 2011 10:45 pm

Re: 3-Factor Authentication and Vicidial WebPhone

Postby jerryriggin » Fri Apr 21, 2017 1:05 pm

Thanks, Matt. I spoke with mcargile last week and I believe he will be installing VIciphone on their system. Since I have never done it it with WebRTC (only Zoipper) I wanted to get it done correctly the first time. I will ask him about instructions for the beta so I can install that on a VM myself.
jerryriggin
 
Posts: 14
Joined: Sun Oct 30, 2011 10:45 pm


Return to Development

Who is online

Users browsing this forum: No registered users and 3 guests

cron