Yubico OATH integration

This document describes the integration of Yubico OATH keys.


  • Prepare the system for hardware token import (see document Import hardware tokens)
  • Run a scenario including token authentication depending on your needs (saml, oidc, radius, api etc)
  • Run the scenario for PhenixID Self Service to enable enrollment of tokens

Configure the authentication for Yubikeys

Locate the token validation execution flow for your authentication scenario. Locate the TokenValidationValve and add the lines below marked as bold/red.

      "name" : "TokenValidationValve",
      "config" : {
        "provided_otp_param_name" : "{{request.User-Password}}",
        "check_yubikey" : "true",
        "otp_length" : "6"

Note: otp_length must match the length of the provided otp from the yubikey tokens.