The extension was originally developed for TYPO3 4.3. It might work with older versions but the TYPO3 core team does not provide any support for RSA authentication in older TYPO3 versions. The extension is kept up to date for newer versions of TYPO3.


The extension requires either an openssl PHP module or the openssl binary to be available to TYPO3. The extension will choose the first working solution with the preference being the PHP module. If neither PHP module, nor binary is available, the extension will refuse to continue and silently fail authentications.


To install the extension, install it using the TYPO3 Extension Manager. Create necessary database tables and provide a path to the temporary directory. This path is necessary only if the extension uses the openssl binary. The path should be outside of the web server root and it should not be accessible to anyone except the web server user. If using PHP open\_basedir directive, make sure that this path is included into this directive (with the slash at the end of the path).


The extension supports both Frontend and Backend authentication using public/private key pair. Both Frontend and Backend authentication must be activated separately in order to work.

To activate the extension for Frontend and/or Backend, use the TYPO3 Install tool. Login to the Install tool and select the All configuration option. Next search for the [FE][loginSecurityLevel] setting for the Frontend or for the [BE][loginSecurityLevel] setting for the Backend authentication method. Enter rsa without spaces in the setting box. New settings will be activated immediately after saving. The next user will use RSA authentication for the Frontend and/or Backend.

Frontend authentication

Frontend RSA authentication is supported only for the felogin system extension. It will not work with the old login form.

Since a new key pair is generated each time for the authentication, it is necessary to run the felogin plugin uncached. To do so, the plugin should be run in USER\_INT mode. This can be accomplished by the following piece of the TypoScript:

plugin.tx_felogin_pi1 = USER_INT

The RSA authentication will not work if the felogin plugin runs as USER (which is cached).