Tier Two Authentication Using OpenAM



The one time password usually generated with a RSA token device or nowadays it got developed with an application in a mobile that produces the one time password for the tier 2 authentication. The user login requires the token password which the RSA produces, but the users are forced to have the device with them always when they need to login. Once the token produces a password it cannot be reused. OpenAM offers a ready to use OTP based on authentication module to deliver the password via email or a text SMS. OpenAM ensures a hashed message authentication. The HOTP authentication module is configured to work as part of an authentication chain that includes a first factor authentication (Usual login credentials Username and password).The HOTP requires at least one authentication done before it delivers the OTP.

Steps to configure HOTP


  1. Login to OpenAM Administrator console ->Access Control tab ->Realm->Authentication. Then Click on Module Instances ->New to create a Module instance. Assign a name to the HOTP.                (HOTP)
  2. Configure the HOTP authentication module properties.  
  3. Configure the authentication chain that includes HOTP authentication module.HOTP cannot be a primary(first ) authentication module.
  4. Since it cannot validate the User with his credentials. To create an authentication chain goto the openam admin console select Access Control ->Authentication Chaining.Click New Assign a name and choose HOTP- module instance Required  
  5. Now the HOTP configuration is completed. Then create a user profile and add the details then for the telephone number. For a complete list of Email to SMS Gateways refer to:http://www.mutube.com/projects/open-email-to-sms/gateway-list/
  6. Test drive the configured One-time Password based OpenAM authentication, by accessing the URL of the configured “Two-factor” authentication chain as follows:
    http://openAMserver:port/opensso/UI/Login?service=Two-factor
    Configuring HOTP authentication

    Making HOTP as Authentication chain


Posted by at No comments:
Labels: , , , ,

Wonders of OpenAM

Here is my first blog about the various servers I work . Lets start with the latest one I was working, OpenAM  the Single sign on server. With the help of OpenAM, a secure login with the corporate servers are made easy . It ensures that the user can login various applications accounts with the same user name and password. The user details irrespective of the applications are verified in the corporate servers and validated with the token .The OpenAM can also be configured with  the LDAP for the data services.

Installing & Configuring OpenAM
pre-requirements

  1. Apache HTTP server  http://httpd.apache.org/download.cgi
  2. Apache Tomcat server  http://tomcat.apache.org/download-60.cgi
  3. Reverse proxy the Apache tomcat application (OpenAM works only with a proper domain name. To access the OpenAM we need the access it via domain name i.e.it wont work with localhost:8080/openam. It works only with example.com/openam
Configuring the openAM
  1. Download the OpenAM  http://www.forgerock.org/openam.html
  2. Retrieve the WAR file from it  and place it in the webapps folder of the apache tomcat.
  3. Start the Apache server
  4. Open the browser and log into the local domain and connect to OpenAM via application server
  5. http://127.0.1.1:8080/OpenAM
Click on the default config

Enter the password for the admin. Note : Default password should be different from policy agent password

configuration complete

Login to OpenAm with the default password.
Posted by at No comments:
Subscribe to: Posts (Atom)
 

Contributors

Social Connect


View Sadagopan K V's profile on LinkedIn