A simple authentication node for ForgeRock's Access Manager 6.0 and above.
VIP Forgerock offers secondary authentication along with the authentication offered by the openam. Following are the authentication mechanisms available: 1) Push 2) OTP
The VIP OpenAM tree nodes will be packaged as a jar file using the maven build tool and will be deployed in to the ForgeRock Access Management (AM)6 application WEB-INF/lib folder which is running on tomcat server.
-
Configure Maven to be able to access the OpenAM repositories
-
Setup a Maven Project for building the Custom Authentication Node I.e. vip-auth-tree
-
Write the custom logic inside tree nodes to communicate with vip services
-
Change to the root directory of the Maven project of the vip Tree Node Run the mvn package command.
-
The project will generate a .jar file containing our custom nodes I.e . VIP OpenAM Tree Nodes, In the form of vip-auth-tree-1.0.jar.
-
Copy the vip-auth-tree-1.0.jar file to the WEB-INF/lib/ folder where AM is deployed
-
Restart the AM for the new plug-in to become available.
The vip tree nodes are now available in the tree designer to add to authentication trees
Following are the nodes that will be available after deploying the jar file:
- VIP DISPLAY ERROR
This node will display error assiciated with exceed attempts of invalid otp. There are no configurable attributes to it.- VIP Add Credential
This node will add credentials as credential id associtaed with user in VIP Database. There are no configurable attributes to it.- VIP Add More Credentials
This node gives you a screen where you can choose yes/no for add more credentilas in VIP. There are no configurable attributes to it.- VIP AddCred with VerifyCode
This node will add credentials as credential id and OTP or phone number and OTP associtaed with user in VIP Database. There are no configurable attributes to it.- VIP Authenticate Push Credentals
This node will authenticate push credentials during registration.
Attributes to be configured are:
* Push Display Message Text: The message which should be display on push event. Ex. VIP Push Cred
* Push Display Message Title: The message title which should be display on push event. Ex. VIP Push
* Push Display Message Profile. The message profile. Ex www.vip.com
- VIP Check Symantec OTP
This node will verify OTP with username. There are no configurable attributes to it.- VIP Display Creds
This node gives you a screen where you need choose your credential type. Where you can choose VIP/SMS/VOICE.
Attributes to be configured are:
* List of Creds : You need to configure key-value pair as
0 - VIP
1 - SMS
2 - VOICE
- VIP Enter CredentialID
This node gives you a screen where you need to enter credential id generated on vip app. There are no configurable attributes to it.- VIP Enter Phone Number
This node gives you a screen where you need to enter phone number. There are no configurable attributes to it.- VIP Enter SecurityCode/OTP
This node gives you a screen where you need to enter OTP, which appears on given phone number . There are no configurable attributes to it.- VIP OTPAuth Creds
This node gives you a screen where you need choose your authentication credential type. Where you can choose SMS/VOICE.
Attributes to be configured are:
* List of Creds : You need to configure key-value pair as
0 - SMS
1 - VOICE
- VIP Poll Push Auth
This node get poll push request status during authentication. There are no configurable attributes to it.- VIP Poll Push Reg
This node get poll push request status during registraton. There are no configurable attributes to it.- VIP Push Auth User
This node will authenticate push credentials during authentication.
Attributes to be configured are:
* Push Display Message Text: The message which should be display on push event. Ex. VIP Push Cred
* Push Display Message Title: The message title which should be display on push event. Ex. VIP Push
* Push Display Message Profile. The message profile. Ex www.vip.com
- VIP Register User
This node register user in VIP, If user dont exist. There are no configurable attributes to it.- VIP Search User
This node search user in VIP and get user info, if user exits.
Attributes to be configured are:
* Keystore Path: Path for keystore file.
* Keystore Password: Password of keystore file.
* Authentication Service URL: VIP Authentication Service URL
* Query Service URL: VIP Query Service URL
* Management Service URL: VIP Management Service URL
- User can set log level in forgerock instance, To set user need to follow this path:
DEPLOYMENT-->SERVERS-->LocalInstance-->Debugging
- Navigate to Realm > Authentication > Trees > Create Tree
this section depicts configuration of VIP Auth Tree- Configure VIP Auth Tree as shown below
Nodes To be Configured:
* VIP Display Creds
* VIP OTPAuth Creds
* VIP Authenticate Push Credentials
* VIP Push Auth User
* VIP Search User- Now access the protected site by OpenAM
