How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I configure authentication using the MSISDN Authentication module in AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on configuring authentication using the MSISDN Authentication module in AM. The MSISDN module authenticates a user via the ISDN number assigned to the user in the LDAP directory server, meaning it is a non-interactive authentication method.

1 reader recommends this article

Prerequisites

The Mobile Station Integrated Services Digital Network (MSISDN) number must be included in the request sent to AM for this authentication method to work. If the MSISDN number cannot be retrieved from the request, then callbacks to get the MSISDN number and WAP gateway are sent back to the client.

Firstly, the user's mobile network must support passing the MSISDN number in the HTTP header and then it is up to them to include it (this is outside the scope of AM).

You can check whether it is included by examing the HTTP header and looking for any headers that reference MSISDN or possibly X-UP-CALLING-LINE-ID (the actual header varies depending on the mobile network). See FAQ: Configuring Agents in Identity Cloud and AM (Q. Why can't I see the http_header attributes in the browser?) for further information on checking the HTTP header if you have agents protecting your application.

Configuring the MSISDN Authentication module

This process demonstrates configuring the MSISDN Authentication module for a single user and uses the following example values:

  • Realm: mobile
  • Authentication module: MSISDN
  • HTTP header attribute: msisdn
  • User: employee1
  • MSISDN number: 987654321

You should replace these values and amend other configuration details as appropriate to your environment.

You can configure the MSISDN Authentication module as follows:

  1. Navigate to Realms > /mobile > Authentication > Modules in the AM admin UI and click Add Modules.
  2. Enter a name for the new module (MSISDN) and select type MSISDN.
  3. Complete the following fields:
    • MSISDN Number Search Parameter Name - specify a list of parameter names that identify which parameters to search in the request header or cookie header for the MSISDN number. For example, if you define x-Cookie-Param, AM_NUMBER, and COOKIE-ID, the MSISDN authentication service checks those parameters for the MSISDN number (msisdn in this example).
    • Attribute To Use To Search LDAP - leave the default value of sunIdentityMSISDNNumber.
    • LDAP Server Authentication User - check this is set to the correct DN of the user used by the module to authenticate to the LDAP server.
    • LDAP Server Authentication Password - check the password is correct for the above user.
    • MSISDN Header Search Attribute - ensure the following values are present: searchRequest searchParam searchCookieThis ensures AM searches the cookie, request header and request parameters for the MSISDN number.
  4. Assign the MSISDN number to your user (MSISDN number = 987654321 and user = employee1 in this example) by navigating to: Realms > /mobile > Subjects > employee1 > MSISDN Number and enter 987654321.
  5. Add the new module to the default authentication chain by navigating to: Realms > /mobile > Authentication > Chains > ldapService and replace the required DataStore module with your new MSISDN module.​​​​​​​
  6. Log out of AM.
  7. Navigate to the following URL to test your new configuration:https://am.example.com:8443/am/XUI/?realm=/mobile#login&module=MSISDN&msisdn=987654321 This should take you directly to the profile of the employee1 user without requiring a password.

See Also

MSISDN authentication module

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.