Symantec OTP Auth Tree Nodes

With Symantec VIP both enterprise and end users can securely authenticate wherever and however they are accessing the services. With hundreds of supported websites and integrations that you can easily set up yourself, multi-factor authentication is a snap.

Project Readme

VipAuthTreeNode

A simple authentication node for ForgeRock's Access Manager 6.0 and above.

Information

VIP Forgerock offers secondary authentication along with the authentication offered by the openam. Following are the authentication mechanisms available: 1) Push 2) OTP

Installation

The VIP OpenAM tree nodes will be packaged as a jar file using the maven build tool and will be deployed in to the ForgeRock Access Management (AM)6 application WEB-INF/lib folder which is running on tomcat server.

Steps

  1. Configure Maven to be able to access the OpenAM repositories

  2. Setup a Maven Project for building the Custom Authentication Node I.e. vip-auth-tree

  3. Write the custom logic inside tree nodes to communicate with vip services

  4. Change to the root directory of the Maven project of the vip Tree Node Run the mvn package command.

  5. The project will generate a .jar file containing our custom nodes I.e . VIP OpenAM Tree Nodes, In the form of vip-auth-tree-1.0.jar.

  6. Copy the vip-auth-tree-1.0.jar file to the WEB-INF/lib/ folder where AM is deployed

  7. Restart the AM for the new plug-in to become available.

The vip tree nodes are now available in the tree designer to add to authentication trees

Following are the nodes that will be available after deploying the jar file:

nodes-1

display_error

  • VIP DISPLAY ERROR
This node will display error assiciated with exceed attempts of invalid otp. There are no configurable attributes to it.
  • VIP Add Credential
This node will add credentials as credential id associtaed with user in VIP Database. There are no configurable attributes to it.
  • VIP Add More Credentials
This node gives you a screen where you can choose yes/no for add more credentilas in VIP. There are no configurable attributes to it.
  • VIP AddCred with VerifyCode
This node will add credentials as credential id and OTP  or phone number and OTP associtaed with user in VIP Database. There are no configurable attributes to it.
  • VIP Authenticate Push Credentals
This node will authenticate push credentials during registration.
Attributes to be configured are:
 * Push Display Message Text: The message which should be display on push event. Ex. VIP Push Cred
 * Push Display Message Title: The message title which should be display on push event. Ex. VIP Push
 * Push Display Message Profile. The message profile. Ex www.vip.com

auth-push

  • VIP Check Symantec OTP
This node will verify OTP with username. There are no configurable attributes to it.
  • VIP Display Creds
This node gives you a screen where you need choose your credential type. Where you can choose VIP/SMS/VOICE.
Attributes to be configured are:
 * List of Creds : You need to configure key-value pair as
    0 - VIP
    1 - SMS
    2 - VOICE

display

  • VIP Enter CredentialID
This node gives you a screen where you need to enter credential id generated on vip app. There are no configurable attributes to it.
  • VIP Enter Phone Number
This node gives you a screen where you need to enter phone number. There are no configurable attributes to it.
  • VIP Enter SecurityCode/OTP
This node gives you a screen where you need to enter OTP, which appears on given phone number . There are no configurable attributes to it.
  • VIP OTPAuth Creds
This node gives you a screen where you need choose your authentication credential type. Where you can choose SMS/VOICE.
Attributes to be configured are:
 * List of Creds : You need to configure key-value pair as
    0 - SMS
    1 - VOICE

otp-auth

  • VIP Poll Push Auth
This node get poll push request status during authentication. There are no configurable attributes to it.
  • VIP Poll Push Reg
This node get poll push request status during registraton. There are no configurable attributes to it.
  • VIP Push Auth User
This node will authenticate push credentials during authentication.
Attributes to be configured are:
 * Push Display Message Text: The message which should be display on push event. Ex. VIP Push Cred
 * Push Display Message Title: The message title which should be display on push event. Ex. VIP Push
 * Push Display Message Profile. The message profile. Ex www.vip.com

auth-push-1

  • VIP Register User
This node register user in VIP, If user dont exist. There are no configurable attributes to it.
  • VIP Search User
This node search user in VIP and get user info, if user exits.
Attributes to be configured are:
 * Keystore Path: Path for keystore file.
 * Keystore Password: Password of keystore file.
 * Authentication Service URL: VIP Authentication Service URL
 * Query Service URL: VIP Query Service URL
 * Management Service URL: VIP Management Service URL

url_conf

Set Logging Level

  • User can set log level in forgerock instance, To set user need to follow this path:
DEPLOYMENT-->SERVERS-->LocalInstance-->Debugging

set_logging

Configure the trees as follows

  • Navigate to Realm > Authentication > Trees > Create Tree

tree

Configuring VIP Auth Tre

this section depicts configuration of VIP Auth Tree
  • Configure VIP Auth Tree as shown below

sdk_7

 Nodes To be Configured:
    * VIP Display Creds
    * VIP OTPAuth Creds
    * VIP Authenticate Push Credentials
    * VIP Push Auth User
    * VIP Search User
  • Now access the protected site by OpenAM

login

Project Information
Partner
ForgeRock
6.0
2018-12-13
openam
authentication
authTreeNode
Frank.Gasparovic
here
here