An authentication node for integration with the XignQR Authentication System. Using XignQR you will be able to authenticate against OpenAM > v6.5 using your smartphone.
XignQR offers you the ability to login and get access to ICT Systems, e. g. ForgeRock, password-less via Smartphone, backed by a high security SaaS platform. Use XignQR as 1-, 2- and M-Factor Authentication tool. Easily integrated via QR Code or Push-Authentication to mitigate cyberattacks like Phishing.
Copy the .jar file from the ../target directory into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.
To use authentication via smartphone you have to download the XignQR App and register yourself at XignQR Public to be able to configure your client (aka ForgeRock OpenAM).
Fill in the provided form
A QR Code is sent to you via email. The qr code is used to enroll your smartphone in the XignQR System. As soon as you have received the qr code follow these instructions:
Open up the app, type in the transport pin you have provided when registering yourself.
The App then prompts for some authentication factors
Press personalize to enroll your device
The personalization process takes about 30 seconds until you are enrolled
Log in to XignQR Public and register your client.
After Registration, select your newly created client and use the controls to download the properties file
Place the downloaded Properties on the filesystem of your OpenAM Installtion and provide the path in the configuration of the auth node. And map the attributes that should be matched.
This is the straight forward configuration for the use of XignQR for MFA
Via the drop-down mapping menu, you will be able to configure, which data should match the identity attributes in your identity repository. The data is delivered by the XignQR system. Example XignPush
This is the recommended configuration for XignQR as a Second Factor. This type of configuration prevents spamming arbitrary users with Push-Authentication requests, since the password has to be correct to trigger a push notification.
Via the drop-down mapping menu, you will be able to configure, which data should match the identity attributes in your identity repository. The data is delivered by the XignQR system.
Open up your personalized XignQR App and scan the displayed qr code with the integrated qr code scanner.
After scanning the qr code, the app gives a haptic feedback, and you'll see that the app communicates with the XignQR backend system. You'll be prompted to accept or decline the delivery of the displayed attributes to openam.
After you have accepted the delivery of the attributes, you'll be prompted to authenticate yourself against the XignQR App. If you have configured a fingerprint when you personalized your device, you'll be prompted for fingerprint authentication, if not you'll be prompted to enter your personal PIN.
When using XignPush you'll have to enter your XignQR username or email (depends on mapping) to be able to log in.
After that enter your password for your identity.
You will see, that openam is waiting for the authentication response from xignqr.
The XignQR system will deliver a push notification to your device. When you press on the notification, the XignQR app will open up. And the flow will be similar to that of using XignQR.
If you open up the notification, the authentication procedure will start, afterwards you'll be logged into your mapped account.