XignSys Auth Tree Nodes

XignQR offers you the ability to login and get access to ICT Systems, e. g. ForgeRock, password-less via Smartphone, backed by a high security SaaS platform. Use XignQR as 1-, 2- and M-Factor Authentication tool. Easily integrated via QR Code or Push-Authentication to mitigate cyberattacks like Phishing.

Project Readme

XignQR-Authnode

An authentication node for integration with the XignQR Authentication System. Using XignQR you will be able to authenticate against OpenAM > v6.5 using your smartphone.

XignQR Authentication

XignQR offers you the ability to login and get access to ICT Systems, e. g. ForgeRock, password-less via Smartphone, backed by a high security SaaS platform. Use XignQR as 1-, 2- and M-Factor Authentication tool. Easily integrated via QR Code or Push-Authentication to mitigate cyberattacks like Phishing.

Installation

Copy the .jar file from the ../target directory into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.

USAGE HERE

To use authentication via smartphone you have to download the XignQR App and register yourself at XignQR Public to be able to configure your client (aka ForgeRock OpenAM).

Fill in the provided form

ScreenShot

A QR Code is sent to you via email. The qr code is used to enroll your smartphone in the XignQR System. As soon as you have received the qr code follow these instructions:

  1. Open up the app, type in the transport pin you have provided when registering yourself.

  2. The App then prompts for some authentication factors

  3. Press personalize to enroll your device

  4. The personalization process takes about 30 seconds until you are enrolled

Configuration

Log in to XignQR Public and register your client.

ScreenShot

After Registration, select your newly created client and use the controls to download the properties file

ScreenShot

Place the downloaded Properties on the filesystem of your OpenAM Installtion and provide the path in the configuration of the auth node. And map the attributes that should be matched.

Example XignQR

This is the straight forward configuration for the use of XignQR for MFA

ScreenShot

Via the drop-down mapping menu, you will be able to configure, which data should match the identity attributes in your identity repository. The data is delivered by the XignQR system. Example XignPush

This is the recommended configuration for XignQR as a Second Factor. This type of configuration prevents spamming arbitrary users with Push-Authentication requests, since the password has to be correct to trigger a push notification.

ScreenShot

Via the drop-down mapping menu, you will be able to configure, which data should match the identity attributes in your identity repository. The data is delivered by the XignQR system.

Authentication

XignQR

Open up your personalized XignQR App and scan the displayed qr code with the integrated qr code scanner.

ScreenShot

After scanning the qr code, the app gives a haptic feedback, and you'll see that the app communicates with the XignQR backend system. You'll be prompted to accept or decline the delivery of the displayed attributes to openam.

After you have accepted the delivery of the attributes, you'll be prompted to authenticate yourself against the XignQR App. If you have configured a fingerprint when you personalized your device, you'll be prompted for fingerprint authentication, if not you'll be prompted to enter your personal PIN.

XignPush

When using XignPush you'll have to enter your XignQR username or email (depends on mapping) to be able to log in.

After that enter your password for your identity.

You will see, that openam is waiting for the authentication response from xignqr.

The XignQR system will deliver a push notification to your device. When you press on the notification, the XignQR app will open up. And the flow will be similar to that of using XignQR.

If you open up the notification, the authentication procedure will start, afterwards you'll be logged into your mapped account.

Project Information
Unsupported
Unverified
openam
authentication
authTreeNode
Frank.Gasparovic
here
here