PhenixID DocumentationPhenixID Authentication ServicesVersion 2.8 SolutionsVersion2.7LANGActivate One Touch - Username, Password and OTP

Version2.7LANGActivate One Touch - Username, Password and OTP

Requirements :  LDAP must be configured, note the ID of the connection used in later steps.
                           
One Touch must be configured

Do the following steps in the ADVANCED  tab in the Configuration GUI

Step 1 - Authentication - HTTP

Add the following section to “Authentication - HTTP”

<p>{
	"id": "activateonetouchotp",
	"alias": "activateonetouchotp",
	"name": "PostUidPasswordAndOTP",
	"configuration": {
		"userValidationPipeID": "EnrollPkiOtpUserLookupAndAuthWithLDAP",
		"otpValidationPipeID": "EnrollPkiOTPValidateSentOtp",
		"successURL": "/activateonetouch/",
		"translationKey": "login.messages.information.body.enrollment.onetouch",
		"headingtranslationKey": "login.messages.information.header.enrollment.onetouch",
		"title": "login.messages.information.title.enrollment.onetouch",
		"loginTemplate": "enrollmentonetouch_otp1.template",
		"otp": "enrollmentonetouch_otp2.template",
		"allowLanguageChange": "true",
        "translation": [
			"login.messages.enrollment.onetouch.title.header1",
			"login.messages.enrollment.onetouch.title.header2",
			"login.messages.enrollment.onetouch.info.learnMore",
			"login.messages.enrollment.onetouch.btn.proceed",
			"login.messages.enrollment.onetouch.input.username",
			"login.messages.enrollment.onetouch.input.password",
			"login.messages.enrollment.onetouch.input.securityCode",
			"login.messages.enrollment.onetouch.title.header3",
			"login.messages.enrollment.onetouch.info.enterOTP",
			"login.messages.enrollment.onetouch.input.enterOTP"
		]
	}
}</p>

Step 2 - HTTP connections

Add the following section to “HTTP connections”, change “port” and “ssl” settings to your requirements

<p>{
	"id": "http_pki",
	"port": "8443",
	"ssl": "true"
}</p>

Step 3 - Modules

Add the following section to “Modules”

<p>{
	"name": "com.phenixidentity~phenix-prism",
	"enabled": "true",
	"config": {
		"base_url": "/activateonetouch",
		"auth_redirect_url": "/activateonetouch/authenticate/activateonetouchotp",
		"http_configuration_ref": "http_pki",
		"module_refs": "enroll_pki_01",
		"enable_roles": "false",
		"use_css": "false"
	},
	"id": "enrollpki"
},
{
    "id": "enroll_pki_01",
    "name" : "com.phenixidentity~phenix-prism-enroll-pki",
    "enabled" : "false",
    "prism_enabled" : "true",
    "config" : {
      "display_name" : "One Touch enrollment",
      "base_uri" : "pki",
      "http_configuration_ref" : "http_pki",
      "url_prefix" : "replace-url_prefix",
      "enroll_timeout_mins" : "1",
      "enroll_pollinterval_ms" : "2000",
      "use_push" : "true"
    }
}</p>

Replace

replace-url_prefix with your url, example "https://192.168.10.118:8443"

Change the following parameters, if needed, to suit your environment

"enroll_timeout_mins":
"enroll_pollinterval_ms":
"use_push":

Step 4 - NODE_GROUPS

Add the module “enrollpki” to module_refs in “NODE_GROUPS” , see example below

example

<p>"module_refs": "d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd,enrollpki"</p>

Step 5 - Pipes

Add the following section to “Pipes”

<p>{
	"id": "EnrollPkiOtpUserLookupAndAuthWithLDAP",
	"valves": [
		{
			"name": "LDAPSearchValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"base_dn": "replace-base_dn",
				"scope": "SUB",
				"size_limit": "0",
				"filter_template": "(&amp;(objectclass=user)(sAMaccountName={{request.username}}))",
				"attributes": "cn,mail,mobile"
			}
		},
		{
			"name": "LDAPBindValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"password_param_name": "password"
			}
		},
		{
			"name": "OTPGeneratorValve",
			"config": {
				"length": "6",
				"name": "generated_otp"
			}
		},
		{
			"name": "OTPBySMSValve",
			"config": {
				"userid_param_name": "username",
				"gw_username": "replace-gw_username",
				"gw_password": "replace-gw_password"
			}
		}
	]
},
{
	"id": "EnrollPkiOTPValidateSentOtp",
	"valves": [
		{
			"name": "SessionLoadValve",
			"config": {
				"id": "{{request.session_id}}"
			}
		},
		{
			"name": "OTPValidationValve",
			"config": {
				"provided_otp_param_name": "{{request.otp}}",
				"generated_otp_param_name": "generated_otp"
			}
		},
		{
			"name": "ItemCreateValve",
			"config": {
				"dest_id": "{{request.username}}"
			}
		},
		{
			"name": "PropertyAddValve",
			"config": {
				"name": "roles",
				"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
				"enable_multi_value": "true"
			}
		}
	]
}</p>

Replace the following Pipe settings:

“replace-ldap-ref” with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
“replace-base_dn” with your “base_dn”, example “DC=phenixid,DC=local”
“replace-gw_username” with your SMS-gateway username
“replace-gw_password” with your SMS-gateway password

Verify that “filter_template” and “attributes” match your environment.