Activate Pocket Pass - User and Password

Requirements :  LDAP must be configured, note the ID of the connection used in later steps.

Do the following steps in the ADVANCED  tab in the Configuration GUI

Step 1 - Authentication - HTTP

Add the following section to “Authentication - HTTP”

<p>{
	"alias": "activatepocketpass",
	"name": "PostUidAndPassword",
	"configuration": {
		"pipeID": "EnrollOathUserLookupAndAuthWithLDAP",
		"successURL": "/activatepocketpass/",
		"translationKey": "login.messages.information.body.enrollment.pocketpass",
		"headingtranslationKey": "login.messages.information.header.enrollment.pocketpass",
		"title": "login.messages.information.title.enrollment.pocketpass",
		"loginTemplate": "enrollmentpocketpass.template",
		"allowLanguageChange": "true"
	},
	"id": "activatepocketpass"
}</p>
Click to copy

Step 2 - HTTP connections

 Add the following section to “HTTP connections”, change “port” and “ssl” settings to your requirements

<p>{
	"id": "http_oath",
	"port": "8443",
	"ssl": "true"
}</p>
Click to copy

Step 3 - Modules

Add the following section to “Modules”

<p>{
	"name": "com.phenixidentity~phenix-prism",
	"enabled": "true",
	"config": {
		"base_url": "/activatepocketpass",
		"auth_redirect_url": "/activatepocketpass/authenticate/activatepocketpass",
		"http_configuration_ref": "http_oath",
		"module_refs": "enroll_oath_01",
		"enable_roles": "true",
		"use_css": "false"
	},
	"id": "enrolloath"
},
{
	"id": "enroll_oath_01",
	"name": "com.phenixidentity~phenix-prism-enroll-oath",
	"enabled": "false",
	"prism_enabled": "true",
	"config": {
		"display_name": "Pocket Pass enrollment",
		"base_uri": "oath",
		"token_allow_multiple": "true",
		"token_pin": "true",
		"token_type": "TOTP",
		"token_algorithm": "SHA-1",
		"token_digits": "6",
		"token_issuer": "PhenixID",
		"http_configuration_ref": "http_oath",
		"requires_role": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93"
	}
}</p>
Click to copy

Change the following to your requirements

"token_allow_multiple":
"token_pin":
"token_digits":
"token_issuer":

Step 4 - NODE_GROUPS

 Add the module “enrolloath” to module_refs in “NODE_GROUPS” , see example below.

example

<p>"module_refs": "d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd,enrolloath"</p>
Click to copy

Step 5 - Pipes

 Add the following section to “Pipes”

<p>{
	"id": "EnrollOathUserLookupAndAuthWithLDAP",
	"valves": [
		{
			"name": "LDAPSearchValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"base_dn": "replace-base_dn",
				"scope": "SUB",
				"size_limit": "0",
				"filter_template": "(&amp;(objectclass=user)(sAMaccountName={{request.username}}))",
				"attributes": "cn,mail,mobile"
			}
		},
		{
			"name": "LDAPBindValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"password_param_name": "password"
			}
		},
		{
			"name": "PropertyAddValve",
			"config": {
				"name": "roles",
				"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
				"enable_multi_value": "true"
			}
		}
	]
}</p>
Click to copy

Replace the following Pipe settings:

“Replace-ldap-ref” with your LDAP connection id,
example “731c93fb-f123-403a-9b4f-45720eeed474”

“Replace-base_dn” with your “base_dn”, example “DC=phenixid,DC=local”

Verify that “filter_template” and “attributes” match your environment.