Activate One Touch - User and Password

Requirements :  LDAP must be configured, note the ID of the connection used in later steps.
                             One Touch must be configured

Do the following steps in the ADVANCED  tab in the Configuration GUI

Step 1 - Authentication - HTTP

Add the following section to “Authentication - HTTP”

<p>{
	"alias": "activateonetouch",
	"name": "PostUidAndPassword",
	"configuration": {
		"pipeID": "EnrollPkiUserLookupAndAuthWithLDAP",
		"successURL": "/activateonetouch/",
		"translationKey": "login.messages.information.body.enrollment.onetouch",
		"headingtranslationKey": "login.messages.information.header.enrollment.onetouch",
		"title": "login.messages.information.title.enrollment.onetouch",
		"loginTemplate": "enrollmentonetouch.template",
		"allowLanguageChange": "true"
	},
	"id": "activateonetouch"
}</p>
Click to copy

Step 2 - HTTP connections

Add the following section to “HTTP connections”, change “port” and “ssl” settings to your requirements

<p>{
	"id": "http_pki",
	"port": "8443",
	"ssl": "true"
}</p>
Click to copy

Step 3 - Modules

Add the following section to “Modules”

<p>{
	"name": "com.phenixidentity~phenix-prism",
	"enabled": "true",
	"config": {
		"base_url": "/activateonetouch",
		"auth_redirect_url": "/activateonetouch/authenticate/activateonetouch",
		"http_configuration_ref": "http_pki",
		"module_refs": "enroll_pki_01",
		"enable_roles": "false",
		"use_css": "false"
	},
	"id": "enrollpki"
},
{
    "id": "enroll_pki_01",
    "name" : "com.phenixidentity~phenix-prism-enroll-pki",
    "enabled" : "false",
    "prism_enabled" : "true",
    "config" : {
      "display_name" : "One Touch enrollment",
      "base_uri" : "pki",
      "http_configuration_ref" : "http_pki",
      "url_prefix" : "replace-url_prefix",
      "enroll_timeout_mins" : "1",
      "enroll_pollinterval_ms" : "2000",
      "use_push" : "true"
    }
}</p>
Click to copy

Replace

Replace-url_prefix with your url, example "https://192.168.10.118:8443"

Change the following parameter, if needed, to your requirements

"enroll_timeout_mins":
"enroll_pollinterval_ms":
"use_push":

Step 4 - NODE_GROUPS

Add the module “enrollpki” to module_refs in “NODE_GROUPS” , see example below.

example

<p>"module_refs": "d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd,enrollpki"</p>
Click to copy

Step 5 - Pipes

Add the following section to “Pipes”

<p>{
	"id": "EnrollPkiUserLookupAndAuthWithLDAP",
	"valves": [
		{
			"name": "LDAPSearchValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"base_dn": "replace-base_dn",
				"scope": "SUB",
				"size_limit": "0",
				"filter_template": "(&amp;(objectclass=user)(sAMaccountName={{request.username}}))",
				"attributes": "cn,mail,mobile"
			}
		},
		{
			"name": "LDAPBindValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"password_param_name": "password"
			}
		},
		{
			"name": "PropertyAddValve",
			"config": {
				"name": "roles",
				"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
				"enable_multi_value": "true"
			}
		}
	]
}</p>
Click to copy

Replace the following Pipe settings:

“Replace-ldap-ref” with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
“Replace-base_dn” with your “base_dn”, example “DC=phenixid,DC=local”

Verify that “filter_template” and “attributes” match your environment.