LDAP (Username/Password) + OTP (SMS)

Scenario

In this scenario, we will append the default installation with a Username and password against LDAP as well as an One-Time Password (OTP) validation, where the OTP is distributed by SMS.

Prerequisite

This use case assumes that you have good knowledge of the product in question.
Fortified ID Access installed and configured with the default configuration
LDAP directory. Knowledge about the LDAP directory to be used, such as:
- Hostname
- Port
- Service account / password
- Location of the users to authenticate.
SMS service. Knowledge about the SMS server to be used, such as:
- Hostname
- Port
- Service account / password
- NOTE: In this document an example SMS service is used. This part of the configuration has to be adjusted in order to match the SMS service to be used.

Install and prepare configuration

Add files and folders from ZIP-file to the config-folder, ex: C:\Program Files\FortifiedID\mgmt-center\data\customer\access
Optional: Adjust the LDAPSearch to match your requirement. The default query will find users based on their sAMAccountName, mobile phone number is fetched from the mobile attribute.
Append you globals with the following parameters and adjust them according to you needs

{
  "ldap1_host": "ldapserver.company.local",
  "ldap1_port": 636,
  "ldap1_use_ssl": true,
  "ldap1_ssl_trust_all": true,
  "ldap1_base_dn": "dc=company,dc=local",
  "ldap1_bind_dn": "CN=admin,CN=Users,DC=company,DC=local",
  "ldap1_bind_password": "top_secret_password",
  "sms_service_url": "https://sms-service.company/com/smsservice",
  "sms_service_user": "customerid",
  "sms_service_pw": "customer_pwd",
  "sms_service_snd": "sender"
}

Append the translations file with the following translation

{
  "chain_uid_pwd_otp_sms_label": "Username, Password & OTP (SMS)"
}

Append the selector with at reference to the new authenticator by appending this block to the default selector

{
  "id": "9",
  "target": "chain_uid_pwd_otp_sms",
  "label": "chain_uid_pwd_otp_sms_label"
}

Restart the Access service

Test the configuration

The selector should now be displayed, including the new option for "Username, Password & OTP (SMS)".
Select "Username, Password & OTP (SMS)" and authenticate using the configured username (default sAMAccountName) and password. An OTP will be delivered to the mobile number of the authenticated user.
Enter the OTP delivered to the mobile phone.
You should now be redirected to the selected application or the Fortified ID test application.

PreviousLDAP (Username/Password) + OTP (SMTP)NextSwedish BankID

Last updated 26 days ago

Prerequisite

This use case assumes that you have good knowledge of the product in question.

Fortified ID Access installed and configured with the default configuration

LDAP directory. Knowledge about the LDAP directory to be used, such as:

Hostname
Port
Service account / password
Location of the users to authenticate.

SMS service. Knowledge about the SMS server to be used, such as:

Hostname
Port
Service account / password
NOTE: In this document an example SMS service is used. This part of the configuration has to be adjusted in order to match the SMS service to be used.

Install and prepare configuration

Download

Add files and folders from ZIP-file to the config-folder, ex: C:\Program Files\FortifiedID\mgmt-center\data\customer\access

Optional: Adjust the LDAPSearch to match your requirement. The default query will find users based on their sAMAccountName, mobile phone number is fetched from the mobile attribute.

Append you globals with the following parameters and adjust them according to you needs

{
  "ldap1_host": "ldapserver.company.local",
  "ldap1_port": 636,
  "ldap1_use_ssl": true,
  "ldap1_ssl_trust_all": true,
  "ldap1_base_dn": "dc=company,dc=local",
  "ldap1_bind_dn": "CN=admin,CN=Users,DC=company,DC=local",
  "ldap1_bind_password": "top_secret_password",
  "sms_service_url": "https://sms-service.company/com/smsservice",
  "sms_service_user": "customerid",
  "sms_service_pw": "customer_pwd",
  "sms_service_snd": "sender"
}

Append the translations file with the following translation

{
  "chain_uid_pwd_otp_sms_label": "Username, Password & OTP (SMS)"
}

Append the selector with at reference to the new authenticator by appending this block to the default selector

{
  "id": "9",
  "target": "chain_uid_pwd_otp_sms",
  "label": "chain_uid_pwd_otp_sms_label"
}

Restart the Access service

Test the configuration

Browse to a site protected by the Access server. Optionally the default login url might be used.

The selector should now be displayed, including the new option for "Username, Password & OTP (SMS)".

Select "Username, Password & OTP (SMS)" and authenticate using the configured username (default sAMAccountName) and password. An OTP will be delivered to the mobile number of the authenticated user.

Enter the OTP delivered to the mobile phone.

You should now be redirected to the selected application or the Fortified ID test application.