HomeManagement Center

LDAP (Username/Password) + OTP (SMTP)

Scenario

In this scenario, we will append the default installation with a Username and password against LDAP as well as an One-Time Password (OTP) validation, where the OTP is distributed by SMTP.

Prerequisite

  • This use case assumes that you have good knowledge of the product in question.

  • Fortified ID Access installed and configured with the default configuration

  • LDAP directory. Knowledge about the LDAP directory to be used, such as:

    • Hostname

    • Port

    • Service account / password

    • Location of the users to authenticate.

  • SMTP service. Knowledge about the SMTP server to be used, such as:

    • Hostname

    • Port

    • Service account / password

    • Sender address

Install and prepare configuration

  1. Download this file

  2. Add files and folders from ZIP-file to the config-folder, ex: C:\Program Files\FortifiedID\mgmt-center\data\customer\access

  3. Optional: Adjust the LDAPSearch to match your requirement. The default query will find users based on their sAMAccountName.

  4. Append you globals with the following parameters and adjust them according to you needs

{
    "ldap1_name": "ad1",
    "ldap1_host": "ldapserver.company.local",
    "ldap1_port": 636,
    "ldap1_use_ssl": true,
    "ldap1_ssl_trust_all": true,
    "ldap1_base_dn": "dc=company,dc=local",
    "ldap1_bind_dn": "CN=admin,CN=Users,DC=company,DC=local",
    "ldap1_bind_password": "top_secret_password",
    "smtp_smtp1_name": "smtp01",
    "smtp_smtp1_host": "127.0.0.1",
    "smtp_smtp1_port": "25",
    "smtp_smtp1_user_name": "user",
    "smtp_smtp1_password": "password",
    "smtp_smtp1_mail_template": "${system.customer_home}/resources/mail_template.txt"
}

  1. Append the translations file with the following translation

{
  "chain_uid_pwd_otp_smtp_label": "Username, Password & OTP (SMTP)"
}

  1. Append the selector with at reference to the new authenticator by appending this block to the default selector

{
  "id": "8",
  "target": "chain_uid_pwd_otp_smtp",
  "label": "chain_uid_pwd_otp_smtp_label"
}

  1. Restart the Access service

Test the configuration

  1. Browse to a site protected by the Access server. Optionally the default login url https://localhost:8443/access/authn/samllogin might be used.

  2. The selector should now be displayed, including the new option for "Username, Password & OTP (SMTP)".

  3. Select "Username, Password & OTP (SMTP)" and authenticate using the configured username (default sAMAccountName) and password. An OTP will be delivered to the e-mail address of the authenticated user.

  4. Enter the OTP delivered to the mailbox.

  5. You should now be redirected to the selected application or the Fortified ID test application.

PreviousLDAP (Username/Password)NextLDAP (Username/Password) + OTP (SMS)

Last updated