UID/Password/OATH token
Last updated
Last updated
A user authenticate with username/password and an OATH token.
There are some prerequisite for this use case. You will need the following environment:
Server platform. Docker, Windows or Linux. In this use case we have used a Windows server 2022 with an Active Directory.
LDAP directory. The directory where the users to authenticate are located. The example configuration is configured to use an Active Directory and mail attribute is used as authentication parameter. Make sure you have a test user, Anna Anderson, created with at least the following LDAP attributes:
Anna Anderson
Anna Anderson (displayName)
annaa (sAMAccountName)
anna.anderson@fortifiedid.se (mail)
Set a password
Fortified ID Radius Test tool, click LINK to download.
Tip. To start it you need JAVA. Create a *.bat file with the line: "C:\Program Files\FortifiedID\radius\jre\bin\java.exe" -jar FortifiedTool-1.0.jar
OATH token store. Here are the OATH tokens and mapping to the LDAP user are stored. The example code is configured using an SQL server Express.
Note. We are using mail attribute to authenticate and map token to user in database.
Remember that this use case does not describe installation of the products. Products are expected to be installed in advanced.
Download ZIP containing configuration for Web and Password Reset
Click USE_CASE_LINK to download customer folders for Web and PWDReset.
Add the RADIUS configuration to your environment.
Add the customer folder to you \..\fortifiedid\radius\ folder. Rename the existing customer folder to customer_ORG and rename the added one to customer.
The downloaded folders contains all information needed. You need to update the LDAP data to map your environment. Since this example was done on a Windows server you might need to update file paths if you run something else.
To make it easy both application folders have a file called globals.json that contains the data you need to change. Config.json uses the variables in globals.json.
Open globals.json for \..\fortifiedid\portal\config and \..\fortifiedid\web\config folder and update:
LDAP data to map you environment if needed
File paths
Token validation service
When updated, start Integrity RADIUS server.
Start Fortified ID RADIUS. Wait until service is started before moving on. Verify server.log file that service running without errors.
Use the Fortified Radius Test tool as a Radius client. Tip. To start it you need JAVA. Create a *.bat file with the line: "C:\Program Files\FortifiedID\radius\jre\bin\java.exe" -jar FortifiedTool-1.0.jar
To test the use case you need a RADIUS client and a OATH token device. We have created a RADIUS test client for you to use when testing this use case.
Make sure you have started:
Fortified ID Integrity RADIUS
Fortified ID RADIUS Test tool
Mobile OATH app with an enrolled OATH token for anna.anderson@fortifiedid.se
Open Fortified ID RADIUS Test tool
In Authentication Sever Settings
Leave all values except secret as pre-populated.
In "Secret", type value secret The "Secret" value is configured in config.json in the RADIUS module.
In Client Settings
Type in User name the Active Directory test user, we are using anna.anderson@fortifiedid.se
Type the Password for Anna
Click Submit request button
Open your mobile OATH app and notice the generated one-time password (otp) for Anna
Open Fortified ID RADIUS Test tool again
In Client Settings
Type the one-time password in the Password field
Click Submit request button
In the Authentication Server Response windows you should see: Welcome anna.anderson@fortifiedid.se
If something is not working as expected, verify the \..\customer\logs\server.log
For troubleshooting, we have the config.json and RADIUS module parameter proceed_on_error set to false. In production it should be set to true for security reasons.
