UID/Password/SMTP

Scenario

A user authenticate with username/password and a one-time password (OTP) delivered via SMTP.

Prerequisite

There are some prerequisite for this use case. You will need the following environment:

• Server platform. Docker, Windows or Linux. In this use case we have used a Windows server 2022 with an Active Directory.

• LDAP directory. The directory where the users to authenticate are located. The example configuration is configured to use an Active Directory and mail attribute is used as authentication parameter. Make sure you have a test user, Anna Anderson, created with at least the following LDAP attributes:

  • Anna Anderson

    • Anna Anderson (displayName)

    • annaa (sAMAccountName)

    • anna.anderson@fortifiedid.se (mail)

    • Set a password

• Fortified ID Radius Test tool, click LINK to download.

  Tip. To start it you need JAVA. Create a *.bat file with the line: "C:\Program Files\FortifiedID\radius\jre\bin\java.exe" -jar FortifiedTool-1.0.jar

• FAKESMTP, download from http://nilhcem.com/FakeSMTP/

  Tip. To start it you need JAVA. Create a *.bat file with the line: "C:\Program Files\FortifiedID\radius\jre\bin\java.exe" -jar fakeSMTP-2.0.jar

Configuration

Download and add configuration

Remember that this use case does not describe installation of the products. Products are expected to be installed in advanced.

1. Download ZIP containing configuration for RADIUS

   1. Click USE_CASE_LINK to download customer folders for RADIUS.

2. Add the RADIUS configuration to your environment.

   1. Add the customer folder to you \..\fortifiedid\radius\ folder. Rename the existing customer folder to customer_ORG and rename the added one to customer.

Update the configuration to map your environment

The downloaded folders contains all information needed. You need to update the LDAP data to map your environment. Since this example was done on a Windows server you might need to update file paths if you run something else.

To make it easy both application folders have a file called globals.json that contains the data you need to change. Config.json uses the variables in globals.json.

1. Open globals.json for \..\fortifiedid\radius\config and update:

   1. LDAP data to map you environment if needed

   2. File paths

2. When updated, start Integrity RADIUS and FAKE SMTP server.

   1. Start Fortified ID RADIUS. Wait until service is started before moving on. Verify server.log file that service running without errors.

   2. Start FAKE SMTP server.

Test the use case

To test the use case you need a RADIUS client. We have created a RADIUS test client for you to use when testing this use case.

Make sure you have started:

• Fortified ID Integrity RADIUS

• FAKE SMTP

• Fortified ID RADIUS Test tool.

1. Open Fortified ID RADIUS Test tool

2. In Authentication Sever Settings

   1. Leave all values except secret as pre-populated.

   2. In "Secret", type value secret The "Secret" value is configured in config.json in the RADIUS module.

3. In Client Settings

   1. Type in User name the Active Directory test user, we are using anna.anderson@fortifiedid.se

   2. Type the Password for Anna

4. Click Submit request button

5. Check the FAKE SMTP application for mail

   1. On the Last message tab, scroll down and you will find your one-time password

6. Open Fortified ID RADIUS Test tool again

7. In Client Settings

   1. Type the one-time password in the Password field

8. Click Submit request button

9. In the Authentication Server Response windows you should see: Welcome anna.anderson@fortifiedid.se

Notes

• If something is not working as expected, verify the \..\customer\logs\server.log

• The mail template used can be found in folder: \..\customer\config\resources_internal\mail_template

• For troubleshooting, we have the config.json and RADIUS module parameter proceed_on_error set to false. In production it should be set to true for security reasons.

  Copy

  "proceed_on_error": false,