Authentication trees were introduced in ForgeRock openAM version 6.x or later. Authentication trees are made up of authentication nodes, which define actions taken during authentication, similar to authentication modules within chains.
Authentication trees (also referred to as Intelligent Authentication) provide fine-grained authentication by allowing multiple paths and decision points throughout the authentication flow.
Email Based HOTP Authention Tree: Below example shows the Email based 2 factor authentication tree using gmail.
Collector Nodes: Collector nodes capture data from a user during the authentication process. This data is often captured by a callback that is rendered in the UI as a text field, drop-down list, or other form component.
Examples of collector nodes includes the Username Collector Node and Password Collector Node as shown in above picture.
Decision Nodes: Decision nodes retrieve the state produced by one or more nodes, perform some processing on it, optionally store some derived information in the shared state, and provide one or more outcomes depending on the result.
The simplest decision node returns a boolean outcome - true, or false.
Example of the Decision nodes includes the Data Store Node as shown in above picture.
HOTP Generator Node: This node is used to generate the OTP over the email with a validity period.
OTP Email Sender Node: This node is used to send the OTP via Email. I have used the Gmail as the mail sender.
OTP Collector Decision Node: This node is used to collect the decision of OTP. As described above, The collector node output is either True or False. we have pointed True as Success & False as Failure.
Once you Save the above Authentication Tree (mytree) access the following URL.
URL: https://myserver.test.com:8080/am/XUI/?realm=testrealm&service=mytree
Output: After Entering the Username & Password, You should be asked to enter the OTP received on your Gmail. Once OTP is verified, Access is allowed.
All the very Best. !!!
Authentication trees (also referred to as Intelligent Authentication) provide fine-grained authentication by allowing multiple paths and decision points throughout the authentication flow.
Email Based HOTP Authention Tree: Below example shows the Email based 2 factor authentication tree using gmail.
Collector Nodes: Collector nodes capture data from a user during the authentication process. This data is often captured by a callback that is rendered in the UI as a text field, drop-down list, or other form component.
Examples of collector nodes includes the Username Collector Node and Password Collector Node as shown in above picture.
Decision Nodes: Decision nodes retrieve the state produced by one or more nodes, perform some processing on it, optionally store some derived information in the shared state, and provide one or more outcomes depending on the result.
The simplest decision node returns a boolean outcome - true, or false.
Example of the Decision nodes includes the Data Store Node as shown in above picture.
HOTP Generator Node: This node is used to generate the OTP over the email with a validity period.
OTP Email Sender Node: This node is used to send the OTP via Email. I have used the Gmail as the mail sender.
To send emails using Gmail server enter these details:
SMTP Host: smtp.gmail.com
SMTP Port: 587
SSL Protocol: OFF
TLS Protocol: ON
SMTP Username: (your Gmail username)
SMTP Password: (your Gmail password)
SMTP Port: 587
SSL Protocol: OFF
TLS Protocol: ON
SMTP Username: (your Gmail username)
SMTP Password: (your Gmail password)
Also make sure your "From email address" in HESK settings is set to your Gmail email address!
Note: Make sure that the SMTP port 587 is opened from the host computer.
Once you Save the above Authentication Tree (mytree) access the following URL.
URL: https://myserver.test.com:8080/am/XUI/?realm=testrealm&service=mytree
Output: After Entering the Username & Password, You should be asked to enter the OTP received on your Gmail. Once OTP is verified, Access is allowed.
All the very Best. !!!
No comments:
Post a Comment