Multi-factor Authentication with Symantec VIP Enterprise Gateway

Although ForgeRock OpenAM has included multi-factor authentication capability, OpenAM can also integrate with pre-existing solutions such as those from Symantec.

This wiki entry details how to integrate ForgeRock OpenAM with Symantec VIP Enterprise Gateway for the purpose of One-Time Password (OTP) Multi-factor Authentication configuration

 

 

More details here:  https://wikis.forgerock.org/confluence/display/openam/Multi-factor+Authentication+with+Symantec+VIP+Enterprise+Gateway

This blog post was first published @ http://nin9tyni9e.blogspot.no/, included here with permission from the author.

ForgeRock Authenticator (OATH) in ForgeRock OpenAM 13

This blog post was first published @ www.fedji.com, included here with permission.

If you’re in possession of a Smart Phone that runs either the Apple iOS or Android, you may probably be interested to know that the ForgeRock’s newer version of its Access Management solution now has an Authenticator App for you. Once installed and the device registered with ForgeRock OpenAM 13, one could use this Mobile App to generate One Time Password to validate his/her identity and thereby gain access to resources protected by the OpenAM. Needless to add, the ForgeRock Authenticator Mobile App is available on Apple iTunes Store for the iOS users and the Google Playstore for the Android fans.

Once installed, you’ll see on your phone something close to what is in the picture below:

ForgeRockMobileAuthenticator
Here’s what I did with my copy of ForgeRock Authenticator App on my iPhone:

– Configured an Authentication Chain ‘myAuthChain’ in my OpenAM 13 instance
– The said chain consisted of two Authentication Modules namely DataStore & ForgeRock Authenticator (OATH)
– When a subject authenticates against the ‘myAuthChain’ Authentication Chain in OpenAM, he/she is prompted for the DataStore credentials (an embedded OpenDJ instance), which on success is followed by another prompt where the user can register his/her device (using QR Code), generate an OTP that can be used to gain access to the resources protected by OpenAM.

2FAForgeRockAuthenticator

If you are interested to see all of this in action, please spare five minutes to watch the video below.

Enjoy!

Related documents/videos:
ForgeRock Documentation
Smart Security Using Phone App Demo

ForgeRock OpenAM Multi Factor Authentication Using Adaptive Risk Authentication Module & OTP

This blog post was first published @ www.fedji.com, included here with permission.

In this episode, you’ll see ForgeRock OpenAM’s two factor authentication feature employing it’s Adaptive Risk Authentication Module instance and HOTP module instance

So in the video demonstration that follows this post, you’ll see a user attempting to login against an Authentication Chain (say ‘MyAuthChain’) which has three module instances namely (i) Data Store, (ii) Adaptive Risk and (iii) HOTP. If the user is able to supply the right credentials against the Data Store, he or she is allowed in without any further challenge. On the other hand, if the the attempt to authenticate against the first Module instance (Data Store) fails, then the user is prompted for additional credentials like One Time Password.

The following illustration might give a rough idea on the what’s discussed above and the video that follows might make it pretty clear.

MultiFactorAuthentcation

Enjoy!