ForgeRock OpenAM Multi Factor Authentication Using Adaptive Risk Authentication Module & OTP

This blog post was first published @, included here with permission.

In this episode, you’ll see ForgeRock OpenAM’s two factor authentication feature employing it’s Adaptive Risk Authentication Module instance and HOTP module instance

So in the video demonstration that follows this post, you’ll see a user attempting to login against an Authentication Chain (say ‘MyAuthChain’) which has three module instances namely (i) Data Store, (ii) Adaptive Risk and (iii) HOTP. If the user is able to supply the right credentials against the Data Store, he or she is allowed in without any further challenge. On the other hand, if the the attempt to authenticate against the first Module instance (Data Store) fails, then the user is prompted for additional credentials like One Time Password.

The following illustration might give a rough idea on the what’s discussed above and the video that follows might make it pretty clear.



Back from vacation

I’m back after a late summer break spent across France.  Sunset in North of France

Now it’s back to business full speed, to finish and deliver new major releases of our products by the end of the year.

I will also be traveling and attending a few events. The closer will be “Les Assises de la Sécurité” in Monaco, at the end of the month. If you’re attending the event, drop me a note. I’ll be happy to meet with you and discuss our products and solutions.

Filed under: General Tagged: ForgeRock, france

ForgeRock OpenIG as OAuth 2.0 Resource Server

This blog post was first published @, included here with permission.

First things first, screen-cast that follows this write up is based on the ForgeRock documentation on OpenIG that’s found here. Secondly, if you aren’t familiar with ForgeRock OpenIG or ForgeRock OpenAM, I’d recommend you to do some reading on the products from the official ForgeRock documentation or watch the following screen-casts on it to become familiarized with it:

ForgeRock OpenIG
ForgeRock OpenIG Installation
ForgeRock OpenIG: Getting Credentials from a File Data Store
ForgeRock OpenIG: Getting Credentials from a JDBC Data Store
ForgeRock OpenIG: Getting Credentials from ForgeRock OpenAM

ForgeRock OpenAM
ForgeRock OpenAM Installation & Configuration
Creating Realm in OpenAM and Setting Up OpenDJ as a Data Store
ForgeRock OpenAM High Availability Deployment
Configuring Database as OpenAM Log Type
Adding User Profile Attribute in ForgeRock OpenAM

Cut to present, we have OpenIG acting as a resource server. So in the video log, you’ll see the curl command being used to contact OpenAM to get an Access Token, use the same command to contact OpenIG with the Access Token, which is when OpenIG (acting as a resource server), will contact OpenAM (acting as an authorization server) for validating the token. Once validated, OpenIG will apply additional filters to post the credentials to a HTTP Server and get the user profile in response to it.A one-liner definition for the mouthful of jargon I used above can be found here. The illustration below might make the long story said above slightly shorter.