Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Note
This is the procedure to integrate inWebo multi factor authentication service with "Forgerock OpenAM" authentication solution.

Prerequisites

  • OpenAM version 13.0.0

  • SSOAdminTools

  • Tomcat 7

  • Oracle Sun JDK 1.7

  • (JCE) Unlimited Strength Jurisdiction Policy Files

Installation

Follow the below steps to install the connector:

Code Block
languagebash
$ unzip package -d /tmp/openam-ui-inwebo
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/WEB-INF/lib/*.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/config/auth/default/* /path/to/tomcat/webapps/openam/config/auth/default/
$ sudo cp /tmp/openam-ui-inwebo/edit-webapp/js/* /path/to/webapps/openam/js/
$ sudo echo password > /tmp/pwd.txt
$ sudo chmod 400 /tmp/pwd.txt
$ sudo ssoadm create-svc -u amadmin --password-file /tmp/pwd.txt --xmlfile /tmp/openam-ui-inwebo/config/amAuthInWeboAuth.xml -v
$ sudo ssoadm register-auth-module -u amadmin -f /tmp/pwd.txt -a org.forgerock.openam.inwebo.InWeboAuth -v
$ sudo /etc/init.d/tomcat restart

$ echo "Only For if you use new Login Page (XUI)"
$ sudo rm -rf /opt/tomcat/webapps/openam/XUI/*
$ sudo cp -R /tmp/openam-ui-inwebo/edit-webapp/XUI/* /path/to/webapps/openam/XUI/

Configuration proxy with tomcat and inWebo OpenAm

  1. edit /path/to/tomcat/bin/setenv.sh and add:
Code Block
languagexml
export JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=localhost -Dhttp.proxyPort=3128 -Dhttp.proxyUser=proxyuser -Dhttp.proxyPassword=proxypass"

Configuration of inWebo Secure Site

To allow inWebo authentication on your OpenAM server page, you must add a new Web Service type secure site. To do so:

  • go to inWebo administration console→Secure Sites

  • add a new secure site of type Web Services connector

The format of the called URL should be:

Code Block
languagexml
http(s)://{OPENAM_HOST}/openam/UI/Login //if you are using the openAM UI
http(s)://{OPENAM_HOST}/openam/XUI //if you are using the openAM XUI

The default authentication form values are:

  • Form name: Login

  • Login field name: IDToken1

  • Password field name: IDToken2

1. With UI:

2. With XUI:

Configuration of inWebo connector in OpenAm

To configure inWebo authentication in OpenAM:

  • go to OpenAM Admin console and log in as 'amadmin'

  • navigate to {REALM}→Authentification→Modules

  • add new module with inWebo Authentication Type



Testing Configuration

To test the configuration, go to:

1. With UI (if XUI is disabled)

Code Block
languagexml
http(s)://{OPENAM_HOST}/openam/UI/Login?module=inWeboTest //if you are using the openAM UI

2. With XUI

Code Block
languagexml
http(s)://{OPENAM_HOST}/openam/XUI/#login/&module=inWeboTest //if you are using the openAM XUI

How to disable XUI

To disable XUI:

  • go to OpenAM Admin console and log in as 'amadmin'

  • navigate to Configuration→Authentication→Core→Global Attributes

  • uncheck the 'XUI Interface' attribute

UI Customization

To develop and customize the UI in a faster manner, disable the cache as follow:

  • go to OpenAM Admin console and log in as 'amadmin'

  • go to Configuration→Servers and Sites→Server Name→Advanced

  • set 'org.forgerock.openam.core.resource.lookup.cache.enabled' to false

NOTE: For production servers, leave the parameter set to the default value, true

Debug

To display debug information, goto

Code Block
languagexml
http(s)://{OPENAM_HOST}/openam/Debug.jsp


Panel
borderColor#C5C5C5
borderWidth1

Table of Contents
stylesquare