ForgeRock, inWebo ForgeRock AM Custom Module integration

Information

These plugins support the OTP and Push functions of inWebo authentication only.

With regard to the Helium and VA authentication modes, it is also possible to integrate other authentication modes, but further developments are needed for this integration.

Requirements

  1. ForgeRock AM 5.5.1 or 6.0.0
  2. Tomcat 8
  3. OpenJDK 1.8

Building from Source

$ git clone https://github.com/inwebo-tech/plugin-forgerock-am.git
$ cd plugin-forgerock-am 
$ ./mvnw clean package

Installation:

  1. Installation inWebo Otp Authenticator Plugin
  2. Installation inWebo Push Authenticator Plugin

⚠️ If you want to install both plugins, be sure to use the same version for the plugins.


1. Installation inWebo Otp Authenticator Plugin

inWebo service configuration:

  1. Log in to the inWebo administration console.
  2. Navigate to the appropriate service view.
  3. Go to Secure Sites and click on the Download a new certificate for the API button.
  4. Remember to set the Certificate Authentication option to Yes. 
    myInWeboConfig
  5. Synchronize your forgerock-am login with inWebo login.

Installation:

  1. Copy resource:

    $ sudo unzip iw-forgerock-am-otp-*.zip -d /tmp/forgerock-am-opt
    $ sudo cp /tmp/forgerock-am-opt/edit-webapp/WEB-INF/lib/iw-forgerock-am-otp-*.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/
    $ sudo cp /tmp/forgerock-am-opt/edit-webapp/WEB-INF/lib/idp-connector-auth-repackage-1.0.0.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/ 
      
  2. restart tomcat.

Configuration:

  1. Go to Admin Console and log in as amadmin.
  2. Navigate to {REALM}->Authentification->Modules.
  3. Add new module with inWebo OTP Authenticator Type. 
    add new module

    config new module
    To test config go to http(s)://{OPENAM_HOST}/openam/XUI/#login/&module=inWeboOtpTest 
    XUI Login Page

2. Installation inWebo Push Authenticator Plugin

inWebo service configuration:

  1. Log in to the inWebo administration console.
  2. Navigate to the appropriate service view.
  3. Go to Secure Sites and click on the Download a new certificate for the API button.
  4. Remember to set the Certificate Authentication option to Yes.
    myInWeboConfig
  5. Synchronize your forgerock-am login with inWebo login.

Installation:

  1. Copy resource:

    $ sudo unzip iw-forgerock-am-push-*.zip -d /tmp/forgerock-am-push
    $ sudo cp /tmp/forgerock-am-push/edit-webapp/WEB-INF/lib/iw-forgerock-am-push-*.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/
    $ sudo cp /tmp/forgerock-am-push/edit-webapp/WEB-INF/lib/idp-connector-auth-repackage-1.0.0.jar /path/to/tomcat/webapps/openam/WEB-INF/lib/   

  2. restart tomcat.

Configuration:

  1. Go to Admin Console and log in as amadmin.
  2. Navigate to {REALM}->Authentification->Modules.
  3. Add new module with inWebo OTP Authenticator Type. 
    add new module

    config new module
  4. To test config go to http(s)://{OPENAM_HOST}/openam/XUI/#login/&module=inWeboPushTest 
    XUI Login Page