NetIQ Access Manager, Custom Authentication Module

Requirements

Installation


$ sudo unzip iw-netiq-auth-*.zip -d /tmp/netiq-ui-inwebo
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/WEB-INF/lib/iw-netiq-auth-*.jar /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/jsp/inWeboLoginPage.jsp /opt/novell/nam/idp/webapps/nidp/jsp/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/jsp/inWeboLoginPage2.jsp /opt/novell/nam/idp/webapps/nidp/jsp/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/javascript/inWeboBrowser-*.js /opt/novell/nam/idp/webapps/nidp/javascript/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/images/* /opt/novell/nam/idp/webapps/nidp/images/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/css/inwebo.css /opt/novell/nam/idp/webapps/nidp/css/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/css/inwebo-internal.css /opt/novell/nam/idp/webapps/nidp/css/
$ sudo /etc/init.d/novell-idp restart

creating the "NetiQ" secure siteInWebo Secure site configuration

go to inWebo Admin Console

navigate to the "Secure Sites" tab and create a new Web Services Secure Sites:

  • Called URL: https://your_netiq_site/nidp/app/login
  • Authentication page:  //your_netiq_site/nidp/*
  • Form : IDPLogin
  • Login field : Ecom_User_ID
  • Password: Ecom_Password

Update and create the browser token, Copy the newly created "Bookmark alias" for later use

Creating an inWebo Certificate

Navigate to the "Secure Sites" tab and create a new certificate in .p12 format for your service with a "Passphrase"

Transfer this certificate in SSH/SFTP to your NetIQ access manager appliance.

Configuring NetIQ Access Manager:

Prerequisite

  • Configuring a service in the "Advanced Authentication" settings

Registering inWebo class: InWeboAuthModuleClass

  1. go to Admin console and Login as 'admin'
  2. navigate to Devices->Identity Servers→IDPCluster
  3. Select "Local" tab
  4. Select "Classes" > "New"

The "General" tab

Fill the form "Create Authentication Class" as follow:

  • Display name: inWeboAuthModuleClass
  • Java class: "Other"
  • Java class path: com.inwebo.integrations.netiq.InWeboAuthModule

Click "Next

The "Properties" tab

Fill the "Properties" tab with at least 4 properties:

Add "new" properties:

Check the minimum requirement for inWeboAuthClass Properties:

For the inwebo.auth.cert.path, you have to indicate the path where is located the inWebo .p12 certficate you have transfered to the appliance.

inWeboAuthClass Properties:

Property Name

Default Value

Description

inwebo.base.url

https://api.myinwebo.com/FS

Base URL inWebo

inwebo.auth.service.id

 

inWebo Service Id - Required

inwebo.auth.cert.path

 

Full Path to inWebo Certificate File (p12) - Required

inwebo.auth.cert.password

 

inWebo Certificate Password (p12) Required

inwebo.netiq.service.bookmark.alias

 

inWebo bookmark alias - Required

inwebo.proxy.https

true

Set true if HTTPS proxy or else false

inwebo.proxy.host

 

Host Name or IP of a HTTP proxy

inwebo.proxy.port

 

Port of a HTTP proxy

inwebo.proxy.username

 

user name which will be used for HTTP proxy authentication

inwebo.proxy.password

 

user password which will be used for HTTP proxy authentication

Creating a new Method for inWebo authentication

  1. go to Admin console and Login as 'admin'
  2. navigate to Devices->Identity Servers→IDPCluster
  3. Select "Local" tab
  4. Select "Methods" > "New"

  5. Create a new Methods with class: inWeboAuthMethod
  6. And select the Class:  inWeboAuthModuleClass

Exemple 1: Basic integration

  1. Select the LDAP "User stores" synchronized with your inWebo service
  2. Click "Finish"
  3. modify /opt/novell/nam/idp/webapps/nidp/jsp/nidp_latest.jsp. Add in HTML tag <head>:
<link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/css/inwebo-internal.css"/> 
<script type="text/javascript" src="https://ult-inwebo.com/webapp/js/helium.min.js">
</script> <script type="text/javascript" src="https://ult-inwebo.com/va/client.js"></script>

Exemple 2: integration without NetIQ Header

  1. Select the LDAP "User stores" synchronized with your inWebo service
  2. input the following properties:
    1. JSP : inWeboLoginPage2
    2. MainJSP : true
  3. Click "Finish"

Creating a new Contract or modifying you existing contract

The "General" tab

  1. go to Admin console and Login as 'admin'
  2. navigate to Devices->Identity Servers→IDPCluster
  3. Select "Local" tab
  4. Select "Contracts" > "New" or select your current contract



  5. Fill the name of your contract ex :"inWeboAuthContract" for a new contract
  6. Fill the URI: inwebo/auth/uri
  7. Check the "Satisfiable by External Provider condition"
  8. Add Method: "inWeboAuthMethod"

Select "the Authentication card" tab

  • Fill the ID of your form : inWeboForm
  • And select the aspect you want for the inWebo Authentication card.
  • Click "OK" 

Update your Access Manager configuration

On the Dashboard panel, select the number beside your Identity servers icons

Select "Update All" and wait before Refreshing the page

Login Page test

If you use "inWeboAuthContract" as "Default" Authentication mode for your local settings you can connect to : https://your_host_appliance/nidp/ and test your inWebo login page.

Proxy Configuration:

  1. goto Admin console and Login as 'admin'
  2. navigate to Devices->Identity Servers->IDPCluster->Local
  3. edit your inWeboAuthClass Classes and add properties:
    1. inwebo.proxy.https
    2. inwebo.proxy.host
    3. inwebo.proxy.port
    4. inwebo.proxy.username
    5. inwebo.proxy.password
/etc/init.d/novell-idp restart