NEW: Support for Novell Access Manager 3.1
A popular authentication method is to log in with a generated token that is sent to the user’s mobile phone. This authentication method can be configured with almost any SMS gateway that uses HTTP/POST to receive the message.
Here’s how the method works:
a) The user first needs to identify himself with his credentials.
b) If they are valid, the Identity Server will generate a token and lookup the mobile phone number from the user.
c) When this is successfully done, a HTTP/POST is done to the SMS gateway with the needed parameters build from the class properties, the generated token and the users mobile phone number.
d) The SMS gateway receives the POST and tries to send the SMS.
e) The gateway sends a response message to the Identity Server.
f) If the response is valid, the Identity server displays a form asking for the token.
g) If the user types the correct token, he’ll be successfully authenticated.
The process is shown in the diagram below.
Figure 1 – SMS Token-based authentication method
1. Get the BA Authentication modules here:
2. Go to the Identity server.
3. Copy ba-idp-auth.jar to /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/lib
4. Copy the JSP’s to /var/opt/novell/tomcat4/webapps/nidp/jsp
You’ll need to create a new Authentication Class.
1. For the Java class, choose Other.
2. For the Java class path, use “com.novell.ba.idpauth.SMSLogin”
3. For the properties, refer to the table and the examples.
4. Create Authentication Methods as Contracts, as described in
Figure 2 – SMS Login, General tab
Figure 3 – SMS Login, Properties tab
|Property Name||Default Value||Description|
|phoneAttr||mobile||The ldap attribute name to query for the phone number.
|The characters used to construct the token. The token is case sensitive. It has not been tested with special characters.|
|lengthToken||6||The length the token should be.|
|gwURL||MUST EXIST||The URL of the SMS Gateway where the SMS information should be posted to.
|gwUserParameter||n/a||The Username used to authenticate to the SMS Gateway.
|gwPasswdParameter||n/a||The Password used to authenticate to the SMS Gateway.
|gwExtraParameter||n/a||An extra parameter required for the SMS Gateway.
|gwExtraParameter2||n/a||An second extra parameter required for the SMS Gateway.
|gwDestName||n/a||The name of the Phone number parameter for the SMS Gateway.
|gwMessageName||n/a||The name of the SMS text parameter for the SMS Gateway.
|gwSuccess||n/a||If the response coming from the SMS Gateway contains this string, the token jsp is displayed and login will proceed. If this property is not present, it will result in success.
|gwError||n/a||If the response coming from the SMS Gateway contains this string, the error jsp is displayed and login will fail. If this property is not present, it will result in success.
|debug||n/a||If this property is present and not null, debug is enabled.
I won’t go into much detail on troubleshooting here. There’s only one important thing you need to know: if you enabled debug in the Properties tab, you need to use the following command in bash:
?tail -f /var/opt/novell/tomcat4/logs/catalina.out | grep BADEBUG?
If you don’t find any BADEBUG entries, check to see if the jar is present on the server and if the Authentication method has been set up correctly. If you see these entries, they will tell what is going wrong:
SMS Gateway error (no credits for this account):
BADEBUG - method doPhase1 called BADEBUG - method sendSMS called A23EZ1 003211111111 BADEBUG - Request: http://smsgw.lab.ba/DoSend?user=Bart&pas sword=RoyalAntwerpFC&to=003211111111&text=A23EZ1&null&null BADEBUG - SMS gateway output: ERR: No Credit Left
SMS successfully sent:
BADEBUG - method doPhase1 called BADEBUG - method sendSMS called Z34RE4 003211111111 BADEBUG - Request: http://smsgw.lab.ba/DoSend?user=Bart&pas sword=RoyalAntwerpFC&to=003211111111&text=Z34RE4&null&null BADEBUG - SMS gateway output: Message OK BADEBUG - Handled Request BADEBUG - method doPhase2 called BADEBUG - Authentication Success