3.5 HOTP Method Support Configuration

  1. Create a new authentication class with the following parameters:

    1. Display name: HOTP Class

    2. Java class: Other

    3. Java class path: com.authasas.aucore.nam.method.oauth.HOTPClass

  2. Create a new authentication method for the class:

    1. Display Name: HOTP Method

    2. Class: HOTP Class

    3. Keep the Overwrite Temporary User and Overwrite Real User check boxes cleared.

    4. Add the used user store to User Stores.

  3. Add applicable Optional Properties (KEY/Value).

  4. Create a new authentication contract for the method in the Configuration tab:

    1. Display name: HOTP Contract

    2. URI: hotpandldap/uri

    3. Configure Methods. Select one of the following options:

      • Add only HOTP Method from the Available Methods list. In this case the Identifies User check box must be selected. HOTP Method will provide a request of LDAP Password. After user enters it, he/she will be asked to generate OTP by smartphone or hardware token and enter it (for YukiKey, the user will be asked to insert the token into the port and press its button).

      • Add any standard method from the Available Methods list as the first one and HOTP Method as the second one. In this case the Identifies User check box should be obligatory cleared for HOTP Method.

    4. Keep the Satisfiable by External Provider check box cleared.

  5. Specify applicable values for the new authentication card in the Authentication Card tab:

    1. ID: HOTP_ID

    2. Text: NetIQ HOTP Authentication

    3. Image : <Select Local Image>, then select NAM_HOTP.png from the icons folder of the NAM plug-in distribution kit.

  6. Update both the IDP and the MAG.

  7. Update NAM Server configuration.

IMPORTANT:If HOTP contract is configured to use only HOTP method, it will be required to configure both Password & HOTP (two-factor) and Counter based one time password (one-factor) chains in the Chains section (the two-factor chain must be higher than an appropriate one-factor chain) and enable them in the NAM event of the Advanced Authentication Administrative Portal. Interface. If HOTP contract is configured to use combination of a standard method and HOTP method, it will be required to configure and enable only Counter based one time password (one-factor) chain.

The following standard methods are supported by NAM plug-in:

  • Name/Password - Form

  • Name/Password - Basic

  • Secure Name/Password - Form

  • Secure Name/Password - Basic