3.8 Security Questions Method Support Configuration

  1. Create a new authentication class with the following parameters:

    1. Display name: SecurityQuestion Class

    2. Java class: Other

    3. Java class path: com.authasas.aucore.nam.method.securityquestion.SecurityQuestionClass

  2. Create a new authentication method for the class:

    1. Display Name: SecurityQuestion Method

    2. Class: SecurityQuestion Class

    3. Keep the Overwrite Temporary User and Overwrite Real User check boxes cleared.

    4. Add the used user store to User Stores.

  3. Add applicable Optional Properties (KEY/Value).

  4. Create a new authentication contract for the method in the Configuration tab:

    1. Display name: SecurityQuestion Contract

    2. URI: securityquestionandldap/uri

    3. Configure Methods. Select one of the following options:

      • Add only SecurityQuestion Method from the Available Methods list. In this case the Identifies User check box must be selected. SecurityQuestion Method will provide a request of LDAP Password. After user enters it, he/she will be asked to enter answers to the list of security questions.

      • Add any standard method from the Available Methods list as the first one and SecurityQuestion Method as the second one. In this case the Identifies User check box should be obligatory cleared for SecurityQuestion Method.

    4. Keep the Satisfiable by External Provider check box cleared.

  5. Specify applicable values for the new authentication card in the Authentication Card tab:

    1. ID: SECURITYQUESTION_ID

    2. Text: NetIQ Security Question Authentication

    3. Image : <Select Local Image>, then select NAM_SecurityQuestions.png from the icons folder of the NAM plug-in distribution kit.

  6. Update both the IDP and the MAG.

  7. Update NAM Server configuration.

IMPORTANT:If SecurityQuestion contract is configured to use only SecurityQuestion method, it will be required to configure both Password & Security Questions (two-factor) and Security Questions (one-factor) chains in the Chains section (the two-factor chain must be higher than an appropriate one-factor chain) and enable them in the NAM event of the Advanced Authentication Administrative Portal. If SecurityQuestion contract is configured to use combination of a standard method and SecurityQuestion method, it will be required to configure and enable only Security Questions (one-factor) chain.

The following standard methods are supported by NAM plug-in:

  • Name/Password - Form

  • Name/Password - Basic

  • Secure Name/Password - Form

  • Secure Name/Password - Basic