3.12 TOTP Method Support Configuration

  1. Create a new authentication class with the following parameters:

    1. Display name: TOTP Class

    2. Java class: Other

    3. Java class path: com.authasas.aucore.nam.method.oauth.TOTPClass

  2. Create a new authentication method for the class:

    1. Display Name: TOTP Method

    2. Class: TOTP Class

    3. Keep the Overwrite Temporary User and Overwrite Real User check boxes cleared.

    4. Add the used user store to User Stores.

  3. Add applicable Optional Properties (KEY/Value).

  4. Create a new authentication contract for the method in the Configuration tab:

    1. Display name: TOTP Contract

    2. URI: totpandldap/uri

    3. Configure Methods. Select one of the following options:

      • Add only TOTP Method from the Available Methods list. In this case the Identifies User check box must be selected. TOTP Method will provide a request of LDAP Password. After user enters it, he/she will be asked to enter OTP generated by Advanced Authentication Smartphone Authenticator.

      • Add any standard method from the Available Methods list as the first one and TOTP Method as the second one. In this case the Identifies User check box should be obligatory cleared for TOTP Method.

    4. Keep the Satisfiable by External Provider check box cleared.

  5. Specify applicable values for the new authentication card in the Authentication Card tab:

    1. ID: TOTP_ID

    2. Text: NetIQ TOTP Authentication

    3. Image : <Select Local Image>, then select NAM_TOTP.png from the icons folder of the NAM plug-in distribution kit.

  6. Update both the IDP and the MAG.

  7. Update NAM Server configuration.

IMPORTANT:If TOTP contract is configured to use only TOTP method, it will be required to configure both Password & TOTP (two-factor) and Time based one time password (one-factor) chains in the Chains section (the two-factor chain must be higher than an appropriate one-factor chain) and enable them in the NAM event of the Advanced Authentication Administrative Portal. If TOTP contract is configured to use combination of a standard method and TOTP method, it will be required to configure and enable only Time based one time password (one-factor) chain.

The following standard methods are supported by NAM plug-in:

  • Name/Password - Form

  • Name/Password - Basic

  • Secure Name/Password - Form

  • Secure Name/Password - Basic