Tuesday, October 18, 2016

Multi factor authentication with OAM alone !! [Part-2]

  • Now lets configure the 'AdativeAuthenticationPlugin
  • Click on 'Application Security' and  navigate to authentication plugins

  • Search for 'AdaptiveAuthenticationPlugin' and select the plugin
  • Update the below details as shown. These details will be same as what we have updated in the authentication module

  • Now click on Save to update the changes and click on 'Activation State' to make sure it is activated on the managed server.
Note: In this step, there might be issue sometimes in activating this Plugin . Reported error message would be ''Action failed due to inconsistent status of plugin in different managed servers". Refer to my other post on the fix for this issue.
  • Once the plugin is activated, Lets configure the authentication policy 
  • Navigate to 'Applciation security' -> Application domain 
  • Search for authentication policy that protected the our sample html file.
  • Click on Advanced Rules -> Post authentcation. Add the new rule 

  • This is the step where we redirect the user to additional authentication by configuring the below rule which always evaluates to true.
  • Add the rule as shown below and click on 'Add' to apply this rule.

  • Click on Apply to save this updated authentication policy.
  •  Now we have completed the configurations and lets validate the scenario.
  • Lets make sure we have a user profile in OUD with mail populated with a valid email.
  • Now access the protected url in my case it is 
    • http://OHShost:OHSPort/test/test.html  
  •  Authenticate with username and password which is initial authentication step.
  • Once initial authentication is successful, you will be redirected to OTP screen which is additional step of authentication
  •  You can select OTP-> your email address and click on OTP. This will send an OTP code to the email address that is retrieved from UserIdentity store1

  • Enter the OTP received and click on Login button

  • That's all. You are now authenticated successfully through multi factor authentication which is One Time Pin(OTP) received through email

You can also refer to following links in case of any issues mentioned in below links.

Thank you for visiting.