Article
Sök
Shameless Plugs
Most Popular
Who's online
Online users
User login
7446
Access Management Authentication Class for Mobile Phone (SMS) Token Login
NEW: Support for Novell Access Manager 3.1
Introduction
A popular authentication method is to log in with a generated token that is sent to the user's mobile phone. This authentication method can be configured with almost any SMS gateway that uses HTTP/POST to receive the message.
Here's how the method works:
a) The user first needs to identify himself with his credentials.
b) If they are valid, the Identity Server will generate a token and lookup the mobile phone number from the user.
c) When this is successfully done, a HTTP/POST is done to the SMS gateway with the needed parameters build from the class properties, the generated token and the users mobile phone number.
d) The SMS gateway receives the POST and tries to send the SMS.
e) The gateway sends a response message to the Identity Server.
f) If the response is valid, the Identity server displays a form asking for the token.
g) If the user types the correct token, he'll be successfully authenticated.
The process is shown in the diagram below.
Figure 1 - SMS Token-based authentication method
Installation
1. Get the BA Authentication modules here: http://www.novell.com/coolsolutions/tools/20017.html
2. Go to the Identity server.
3. Copy ba-idp-auth.jar to /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/lib
4. Copy the JSP's to /var/opt/novell/tomcat4/webapps/nidp/jsp
Configuration
You'll need to create a new Authentication Class.
1. For the Java class, choose Other.
2. For the Java class path, use "com.novell.ba.idpauth.SMSLogin"
3. For the properties, refer to the table and the examples.
4. Create Authentication Methods as Contracts, as described in http://www.novell.com/documentation/novellaccessmanager/adminguide/data/b1tvhkg.html
Figure 2 - SMS Login, General tab
Figure 3 - SMS Login, Properties tab
| Property Name | Default Value | Description |
| phoneAttr | mobile | The ldap attribute name to query for the phone number. ex: mobilePhoneNumber |
| charsToken | ABCDEFGHIJKLM NOPQRSTUVWXYZ1234567890 |
The characters used to construct the token. The token is case sensitive. It has not been tested with special characters. |
| lengthToken | 6 | The length the token should be. |
| gwURL | MUST EXIST | The URL of the SMS Gateway where the SMS information should be posted to. ex: http://smsgw.lab.ba/DoSend |
| gwUserParameter | n/a | The Username used to authenticate to the SMS Gateway. ex: user=Bart |
| gwPasswdParameter | n/a | The Password used to authenticate to the SMS Gateway. ex: passwd=RoyalAntwerpFC |
| gwExtraParameter | n/a | An extra parameter required for the SMS Gateway. ex: applicId=0933 |
| gwExtraParameter2 | n/a | An second extra parameter required for the SMS Gateway. ex: from=BALoginToken |
| gwDestName | n/a | The name of the Phone number parameter for the SMS Gateway. ex: to |
| gwMessageName | n/a | The name of the SMS text parameter for the SMS Gateway. ex: text |
| gwSuccess | n/a | If the response coming from the SMS Gateway contains this string, the token jsp is displayed and login will proceed. If this property is not present, it will result in success. ex: success |
| gwError | n/a | If the response coming from the SMS Gateway contains this string, the error jsp is displayed and login will fail. If this property is not present, it will result in success. ex: failed |
| debug | n/a | If this property is present and not null, debug is enabled. ex: on |
Troubleshooting
I won't go into much detail on troubleshooting here. There's only one important thing you need to know: if you enabled debug in the Properties tab, you need to use the following command in bash:
?tail -f /var/opt/novell/tomcat4/logs/catalina.out | grep BADEBUG?
If you don't find any BADEBUG entries, check to see if the jar is present on the server and if the Authentication method has been set up correctly. If you see these entries, they will tell what is going wrong:
SMS Gateway error (no credits for this account):
BADEBUG - method doPhase1 called BADEBUG - method sendSMS called A23EZ1 003211111111 BADEBUG - Request: http://smsgw.lab.ba/DoSend?user=Bart&pas sword=RoyalAntwerpFC&to=003211111111&text=A23EZ1&null&null BADEBUG - SMS gateway output: ERR: No Credit Left
SMS successfully sent:
BADEBUG - method doPhase1 called BADEBUG - method sendSMS called Z34RE4 003211111111 BADEBUG - Request: http://smsgw.lab.ba/DoSend?user=Bart&pas sword=RoyalAntwerpFC&to=003211111111&text=Z34RE4&null&null BADEBUG - SMS gateway output: Message OK BADEBUG - Handled Request BADEBUG - method doPhase2 called BADEBUG - Authentication Success
Related Articles
User Comments
Access manager 3.1
Submitted by sebastijan on 13 February 2009 - 8:11am.
I cannot get it work in Access manager 3.1 (but it works in 3.0 SP4). Has anyone had any success?
- Be the first to comment! To leave a comment you need to Login or Register
SMS token and access manager 3.1
Submitted by RamonLustrati on 18 March 2010 - 10:02am.
I followed the instructions on this article.
Now when I try to login i get the following error.
Method Configuration Error
When i put a false password i get the error "Login failed, please try again."
In this case the username and password will be checked. But why i get the error "Method Configuration Error"?
- Be the first to comment! To leave a comment you need to Login or Register
Method Configuration Error
Submitted by alexmchugh on 13 March 2013 - 2:01am.
This error just means you are missing some of the required properties are not configured on the class.
FYI, you also get this same error in the scenario where you want to use this class as a FALLBACK_AUTHCLASS from another authentication method (in my case it was Kerberos), to resolve this you need to define ALL the SMSLogin properties again on the Method (not the class) that you are falling back from (in addition to specifying FALLBACK_AUTHCLASS =com.novell.ba.idpauth.SMSLogin)
- Be the first to comment! To leave a comment you need to Login or Register
Validity period for SMS token?
Submitted by alexmchugh on 13 March 2013 - 1:54am.
How long is the SMS token valid for (it feels like it is less than 5 minutes)? It doesn't seem to be mentioned in the cool solution. Can this be changed?
- Be the first to comment! To leave a comment you need to Login or Register
4