Access Management Authentication Class for Static Token login
Novell Cool Solutions: Feature
By Bart Andries
Digg This -
Slashdot This
Posted: 5 Dec 2007 |
Introduction
Here's how the Static token-based authentication method works:
a) The authentication method asks the user name and the password from the user.
b) The credentials are checked against the user store.
c) If the credentials are valid, the user is prompted to enter a specific token. The values of the tokens are stored in attributes in the user store.
d) If the token that the user entered is matching against the corresponding token in the user store, authentication is successful.
The tokens can be hand-out to the users via mail or via a card.

Figure 1 - Static token-based authentication process
Installation
1. Get the BA Authentication modules here:
http://www.novell.com/coolsolutions/tools/20017.html
2. Go to the Identity server.
3. Copy ba-idp-auth.jar to /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/lib
4. Copy the JSP's to /var/opt/novell/tomcat4/webapps/nidp/jsp
Configuration
You'll need to create a new Authentication Class.
1. For the Java class, choose other.
2. For the Java class, path type: com.novell.ba.idpauth.TokenLogin
3. For the properties, refer to the table and the examples below.
4. Create Authentication Methods and Contracts as described in http://www.novell.com/documentation/novellaccessmanager/adminguide/data/b1tvhkg.html

Figure 2 - Token Login, General tab

Figure 3 - Token Login, Properties tab
Property Name | Default Value | Description |
numberTokens | MUST EXIST | The number of tokens stored in the User Store. ex: 24 |
nameTokens | MUST EXIST | The prefix for the name of the attributes where the tokens are stored. ex: LoginToken. This will result in 24 attributes, starting from ?LoginToken1? to ?LoginToken24?. |
useEncryption | n/a | If this property is present and not null, encryption is enabled. The entered value will be hashed with SHA and then converted to a base64 string. The result will be compared with the value in eDirectory. ex: on |
debug | n/a | If this property is present and not null, debug is enabled. ex: on |
Troubleshooting
I won't go into much detail on troubleshooting here. There's only one important thing you need to know: if you enabled debug in the Properties tab, you need to use the following command in bash:
?tail -f /var/opt/novell/tomcat4/logs/catalina.out | grep BADEBUG?
If you don't find any BADEBUG entries, check to see if the jar is present on the server and if the Authentication method has been set up correctly. If you see these entries, they will tell what is going wrong:
No token attributes are found in the user object:
BADEBUG - method doPhase1 called BADEBUG - Handled Status BADEBUG - method doPhase2 called BADEBUG - Missing or Duplicate Token
User entered wrong token:
BADEBUG - method doPhase1 called BADEBUG - Handled Status BADEBUG - method doPhase2 called BADEBUG - compare: 2222222222 AND F543TR BADEBUG - Token Failed
Authentication successful:
BADEBUG - method doPhase1 called BADEBUG - Handled Status BADEBUG - method doPhase2 called BADEBUG - compare: F543TR AND F543TR BADEBUG - Authentication Success

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com