Novell Home

Access Management Authentication Class for Static Token login

Novell Cool Solutions: Feature
By Bart Andries

Digg This - Slashdot This

Posted: 5 Dec 2007
 

Introduction

Here's how the Static token-based authentication method works:

a) The authentication method asks the user name and the password from the user.
b) The credentials are checked against the user store.
c) If the credentials are valid, the user is prompted to enter a specific token. The values of the tokens are stored in attributes in the user store.
d) If the token that the user entered is matching against the corresponding token in the user store, authentication is successful.

The tokens can be hand-out to the users via mail or via a card.

Figure 1 - Static token-based authentication process

Installation

1. Get the BA Authentication modules here:
http://www.novell.com/coolsolutions/tools/20017.html

2. Go to the Identity server.

3. Copy ba-idp-auth.jar to /var/opt/novell/tomcat4/webapps/nidp/WEB-INF/lib

4. Copy the JSP's to /var/opt/novell/tomcat4/webapps/nidp/jsp

Configuration

You'll need to create a new Authentication Class.

1. For the Java class, choose other.

2. For the Java class, path type: com.novell.ba.idpauth.TokenLogin

3. For the properties, refer to the table and the examples below.

4. Create Authentication Methods and Contracts as described in http://www.novell.com/documentation/novellaccessmanager/adminguide/data/b1tvhkg.html

Figure 2 - Token Login, General tab

Figure 3 - Token Login, Properties tab

Property NameDefault ValueDescription
numberTokensMUST EXISTThe number of tokens stored in the User Store.
ex: 24
nameTokensMUST EXISTThe prefix for the name of the attributes where the tokens are stored.
ex: LoginToken. This will result in 24 attributes, starting from ?LoginToken1? to ?LoginToken24?.
useEncryptionn/aIf this property is present and not null, encryption is enabled. The entered value will be hashed with SHA and then converted to a base64 string. The result will be compared with the value in eDirectory.
ex: on
debugn/aIf this property is present and not null, debug is enabled.
ex: on

Troubleshooting

I won't go into much detail on troubleshooting here. There's only one important thing you need to know: if you enabled debug in the Properties tab, you need to use the following command in bash:

?tail -f /var/opt/novell/tomcat4/logs/catalina.out | grep BADEBUG?

If you don't find any BADEBUG entries, check to see if the jar is present on the server and if the Authentication method has been set up correctly. If you see these entries, they will tell what is going wrong:

No token attributes are found in the user object:

BADEBUG - method doPhase1 called
BADEBUG - Handled Status
BADEBUG - method doPhase2 called
BADEBUG - Missing or Duplicate Token

User entered wrong token:

BADEBUG - method doPhase1 called
BADEBUG - Handled Status
BADEBUG - method doPhase2 called
BADEBUG - compare: 2222222222 AND F543TR
BADEBUG - Token Failed

Authentication successful:

BADEBUG - method doPhase1 called
BADEBUG - Handled Status
BADEBUG - method doPhase2 called
BADEBUG - compare: F543TR AND F543TR
BADEBUG - Authentication Success


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell