Trustbuilder MFA by inWebo
Trustbuilder MFA by inWebo
Breadcrumbs

NetIQ Access Manager, Custom Authentication Module

Requirements

Installation

Bash
$ sudo unzip iw-netiq-auth-*.zip -d /tmp/netiq-ui-inwebo
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/WEB-INF/lib/iw-netiq-auth-*.jar /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/jsp/inWeboLoginPage.jsp /opt/novell/nam/idp/webapps/nidp/jsp/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/jsp/inWeboLoginPage2.jsp /opt/novell/nam/idp/webapps/nidp/jsp/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/javascript/inWeboBrowser-*.js /opt/novell/nam/idp/webapps/nidp/javascript/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/images/* /opt/novell/nam/idp/webapps/nidp/images/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/css/inwebo.css /opt/novell/nam/idp/webapps/nidp/css/
$ sudo cp /tmp/netiq-ui-inwebo/edit-webapp/css/inwebo-internal.css /opt/novell/nam/idp/webapps/nidp/css/
$ sudo /etc/init.d/novell-idp restart

Creating the "NetiQ" secure siteInWebo Secure site configuration

image2017-11-15_18-6-30.png

go to inWebo Admin Console

navigate to the "Secure Sites" tab and create a new Web Services Secure Sites:

  • Called URL: https://your_netiq_site/nidp/app/login

  • Authentication page:  //your_netiq_site/nidp/*

  • Form : IDPLogin

  • Login field : Ecom_User_ID

  • Password: Ecom_Password

Update and create the browser token, Copy the newly created "Bookmark alias" for later use

Creating an inWebo Certificate

Navigate to the "Secure Sites" tab and create a new certificate in .p12 format for your service with a "Passphrase"

Transfer this certificate in SSH/SFTP to your NetIQ access manager appliance.

Configuring NetIQ Access Manager:

Prerequisite

  • Configuring a service in the "Advanced Authentication" settings

Registering inWebo class: InWeboAuthModuleClass

  1. go to Admin console and Login as 'admin'

  2. navigate to Devices->Identity Servers→IDPCluster

  3. Select "Local" tab

  4. Select "Classes" > "New"

The "General" tab

image2017-10-31_14-29-44.png

Fill the form "Create Authentication Class" as follow:

  • Display name: inWeboAuthModuleClass

  • Java class: "Other"

  • Java class path: com.inwebo.integrations.netiq.InWeboAuthModule

Click "Next

The "Properties" tab

image2017-11-15_17-32-57.png

Fill the "Properties" tab with at least 4 properties:

Add "new" properties:
image2017-11-15_17-35-13.png

Check the minimum requirement for inWeboAuthClass Properties:

image2017-11-15_17-39-30.png

For the inwebo.auth.cert.path, you have to indicate the path where is located the inWebo .p12 certficate you have transfered to the appliance.

inWeboAuthClass Properties:

Property Name

Default Value

Description

inwebo.base.url

https://api.myinwebo.com/FS

Base URL inWebo

inwebo.auth.service.id


inWebo Service Id - Required

inwebo.auth.cert.path


Full Path to inWebo Certificate File (p12) - Required

inwebo.auth.cert.password


inWebo Certificate Password (p12) Required

inwebo.netiq.service.bookmark.alias


inWebo bookmark alias - Required

inwebo.proxy.https

true

Set true if HTTPS proxy or else false

inwebo.proxy.host


Host Name or IP of a HTTP proxy

inwebo.proxy.port


Port of a HTTP proxy

inwebo.proxy.username


user name which will be used for HTTP proxy authentication

inwebo.proxy.password


user password which will be used for HTTP proxy authentication

Creating a new Method for inWebo authentication

  1. go to Admin console and Login as 'admin'

  2. navigate to Devices->Identity Servers→IDPCluster

  3. Select "Local" tab

  4. Select "Methods" > "New"
    image2017-11-15_17-27-18.png

  5. Create a new Methods with class: inWeboAuthMethod

  6. And select the Class:  inWeboAuthModuleClass

Exemple 1: Basic integration

image2017-11-23_18-18-58.png

  1. Select the LDAP "User stores" synchronized with your inWebo service

  2. Click "Finish"

  3. modify /opt/novell/nam/idp/webapps/nidp/jsp/nidp_latest.jsp. Add in HTML tag <head>:

XML
<link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/css/inwebo-internal.css"/> 
<script type="text/javascript" src="https://ult-inwebo.com/webapp/js/helium.min.js">
</script> <script type="text/javascript" src="https://ult-inwebo.com/va/client.js"></script>

Exemple 2: integration without NetIQ Header

image2017-11-23_18-24-18.png

  1. Select the LDAP "User stores" synchronized with your inWebo service

  2. input the following properties:

    1. JSP : inWeboLoginPage2

    2. MainJSP : true

  3. Click "Finish"

Creating a new Contract or modifying you existing contract

The "General" tab

  1. go to Admin console and Login as 'admin'

  2. navigate to Devices->Identity Servers→IDPCluster

  3. Select "Local" tab

  4. Select "Contracts" > "New" or select your current contract

    image2017-11-23_18-32-13.png

  5. Fill the name of your contract ex :"inWeboAuthContract" for a new contract

  6. Fill the URI: inwebo/auth/uri

  7. Check the "Satisfiable by External Provider condition"

  8. Add Method: "inWeboAuthMethod"

Select "the Authentication card" tab

image2017-11-23_18-34-35.png

  • Fill the ID of your form : inWeboForm

  • And select the aspect you want for the inWebo Authentication card.

  • Click "OK" 

Update your Access Manager configuration

On the Dashboard panel, select the number beside your Identity servers icons

image2017-11-16_9-46-54.png

Select "Update All" and wait before Refreshing the page

image2017-11-16_9-47-59.png

Login Page test

If you use "inWeboAuthContract" as "Default" Authentication mode for your local settings you can connect to : https://your_host_appliance/nidp/ and test your inWebo login page.

image2017-11-23_18-43-50.png

Proxy Configuration:

  1. goto Admin console and Login as 'admin'

  2. navigate to Devices->Identity Servers->IDPCluster->Local

  3. edit your inWeboAuthClass Classes and add properties:

    1. inwebo.proxy.https

    2. inwebo.proxy.host

    3. inwebo.proxy.port

    4. inwebo.proxy.username

    5. inwebo.proxy.password

/etc/init.d/novell-idp restart