OpenAM provide HOTP authentication module which can send OTP to user's email address and/or telephone number. By default, OpenAM doesn't displays user's email address and/or telephone number while sending this OTP.
Solution
Versions used for this implementation: OpenAM 13.5, OpenDJ 3.5
One of the solution can include extending out of the box OpenAM's HOTP module:
One of the solution can include extending out of the box OpenAM's HOTP module:
- Extend HOTP auth module (openam-auth-hotp).
- Update below property in extended amAuthHOTP.properties: send.success=Please enter your One Time Password sent at
- Extend HOTPService appropriately to retrieve user profile details.
- Change extended HOTP module code as per below (both for auto send and on request):
substituteHeader(START_STATE, bundle.getString("send.success") + <Get User contact details from HOTPService>);
Deploy
- Build the custom auth module by using maven.
- Deploy the custom auth module. Refer instructions: Building and Installing Custom Authentication Modules
- Configure HOTPExt module with required SMTP server. Enable both SMS and Email.
- Create a chain(otpChain) with (LDAP:Required, HOTPExt:Required). Set this chain as default for "Organization Authentication"
- Restart OpenAM
- Invoke HOTP module and appropriate message is displayed on screen with user's email address and/or telephone number:
Register service and module (Note that for OpenAM v12 use amAuthHOTPExt-12.xml) : $ ./ssoadm create-svc --adminid amadmin --password-file /tmp/pwd.txt --xmlfile ~/softwares/amAuthHOTPExt.xml $ ./ssoadm register-auth-module --adminid amadmin --password-file /tmp/pwd.txt --authmodule com.sun.identity.authentication.modules.hotp.HOTPExt UnRegister service and module (in case module needs to be uninstalled) : $ ./ssoadm unregister-auth-module --adminid amadmin --password-file /tmp/pwd.txt --authmodule com.sun.identity.authentication.modules.hotp.HOTPExt $ ./ssoadm delete-svc --adminid amadmin --password-file /tmp/pwd.txt -s sunAMAuthHOTPExtService
See Also
Get code: https://github.com/CharanMann/OpenAM-HOTP-Extended
OpenAM HOTP Authentication Module
OpenAM Custom Auth module sample
OpenAM HOTP Authentication Module
OpenAM Custom Auth module sample
