- JDK 1.8 or higher: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
- Tomcat 7.0 for OpenAM (other containers could be used): http://tomcat.apache.org/download-70.cgi
- OpenAM 12.0.0: https://backstage.forgerock.com/#!/downloads/OpenAM
- Symantec VIP Enterprise Gateway: http://www.symantec.com/connect/blogs/symantec-vip-update-enterprise-gateway-94
- RADIUS Validation Server: Part of Symantec solution
Authentication Process for User Name + Password + Security Code Authentication Method
- The user enters a user name, password, and a security code.
- As the first part of the two-factor authentication, ForgeRock OpenAM sends the user name, password, and the security code to the Validation Service
The Validation Service authenticates the user name and the password against the user store OpenDJ or Active Directory.
As the second part of the two-factor authentication, the Validation Service authenticates the user name and the security code with the VIP Authentication Service.
If the user name and the security code are authenticated, the Validation Service returns an Access Accept authentication response to ForgeRock OpenAM
Step 1: Prerequisites and Assumptions
Assumption: Symantec VIP and Validation Services have been installed and configured per Symantec instructions.
Install JDK 1.8, Tomcat per their recommendations
It is assumed the FQDN for both instances is forgerock.example.com. These would not need to be the same in real world just used to make easy test environment.
OpenAM Installation video: https://www.youtube.com/watch?v=5X1cWnMDtH0
Step 2: Configure OpenAM RADIUS Authentication Module
Create an authentication module of type RADIUS