In this episode, you’ll see ForgeRock OpenAM’s two factor authentication feature employing it’s Adaptive Risk Authentication Module instance and HOTP module instance
So in the video demonstration that follows this post, you’ll see a user attempting to login against an Authentication Chain (say ‘MyAuthChain’) which has three module instances namely (i) Data Store, (ii) Adaptive Risk and (iii) HOTP. If the user is able to supply the right credentials against the Data Store, he or she is allowed in without any further challenge. On the other hand, if the the attempt to authenticate against the first Module instance (Data Store) fails, then the user is prompted for additional credentials like One Time Password.
The following illustration might give a rough idea on the what’s discussed above and the video that follows might make it pretty clear.
Enjoy!
This blog post was first published @ www.fedji.com, included here with permission.
Comments are closed.
Is there a way we can map or change the Email to any custom attribute that needs to be fetched for HOTP. I am getting the issue as unable to fetch email of the loginid. Couldnt find much info in the Documentation.
First datastore authenticates & HOTP sending fails.