Adaptive Authentication not working for IP Address range

This topic contains 3 replies, has 2 voices, and was last updated by  grk 3 months, 1 week ago.

  • Author
    Posts
  • #21182
     Nav 
    Participant

    Hello everyone,

    I configured an Authentication chain with a combination of DataStore+OTP+AdaptiveAuthentication modules. However, I am using only “IPAddress Range” in adaptive authentication module.But the module is not really evaluating the SourceIP address of the client. The module is successful even when I tried to access this from a different IP address that is not specified in IPAddress range and resource is served.

    Does this “Adaptive module with IP Address Range check” need any additional configuration to work properly?

    PS: I am using OpenAM 13.0 for this use case.

    Thanks,
    Nav

    #21188
     grk 
    Participant

    Is your OpenAM behind load balancer or proxy? If yes, make sure LB/Proxy passing X-Forwarded-For header to get client IP. Also, add com.sun.identity.authentication.client.ipAddressHeader to X-Forwarded-For under Deployment > Servers > Server Name > Advanced

    If it is not behind LB/Proxy, make sure range set properly in one of the below formats
    1. X.X.X.X/YY OR
    2. X.X.X.X-Y.Y.Y.Y

    https://backstage.forgerock.com/docs/openam/13.5/admin-guide/#adaptive-auth-module-conf-hints

    Thanks,

    #21193
     Nav 
    Participant

    Hi grk,

    Thanks for your reply. The issue is basically due to misconfiguration of the Risk score.I have just enabled only “IP Address range” check and have risk score to be incremented by 1. But the overall Risk threshold is set to 3 which is not meeting by just one failure. I have correct the Risk Threshold score and now it works fine.

    Thanks,
    Nav

    #21196
     grk 
    Participant

    Hi Nav,
    Glad you figured it out. Thanks for sharing.

    Thanks

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2018 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?