Hi Kathess,
On RSA Authentication Manger workflow we are not able to provisioning the
users from WSO2 IS. Because the software tokens able to missed use when we
allow self user provisioning,
Another thing on RSA Authentication Manager workflow : Software tokens buy
by the RSA AM System Admin and he is the one only responsible to provide
the user's token manually.
But we have a way to associate the user on IS user store from the
registered user on RSA AM. I explain this issue from the following way
In first factor
----------------------------------------------------------------------
if(user_exist_IS_userstore)
/*
* we do the basic authentication
*/
else
/*
* The reason may be it is the first time of user or invalid user,
* so we need to validate his request,
* so we send the username & password to RSA AM from the IS and validate he
is registered or not in RSA AM
*/
if(user_exist_RSA_AM_store)
/* Store the user details on user store of IS then request the token from
the user. */
else
*/ it should be an invalid user */
This is the way I think. any suggestions!
Thank you
Nifras
On Tue, Jun 14, 2016 at 11:08 AM, Nifras Ismail <nif...@wso2.com> wrote:
> Hi All,
>
> I'm little bit confussion to choose the proper rsa securid agent from the
> RSA agents list[1]. There is no agent[2] is suitable for to connect IS to
> Authentication Manger. There for I have planed to build from the RSA AM API
> libraries.
>
> Please give your suggestions on my choice of API is preferable.
>
> [1]
> https://www.rsa.com/en-us/products-services/identity-access-management/securid/authentication-agents
> [2] https://community.rsa.com/thread/185834
>
> On Wed, Jun 8, 2016 at 5:10 PM, Nifras Ismail <nif...@wso2.com> wrote:
>
>> Hi Kathees,
>>
>> noted. yes we can.
>>
>> On Thu, Jun 2, 2016 at 10:29 AM, Kathees Rajendram <kath...@wso2.com>
>> wrote:
>>
>>> Hi Nifras,
>>>
>>> You need to write the provisioning connector as well or need to link IS
>>> local user to RSA SecurID.
>>>
>>> Thanks,
>>>
>>> On Wed, Jun 1, 2016 at 2:46 PM, Nifras Ismail <nif...@wso2.com> wrote:
>>>
>>>>
>>>>
>>>>
>>>> On Wed, Jun 1, 2016 at 2:45 PM, Nifras Ismail <nif...@wso2.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> I have planned to create RSA SecurID[1] two factor authenticatior for
>>>>> WSO2 Identity Server.
>>>>>
>>>>> RSA SecurID[1], which protects access using two factor authentication
>>>>> with hardware and software tokens.
>>>>> In both cases RSA SecurID uses patented, time-based two factor
>>>>> authentication algorithm to validate users.
>>>>>
>>>>> The authentication flow is as follow :
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> 1. User send the basic credentials(1st Factor) to IS Basic
>>>>> Authenticatior.
>>>>> 2. If authentication success on Basic Authenticatior, RSA IS
>>>>> Authenticator requests the RSA Token (2nd factor) to the user.
>>>>> 3. User send the token which are generated from the RSA
>>>>> Authenticatior at the requested time.
>>>>> 4. RSA IS Authenticatior sends the request to RSA Authentication
>>>>> Agent.
>>>>> 5. Then RSA Authentication Agent request to RSA Authentication
>>>>> Manger to validate the request
>>>>> 6. RSA Authentication Manager validate the authorization request
>>>>> and send the response to the IS
>>>>> 7. If the authentication success, IS grant access to the requested
>>>>> claims.
>>>>>
>>>>>
>>>>> *RSA Authentication Manager*
>>>>> RSA Authentication Manager is a multi-factor authentication system
>>>>> that verify the authentication requests and centrally administrate the
>>>>> authentication policies for enterprises[3].
>>>>>
>>>>> *RSA Authentication Agent *
>>>>> It is a bridge for communicating to the Authentication Manager with
>>>>> client, and it is process authentication request.
>>>>>
>>>>> *RSA Authenticators*
>>>>> Hardware Authenticators : Dedicated devices (so called key fobs)
>>>>> Software Authenticatiors : Mobile Application Authenticators in
>>>>> Android, iOS, Blackberry, Windows Mobile and etc. [2].
>>>>>
>>>>> [1]
>>>>> https://www.rsa.com/en-us/perspectives/resources/rsa-securid-software-tokens
>>>>> [2]
>>>>> https://www.rsa.com/en-us/products-services/identity-access-management/securid/software-tokens
>>>>> [3] RSA Authentication Manager Documentation
>>>>>
>>>>> --
>>>>> Nifras Ismail
>>>>> Associate Software Engineer
>>>>> WSO2
>>>>> Email : nif...@wso2.com
>>>>> Mobile : 0094 77 89 90 300
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Nifras Ismail
>>>> Associate Software Engineer
>>>> WSO2
>>>> Email : nif...@wso2.com
>>>> Mobile : 0094 77 89 90 300
>>>>
>>>> _______________________________________________
>>>> Architecture mailing list
>>>> Architecture@wso2.org
>>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>>
>>>>
>>>
>>>
>>> --
>>> Kathees
>>> Software Engineer,
>>> email: kath...@wso2.com
>>> mobile: +94772596173
>>>
>>> _______________________________________________
>>> Architecture mailing list
>>> Architecture@wso2.org
>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
>>>
>>>
>>
>>
>> --
>> Nifras Ismail
>> Associate Software Engineer
>> WSO2
>> Email : nif...@wso2.com
>> Mobile : 0094 77 89 90 300
>>
>
>
>
> --
> Nifras Ismail
> Associate Software Engineer
> WSO2
> Email : nif...@wso2.com
> Mobile : 0094 77 89 90 300
>
--
Nifras Ismail
Associate Software Engineer
WSO2
Email : nif...@wso2.com
Mobile : 0094 77 89 90 300
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
