Difference between revisions of "Passcode security"
Jump to navigation
Jump to search
old>Admin (→Setup) |
old>Admin (→Setup) |
||
Line 18: | Line 18: | ||
Optionally you can allow IP based exceptions from the rules | Optionally you can allow IP based exceptions from the rules | ||
* Set " | * Set "passcodeTrustedIp" to true <ref>ServerSettingSingle.do?DataType=1&PolicyName=passcodeTrustedIp</ref> | ||
* Set "passcodeTrustedIpList" to contain your office IP's: ServerSettingSingle.do?DataType=3&PolicyName=passcodeTrustedIpList | * Set "passcodeTrustedIpList" to contain your office IP's: ServerSettingSingle.do?DataType=3&PolicyName=passcodeTrustedIpList | ||
Revision as of 20:06, 9 November 2017
This article will be published 13 november 2017
Preparation
To enable 2 factor authentication for users you will need to prepare the following:
- List of IP's that should not require 2 factor authentication
- An messaging URL for sending SMS's
- Access to cellphone numbers for all employees
Setup
First you will setup the system to run in testmode, so that all messages are sent for you. After checking everything works, disable the testmode.
Change server configurations
- Set "smsConnectUrl" to your connection URL
- Check that "smsParamMessage" fits that of your provider
- Check that "smsParamNumber" fits that of your provider
Optionally you can allow IP based exceptions from the rules
- Set "passcodeTrustedIp" to true [1]
- Set "passcodeTrustedIpList" to contain your office IP's: ServerSettingSingle.do?DataType=3&PolicyName=passcodeTrustedIpList
Furthermore you can allow multiple logins from the same IP to
- Set "passcodeUserIpHistory" to true: ServerSettingSingle.do?DataType=1&PolicyName=passcodeUserIpHistory
- Set "passcodeUserIpHistoryCount" to minimum succesfull logins: ServerSettingSingle.do?DataType=2&PolicyName=passcodeUserIpHistoryCount
Stop the application server
Go to the application folder and dive into: <application>\WEB-INF\web.xml
Uncomment the section containg the servlet mapping
<filter> <filter-name>TwoFactorAuthentication</filter-name> <filter-class>dk.tempusserva.passcode.SmsVerificationFilter</filter-class> </filter> <filter-mapping> <filter-name>TwoFactorAuthentication</filter-name> <url-pattern>/main</url-pattern> </filter-mapping>
Start the application server
Test and go live
Change server configurations
- Set "smsTestMode" to true
- ↑ ServerSettingSingle.do?DataType=1&PolicyName=passcodeTrustedIp