Difference between revisions of "Passcode security"

Revision as of 20:08, 9 November 2017

This article will be published 13 november 2017

Preparation

To enable 2 factor authentication for users you will need to prepare the following:

List of IP's that should not require 2 factor authentication
An messaging URL for sending SMS's
Access to cellphone numbers for all employees

Setup

First you will setup the system to run in testmode, so that all messages are sent for you. After checking everything works, disable the testmode.

Change server configurations

Set "smsConnectUrl" to your connection URL
Check that "smsParamMessage" fits the parameter name of your SMS provider
Check that "smsParamNumber" fits the parameter name of your SMS provider

Optionally you can allow IP based exceptions from the rules

Set "passcodeTrustedIp" to true Template:ServerSettingSingle.do?DataType=1&PolicyName=passcodeTrustedIp
Set "passcodeTrustedIpList" to contain your office IP's: ServerSettingSingle.do?DataType=3&PolicyName=passcodeTrustedIpList

Furthermore you can allow multiple logins from the same IP to

Set "passcodeUserIpHistory" to true: ServerSettingSingle.do?DataType=1&PolicyName=passcodeUserIpHistory
Set "passcodeUserIpHistoryCount" to minimum succesfull logins: ServerSettingSingle.do?DataType=2&PolicyName=passcodeUserIpHistoryCount

Stop the application server

Go to the application folder and dive into: <application>\WEB-INF\web.xml

Uncomment the section containg the servlet mapping

   <filter>
       <filter-name>TwoFactorAuthentication</filter-name>
       <filter-class>dk.tempusserva.passcode.SmsVerificationFilter</filter-class>
   </filter>
   <filter-mapping>
       <filter-name>TwoFactorAuthentication</filter-name>
       <url-pattern>/main</url-pattern>
   </filter-mapping>

Start the application server

Test and go live