Activate One Touch - User and Password
Requirements : LDAP must be configured, note the ID of the connection used in later steps.
One Touch must be configured
Do the following steps in the ADVANCED tab in the Configuration GUI
Step 1 - Authentication - HTTP
Add the following section to “Authentication - HTTP”
{
"alias": "activateonetouch",
"name": "PostUidAndPassword",
"configuration": {
"pipeID": "EnrollPkiUserLookupAndAuthWithLDAP",
"successURL": "/activateonetouch/",
"translationKey": "login.messages.information.body.enrollment.onetouch",
"headingtranslationKey": "login.messages.information.header.enrollment.onetouch",
"title": "login.messages.information.title.enrollment.onetouch",
"loginTemplate": "enrollmentonetouch.template",
"allowLanguageChange": "true"
},
"id": "activateonetouch"
}
Step 2 - HTTP connections
Add the following section to “HTTP connections”, change “port” and “ssl” settings to your requirements
{
"id": "http_pki",
"port": "8443",
"ssl": "true"
}
Step 3 - Modules
Add the following section to “Modules”
{
"name": "com.phenixidentity~phenix-prism",
"enabled": "true",
"config": {
"base_url": "/activateonetouch",
"auth_redirect_url": "/activateonetouch/authenticate/activateonetouch",
"http_configuration_ref": "http_pki",
"module_refs": "enroll_pki_01",
"enable_roles": "false",
"use_css": "false"
},
"id": "enrollpki"
},
{
"id": "enroll_pki_01",
"name" : "com.phenixidentity~phenix-prism-enroll-pki",
"enabled" : "false",
"prism_enabled" : "true",
"config" : {
"display_name" : "One Touch enrollment",
"base_uri" : "pki",
"http_configuration_ref" : "http_pki",
"url_prefix" : "replace-url_prefix",
"enroll_timeout_mins" : "1",
"enroll_pollinterval_ms" : "2000",
"use_push" : "true"
}
}
Replace
Replace-url_prefix with your url, example "https://192.168.10.118:8443"
Change the following parameter, if needed, to your requirements
"enroll_timeout_mins":
"enroll_pollinterval_ms":
"use_push":
Step 4 - NODE_GROUPS
Add the module “enrollpki” to module_refs in “NODE_GROUPS” , see example below.
example
"module_refs": "d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd,enrollpki"
Step 5 - Pipes
Add the following section to “Pipes”
{
"id": "EnrollPkiUserLookupAndAuthWithLDAP",
"valves": [
{
"name": "LDAPSearchValve",
"config": {
"connection_ref": "replace-ldap-ref",
"base_dn": "replace-base_dn",
"scope": "SUB",
"size_limit": "0",
"filter_template": "(&(objectclass=user)(sAMaccountName={{request.username}}))",
"attributes": "cn,mail,mobile"
}
},
{
"name": "LDAPBindValve",
"config": {
"connection_ref": "replace-ldap-ref",
"password_param_name": "password"
}
},
{
"name": "PropertyAddValve",
"config": {
"name": "roles",
"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
"enable_multi_value": "true"
}
}
]
}
Replace the following Pipe settings:
“Replace-ldap-ref” with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
“Replace-base_dn” with your “base_dn”, example “DC=phenixid,DC=local”
Verify that “filter_template” and “attributes” match your environment.