Activate One Touch - Username, Password and OTP

Requirements :  LDAP must be configured, note the ID of the connection used in later steps.
                           
One Touch must be configured

Do the following steps in the ADVANCED  tab in the Configuration GUI

Step 1 - Authentication - HTTP

Add the following section to “Authentication - HTTP”

{
	"id": "activateonetouchotp",
	"alias": "activateonetouchotp",
	"name": "PostUidPasswordAndOTP",
	"configuration": {
		"userValidationPipeID": "EnrollPkiOtpUserLookupAndAuthWithLDAP",
		"otpValidationPipeID": "EnrollPkiOTPValidateSentOtp",
		"successURL": "/activateonetouch/",
		"translationKey": "login.messages.information.body.enrollment.onetouch",
		"headingtranslationKey": "login.messages.information.header.enrollment.onetouch",
		"title": "login.messages.information.title.enrollment.onetouch",
		"loginTemplate": "enrollmentonetouch_otp1.template",
		"otp": "enrollmentonetouch_otp2.template",
		"allowLanguageChange": "true",
        "translation": [
			"login.messages.enrollment.onetouch.title.header1",
			"login.messages.enrollment.onetouch.title.header2",
			"login.messages.enrollment.onetouch.info.learnMore",
			"login.messages.enrollment.onetouch.btn.proceed",
			"login.messages.enrollment.onetouch.input.username",
			"login.messages.enrollment.onetouch.input.password",
			"login.messages.enrollment.onetouch.input.securityCode",
			"login.messages.enrollment.onetouch.title.header3",
			"login.messages.enrollment.onetouch.info.enterOTP",
			"login.messages.enrollment.onetouch.input.enterOTP"
		]
	}
}
Click to copy

Step 2 - HTTP connections

Add the following section to “HTTP connections”, change “port” and “ssl” settings to your requirements

{
	"id": "http_pki",
	"port": "8443",
	"ssl": "true"
}
Click to copy

Step 3 - Modules

Add the following section to “Modules”

{
	"name": "com.phenixidentity~phenix-prism",
	"enabled": "true",
	"config": {
		"base_url": "/activateonetouch",
		"auth_redirect_url": "/activateonetouch/authenticate/activateonetouchotp",
		"http_configuration_ref": "http_pki",
		"module_refs": "enroll_pki_01",
		"enable_roles": "false",
		"use_css": "false"
	},
	"id": "enrollpki"
},
{
    "id": "enroll_pki_01",
    "name" : "com.phenixidentity~phenix-prism-enroll-pki",
    "enabled" : "false",
    "prism_enabled" : "true",
    "config" : {
      "display_name" : "One Touch enrollment",
      "base_uri" : "pki",
      "http_configuration_ref" : "http_pki",
      "url_prefix" : "replace-url_prefix",
      "enroll_timeout_mins" : "1",
      "enroll_pollinterval_ms" : "2000",
      "use_push" : "true"
    }
}
Click to copy

Replace

replace-url_prefix with your url, example "https://192.168.10.118:8443"

Change the following parameters, if needed, to suit your environment

"enroll_timeout_mins":
"enroll_pollinterval_ms":
"use_push":

Step 4 - NODE_GROUPS

Add the module “enrollpki” to module_refs in “NODE_GROUPS” , see example below

example

"module_refs": "d55205cc-e067-4490-9e2b-dbc98459e501,f4660046-9003-4131-ae4b-3710c6b1d147,b7f370d7-f9ec-41f7-982c-408b9cbfc5a3,d802bda5-623e-4afe-b740-f318ee5683dd,enrollpki"
Click to copy

Step 5 - Pipes

Add the following section to “Pipes”

{
	"id": "EnrollPkiOtpUserLookupAndAuthWithLDAP",
	"valves": [
		{
			"name": "LDAPSearchValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"base_dn": "replace-base_dn",
				"scope": "SUB",
				"size_limit": "0",
				"filter_template": "(&(objectclass=user)(sAMaccountName={{request.username}}))",
				"attributes": "cn,mail,mobile"
			}
		},
		{
			"name": "LDAPBindValve",
			"config": {
				"connection_ref": "replace-ldap-ref",
				"password_param_name": "password"
			}
		},
		{
			"name": "OTPGeneratorValve",
			"config": {
				"length": "6",
				"name": "generated_otp"
			}
		},
		{
			"name": "OTPBySMSValve",
			"config": {
				"userid_param_name": "username",
				"gw_username": "replace-gw_username",
				"gw_password": "replace-gw_password"
			}
		}
	]
},
{
	"id": "EnrollPkiOTPValidateSentOtp",
	"valves": [
		{
			"name": "SessionLoadValve",
			"config": {
				"id": "{{request.session_id}}"
			}
		},
		{
			"name": "OTPValidationValve",
			"config": {
				"provided_otp_param_name": "{{request.otp}}",
				"generated_otp_param_name": "generated_otp"
			}
		},
		{
			"name": "ItemCreateValve",
			"config": {
				"dest_id": "{{request.username}}"
			}
		},
		{
			"name": "PropertyAddValve",
			"config": {
				"name": "roles",
				"value": "auth:7313aa29-f399-4a5b-afd3-fb1d7a88ae93",
				"enable_multi_value": "true"
			}
		}
	]
}
Click to copy

Replace the following Pipe settings:

“replace-ldap-ref” with your LDAP connection id, example “731c93fb-f123-403a-9b4f-45720eeed474”
“replace-base_dn” with your “base_dn”, example “DC=phenixid,DC=local”
“replace-gw_username” with your SMS-gateway username
“replace-gw_password” with your SMS-gateway password

Verify that “filter_template” and “attributes” match your environment.