WWPass Authentication
- Kim Rasmussen
Purpose
Supports Authentication using WWPass - see https://wwpass.com for additional details aboutÂ
Features
- WWPass Key Mobile App support
- Browser plugin and WWPass hardware token support
- On mobile device, supports both showing QR code and using WWPass App
Overview
The SMS Authentication plugin exists in 2 variants; dk.itp.security.authentication.wwpass.WWPassAuthenticationPlugin which contains the logic for validating retrieving and validating tickets issued by WWPass, and a concrete implementation called dk.itp.portalprotect.useradmin.server.WWPassUAAuthenticationPlugin which retrieves data from the Ceptor User Administration Server - supporting both registration and authentication
This provider requires a keystore containing a SSL/TLS private key and certificate used as client certificate when communicating with WWPass.
Configuration
The following configuration options exist for dk.itp.security.authentication.wwpass.WWPassAuthenticationPlugin which handles ticket issuance/validation.
Property | Value | Description |
|---|---|---|
| wwpass.httpProxyHost | Hostname of http proxy server, if any | If communication should go via http proxy server, specify the hostname |
| wwpass.httpProxyPort | TCP Port number Default: 8080 | Port number for proxy server, if httpProxyHost is specified |
| wwpass.httpProxyUser | Userid | If proxy requires authentication, specify the userid |
| wwpass.httpProxyPassword | Password | If proxy requires authentication, specify the password - note that the password can be specified encrypted, see Encrypting or Obfuscating Passwords |
| wwpass.httpNoProxyFor | pattern | Hostnames or IPs matching this pattern will not be proxied |
| wwpass.verifysslhostname | True/false Default: true | Hostname validation can be turned off for specialized proxy setups |
| wwpass.verifysslcertificate | True/false Default: true | Allows turning off SSL Server certificate validation |
| wwpass.timeoutSeconds | Integer Default: 10 | Number of seconds to wait for a response from WWPass server |
| wwpass.hostname | Hostname Default: spfe.wwpass.com | Hostname of WWPass server to communicate with |
| wwpass.keystore.provider | JCE Provider name Default: BC | Specify name of JCE provider to load keystore from |
| wwpass.keystore.type | JCE Keystore type Default: PKCS12 | Specify JCE keystore type |
| wwpass.keystore.file | Filename | Where to load keystore file from, if keystore type/provider uses a file |
| wwpass.keystore.password | Password | Password for the keystore/key |
When using the version of the WWPass authentication plugin that uses the useradmin database; dk.itp.portalprotect.useradmin.server.WWPassUAAuthenticationPlugin the following configuration properties exist in addition to the ones above:
Property | Value | Description |
|---|---|---|
| useradminservers | <url> Default: localhost:15000 | URL to useradmin server |
| ua_userid | <userid> | Userid to use when authenticating to useradmin server |
| ua_password | <password> | Password to use when authenticating to useradmin server |
| useridpassword.autounlockminutes | <value in minutes> Default: 0 | If nonzero, and user was automatically locked due to too many failed password attempts, he will automatically be unlocked after the specified number of minutes. |
| useridpassword.maximuminvalidpasswordattempts | <number> Default: 0 | If nonzero, and if invalid login attempts reaches this limit, the user is automatically locked. |
© Ceptor ApS. All Rights Reserved.