How to Integrate NetIQ Access Manager with reCaptcha for login form failures without NAM code change

How to Integrate NetIQ Access Manager with reCaptcha for login form failures without NAM code change

Introduction



reCAPTCHA is a free CAPTCHA service that helps to digitize books, newspapers and old time radio shows.



A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them - colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam. No computer program can read distorted text as well as humans can, so bots cannot navigate sites protected by CAPTCHAs.



reCAPTCHA is a free CAPTCHA service that protects your site against spam, malicious registrations and other forms of attacks where computers try to disguise themselves as a human; a CAPTCHA is a Completely Automated Public Turing test to tell Computers and Human Apart. reCAPTCHA comes in the form of a widget that you can easily add to your blog, forum, registration form, etc.



http://www.google.com/recaptcha/learnmore



API Keys



To use reCAPTCHA, you need to sign up for API keys for your site. Unless you select the "global key" option, the keys are unique to your domain and sub-domains. (By default, all keys work on "localhost" (or "127.0.0.1"), so you can always develop and test on your local machine.)



https://developers.google.com/recaptcha/?csw=1



Integration



Once you've signed up for API keys, adding reCAPTCHA to your site consists of two steps and optionally a third step where you customize the widget:


  1. Client Side: Displaying the reCAPTCHA Widget (Required)

  2. Server Side: Verifying the solution (Required)

  3. Customizations (Optional)



In most Web forms, you usually have two files: the form itself with the fields, and the file with the script/servlet/servlet-filter to process the inputs to the form. These two files correspond to steps 1 and 2 above. Therefore, in most cases you will have to modify two different files.



For above step 3 please refer to recaptcha website.


https://developers.google.com/recaptcha/intro




Download recaptcha.zip



Follow the steps below to enable captcha for login page without modifying the NAM IDP (nidp) code to existing name/password login page.




  1. Copy your login.jsp at IDP from the location /opt/novell/nam/idp/webapps/nidp/jsp to backup folder. (/tmp)

  2. Modify the login.jsp file at IDP of /opt/novell/nam/idp/webapps/nidp/jsp/ folder

  3. Modify the following lines in login.jsp:
     

    To be replaced text:



    <tr>
    <td align=right colspan=2 style="white-space: nowrap">
    <input alt="<%=handler.getResource(JSPResDesc.LOGIN)%>" border="0" name="loginButton2" src="<%= handler.getImage("btnlogin.gif",true)%>" type="image" value="Login" onClick="return imageSubmit()">
    </td>
    </tr>
    </table>
    </td>
    </tr>
    <%
    String err = (String) request.getAttribute(NIDPConstants.ATTR_LOGIN_ERROR);
    if (err != null)
    {
    %>
    <td style="padding: 10px">
    <div class="instructions"><%=err%></div>
    </td>
    </tr>
    <% } %>

     

    Replace with:



    <%
    String err = (String) request.getAttribute(NIDPConstants.ATTR_LOGIN_ERROR);
    int failCount =0;
    HttpSession s= request.getSession();
    if(s.getAttribute("loginFailCount") != null)
    failCount = Integer.parseInt((String)s.getAttribute("loginFailCount"));
    if (err != null || failCount > 0)
    {
    failCount ++;
    s.setAttribute("loginFailCount",""+failCount);
    }
    // Increase this number to required number of login failures to show captcha
    if(failCount >2)
    {
    try{
    s.setAttribute("loginURL", request.getRequestURL()+"?"+request.getQueryString());
    }catch(Exception e){}
    request.setAttribute("capatchaEnabled","true");
    //replace <public key> and <private key> with recaptcha public and private key
    ReCaptcha c = ReCaptchaFactory.newSecureReCaptcha("<public key>", "<private key>", false);
    ((ReCaptchaImpl) c).setRecaptchaServer("https://www.google.com/recaptcha/api");
    <!-Writes captcha widget -->
    out.print(c.createRecaptchaHtml(null, null));
    }
    %>
    <tr>
    <td align=right colspan=2 style="white-space: nowrap">
    <input alt="<%=handler.getResource(JSPResDesc.LOGIN)%>" border="0" name="loginButton2" src="<%= handler.getImage("btnlogin.gif",true)%>" type="image" value="Login" onClick="return imageSubmit()">
    </td>
    </tr>
    </table>
    </td> </tr>
    <tr>.
    <%
    if (err != null)
    {

    %>
    <td style="padding: 10px" align=center>
    <div class="instructions"><%=err%></div>
    </td>
    </tr>
    <% } %>




  4. Modify the login.jsp for how many number of login failures, captcha need to be shown. Modify the line to required number if(failCount >2) in login.jsp

  5. After register with recaptcha, note down public and private keys.

  6. Replace the line in login.jsp with public and private keys.
    ReCaptcha c = ReCaptchaFactory.newSecureReCaptcha("<public key>", "<private key>", false);

  7. Copy jar from extracted folder dist to /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib

  8. Modify the file /opt/novell/nam/idp/webapps/nidp/WEB-INF/web.xml
     

    Copy the following



    <filter>
    <filter-name>recaptchaFilter</filter-name>
    <filter-class>
    com.netiq.recaptcha.RecaptchaFilter
    </filter-class>
    </filter>
    <filter-name>recaptchaFilter</filter-name>
    <url-pattern>/*</url-pattern>
    <dispatcher>FORWARD</dispatcher>
    </filter-mapping>


    Just above the:



    <filter-mapping>
    <filter-name>nidpJspFilter</filter-name>
    <url-pattern>/jsp/*</url-pattern>
    </filter-mapping>


  9. Restart the IDP executing "/etc/init.d/novell-idp restart"



References:




Labels (1)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Is the WEB.XML code correct? Every time I changed this, the IDP server stops responding showing log errors on the Catalina.out.
When a jsp file is modify more than 1 times, when we restart the IDP, the first page always come back.
All modifications are missing.

This is a fresh 4.1.1 installation. (no upgrade from 3.2 or 4.0)
In DEV, no change but this is an upgrade from 3.2 -> 4.0 -> 4.1.1
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:07
Updated by:
Micro Focus Contributor
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.