Maxmind Geolocation Provider for Risk Based Authentication with NAM 4.1

Maxmind Geolocation Provider for Risk Based Authentication with NAM 4.1

Introduction


 
Maxmind offers downloadable database for free and paid version. Please read the terms and conditions before using free version.

This database is used offline without internet based outbound calls.

Goal of this solution


 
NetIQ Access Manager can support custom Geo location providers in order to determine the risk score. Risk Based Authentication with NAM 4.1 will consume this custom provider implementation to read geolocation of user from where user is accessing the system.

This solution will demonstrate how to use Maxmind Geolocation provider with Risk Based Authentication.

Configuration steps


 

  1. Download Maxmind Geolocation database to IDP system and note down file path (download location http://dev.maxmind.com/geoip/legacy/geolite/ );

  2. Download zip file with this cool solution, it contains maxmind api jar and custom Geo provider for NAM

  3. Copy the jar file to NAM IDP system at location /opt/novell/nam/idp/webapps/nidp/WEB-IN/lib

  4. Copy the com folder to NAM IDP system at location /opt/novell/nam/idp/webapps/nidp/WEB-INF/classes

  5. Restart NAM IDP “/etc/init.d/novell-idp restart”

  6. Go to Admin Console --> Risk Configuration --> Geolocation

  7. Enable Location Profiling

  8. Select Custom Provider as the Geolocation Provider

  9. Enter name for Provider name

  10. Enter com.netiq.custom.risk.core.geoloc.providers.MaxMindLocalDB as Java Class Path

  11. Under Provider Properties Add citydbfile as Property Name and downloaded Maxmind geolocation db file path as value. For example /opt/novell/GeoLiteCity.db

    screenshot1

  12. Click ok and finish configuration


Testing


 

  1. Create Geolocation rule and add that to Rule Group

  2. Access Troubleshooting Tool for Risk Based Authentication

  3. Select risk group and read the result.


References


 
https://www.netiq.com/documentation/access-manager-41/admin/data/b1dg0omz.html#b1dg0omz
http://dev.maxmind.com/geoip/legacy/install/city/
http://dev.maxmind.com/geoip/legacy/geolite/
http://dev.maxmind.com/geoip/legacy/downloadable/

Update for maxmind GeoLite2



Updated maxmind provider java source MaxMindLocalDB.zip
Download Maxmind java jar files and copy maxmind-db-1.2.2.jar and geoip2-2.12.0.jar to NIDP lib folder.
Compile provider java source file with NIDP lib jar files in classpath and make jar and copy to NIDP lib folder and restart.
Download Maxmind GeoLite2 city db and follow the same configuration in this cool solution.

Please share your comments!!

Labels (1)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
In the explanation given the used database is the City -one .. does the configured propertyname change depending on the database used ?to like 'countrydbfile' if you were to use the Country - one , or is it all available under the same property ?
I found an interesting anomaly when using this with FIngerprinting. This was with 4.3.3, and what happened was when the Geolocation was done before the Fingerprinting, the User DN was lost, so Fingerprinting did not work. Reversed the order and everything was OK. That was about as far as I took it.
Hi - now that Legacy Maxmind is depreciated and no longer available, are you planning to provied a v2 update?
Updated the information for Maxmind v2 (updated broken link for zip file)
The link for MaxMindLocalDB.java.zip is broken...just loops back to this cool solution
"Download Maxmind java jar files and copy maxmind-db-1.2.2.jar and geoip2-2.12.0.jar to NIDP lib folder." = https://dev.maxmind.com/geoip/geoip2/web-services/
Error with java.lang.NoClassDefFoundError: com/maxmind/geoip/LookupService (full thread https://drive.google.com/open?id=1dl1BwPguXJxANeGWdmBcezvXbe2tiTgi )

maxmind-db-1.2.2.jar and geoip2-2.12.0.jar and MaxMindLocalDB.jar in /opt/novell/nam/idp/webapps/nidp/WEB-INF/lib with ownership set to novlwww:novlwww and removed old jar file.
Never mind - missed cleaning out WEB-INF/classes of the custom java - conflict
2019-01-22T23:11:48Z SEVERE NIDS Application: com.netiq.custom.risk.core.geoloc.providers.MaxMindLocalDBException message: "com.netiq.custom.risk.core.geoloc.providers.MaxMindLocalDB"
WebappClassLoaderBase.java, Line: 1309, Method: loadClass
WebappClassLoaderBase.java, Line: 1137, Method: loadClass
Class.java, Line: -2, Method: forName0
Class.java, Line: 264, Method: forName
GeoLocationFactory.java, Line: 89, Method: getProviderInstance
I've created a script for compilation: https://drive.google.com/open?id=1OrxY0DrgrTB9kmBlPDb-VzZIIgopDNub
@matt found typo:

package com.netiq.custom.risk.core.geoloc.providers;
thank you!
Top Contributors
Version history
Revision #:
3 of 3
Last update:
‎2020-01-31 22:06
Updated by:
Micro Focus Contributor
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.