ratclma Absent Member.
Absent Member.
206 views

integrating external OTP app with Forgotten Password

Hi,
Is the following possible using SSPR?

external app deployed on the tomcat instance running on SSPR server, which will generate an OTP when user clicks on a link in their welcome email. the url link contains a parameter userid=<user cn>. the app will write the OTP to edirectory (LDAP) attribute
IDM driver rule reacts to attribute changing and sends mail containing the OTPand a url link to the apps /otpverify endpoint.
Currently the app has a set password function so the user can use it to set their password in LDAP.

What we'd like to do is make this more integrated with SSPR but cannot use the OTP module as that is designed for use with Google authenticator or other mobile OTP. We need to provide an Email OTP solution which is why we have gone down the external app route. We would like to know if this app could be integrated into SSPR Forgotten Password by enabling the External Responses option. Is this possible because if it could be then we would simply need two Forgotten Password profiles one for OTP users and one for challenge/response users. If it isn't then we believe we need to modify the Forgotten Password link on the SSPR login page to direct OTP users to the app and challenge/response users to the normal Forgotten Password page. it ould also mean they could reset their password using the in-built Change Password once they had verified.

I know if the customer had Advanced Auth we could probably use the Oauth verification method as Adv Auth has the email OTP option but unfortunately they don't have plans to purchase Adv Auth.


Thanks
0 Likes
2 Replies
AutomaticReply Absent Member.
Absent Member.

Re: integrating external OTP app with Forgotten Password

ratclma,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Micro Focus Contributor
Micro Focus Contributor

Re: integrating external OTP app with Forgotten Password

ratclma;2500619 wrote:
Hi,
Is the following possible using SSPR?

external app deployed on the tomcat instance running on SSPR server, which will generate an OTP when user clicks on a link in their welcome email. the url link contains a parameter userid=<user cn>. the app will write the OTP to edirectory (LDAP) attribute
IDM driver rule reacts to attribute changing and sends mail containing the OTPand a url link to the apps /otpverify endpoint.
Currently the app has a set password function so the user can use it to set their password in LDAP.

What we'd like to do is make this more integrated with SSPR but cannot use the OTP module as that is designed for use with Google authenticator or other mobile OTP. We need to provide an Email OTP solution which is why we have gone down the external app route. We would like to know if this app could be integrated into SSPR Forgotten Password by enabling the External Responses option. Is this possible because if it could be then we would simply need two Forgotten Password profiles one for OTP users and one for challenge/response users. If it isn't then we believe we need to modify the Forgotten Password link on the SSPR login page to direct OTP users to the app and challenge/response users to the normal Forgotten Password page. it ould also mean they could reset their password using the in-built Change Password once they had verified.

I know if the customer had Advanced Auth we could probably use the Oauth verification method as Adv Auth has the email OTP option but unfortunately they don't have plans to purchase Adv Auth.


Thanks


Can you not use the SSPR token for this? It will send a token value (I guess you can think of this as an OTP) during forgotten password and the user clicks the link in the email....
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.