1. Product Documentation This document is a configuration guide for OpenOTP Radius Bridge (RB). The reader should notice that this document is not a guide for installing and configuring OpenOTP or WebADM. Specific application guides are available through the RCDevs documentation website. 2. Product Overview OpenOTP Radius Bridge provides the RADIUS RFC-2865 (Remote Authentication Dial-in User Service) API for OpenOTP Authentication Server. Standalone, the OpenOTP server provides SOAP/XML and JSON interfaces over HTTP and HTTPS.
Documents in Installation & Setup
1. Product Documentation This document is an installation guide for RCDevs WebADM Server. The reader should notice that this document is not a guide for installing WebADM applications (Web Services and Web Applications). Specific application guides are available through the RCDevs Online documentation. WebADM usage manual is not covered by this guide and is documented in the RCDevs WebADM Administrator Guide. 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as Domain Users and Groups.
1. Overview 1.1 The Problem RCDevs’ PSD2-READY solution has all the tools you need to stay compliant. Online banking and most business processes require controls and approvals. It could be for a large financial transaction, a simple work expense reimbursement or procurement approval. In banking, these have been traditionally managed using One-Time Passwords (OTP) or PIN codes and in business applications with simple username+password authentication. These mechanisms are now insufficient to meet today’s regulatory requirements, security and usability expectations.
1. Product Documentation This document is a deployment guide for RCDevs WebADM in high availability (or cluster) mode. The reader should notice that this document is not a guide for installing WebADM applications (Web Services and WebApps). 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as Domain Users and Groups. It is the configuration interface and application container for RCDevs Web Services and WebApps such as OpenOTP.
1. Product Documentation This document describes how to configure correctly the Yubico YubiHSM and enable it through the WebADM setting, in order to provide both hardware level encryption and random seed generation (the strongest Enterprise security available) in your RCDevs product. WebADM only needs a subset of commands to work with the YubiHSM and the reader should notice that this document is not a guide describing all possible modes of operation provided by the device itself.
1. Overview In this how-to, we will demonstrate how to easily migrate from a third party 2FA software to OpenOTP. In this documentation, we assume that you are already running WebADM, OpenOTP and Radius Bridge. To understand what will be done here, we will describe the steps: Have a WebADM, OpenOTP and Radius Bridge installed and configured, Activate every users who will require 2FA authentication at the WebADM level, Import your third-party hardware Tokens into WebADM.
1. Overview This document is an installation guide for the MFA VPN provided by RCDevs. Hence, the installation or configuration of WebADM, including token registration is not covered in this guide. For installation and usage guides of WebADM and OpenOTP, please refer to the RCDevs WebADM Installation Guide and the RCDevs WebADM Administrator Guide available through the RCDevs online documentation Website. 2. Installation of MFA VPN On a RedHat, CentOS or Fedora system, you can use our repository, which simplifies updates.
1. Product Overview WAProxy is an HTTP(S) reverse proxy for WebADM. While any reverse proxy should be able to fill the role, this one has been already configured by RCDevs to work securely and use all the features WebADM provides to reverse proxies. WAProxy handles basic load balancing, failover, and both server and client certificates with the least possible amount of configuration effort. Without a WAProxy reverse proxy, WebADM end-user web applications must be accessible from anywhere its users could be: if you use OpenOTP Push Login or TiQR, a user’s phone must be able to access the mobile communication endpoints on your WebADM installation from the internet.
1. Background This document describes how to set up Push Login infrastructure, using WebADM, OpenOTP Push Server and optionally WAProxy. OpenOTP is the RCDevs MFA Service running on top of the RCDevs WebADM platform. OpenOTP itself is composed of several server applications and components that provide secure and reliable authentication of users connecting to applications, online services, intranet, extranet just to name a few. OpenOTP relies on proven technologies and open standards, such as OATH (the initiative for open authentication), HOTP / TOTP / OCRA, Radius, LDAP.
How To Configure WebADM with a Read-Only Active Directory Important Note An entreprise license is mandatory for that setup since WebADM 1.6.6 In some circumstances, we can not write in the LDAP backend. In that case, we need to store some configurations in a local LDAP database and users extra information in a SQL database. In this example, we will start with a WebADM server running with a local MariaDB and RCDevs Directory Server.
1. Overview This guide intends to explain how to install and configure WebADM in docker containers. The following items will be covered: Slapd MariaDB WebADM WAProxy 2. Before you start All steps were tested in CentOS 7/CentOS 8 and docker version 19. But it should work in any system running a modern version of docker. In this guide, I assume you already have a working docker installation. In case you need help to setup a docker environment, you can check the docker website documentation.
1. Product Overview The main use-case of OpenOTP LDAP Bridge is enabling enterprise applications that use LDAP as an external authentication mechanism to work with OpenOTP. LDAP Bridge allows authentication to be delegated to an OpenOTP server transparently, without changing the LDAP back-end. From the client applications perspective, the main change is that it will use the LDAP Bridge as an LDAP server, instead of the backend-end LDAP server.