1. Product Documentation This document is a configuration guide for RCDevs WebADM. The reader should notice that this document is not a guide for configuring WebADM applications (Web Services and WebApps). Specific application guides are available through the RCDevs online documentation library. WebADM installation and setup is not covered by this guide and is documented in the RCDevs WebADM Installation Guide. 2. Product Overview WebADM is a powerful Web-based LDAP administration software designed for professionals to manage LDAP Organization resources such as domain users and groups.
Documents in Web-Service
1. Introduction OpenOTP is the RCDevs user authentication solution. The OpenOTP solution is composed of a set of server applications and components which provide secure and reliable authentication of users to applications and online services, intranet and extranet access, secure Internet transactions… OpenOTP relies on proven technologies and open standards such as OATH (the initiative for open authentication), HOTP / TOTP / OCRA, Radius, LDAP. A one-time password (OTP) is a password that is only valid for a single login session or transaction.
1. Background This document describes how to set up Push Login infrastructure, using WebADM, OpenOTP Push Server and optionally WAProxy. OpenOTP is the RCDevs MFA Service running on top of the RCDevs WebADM platform. OpenOTP itself is composed of several server applications and components that provide secure and reliable authentication of users connecting to applications, online services, intranet, extranet just to name a few. OpenOTP relies on proven technologies and open standards, such as OATH (the initiative for open authentication), HOTP / TOTP / OCRA, Radius, LDAP.
Overview OpenOTP v1.2 supports both OTP and the newer FIDO-U2F standard from the FIDO Alliance for user authentication. If you intend to use OpenOTP with FIDO U2F, please read this document which explains how to enable and use U2F with your application integrations and WebADM self-services. FIDO Universal 2nd Factor (U2F) is a new authentication standard created by the FIDO Alliance which simplifies and strengthens two-factor authentication for businesses and consumers.
OpenID/SAML Identity Provider The installation of OpenID/SAML IdP is straightforward and only consists in running the self-installer and configure the application in WebADM. You do not have to modify any files in the OpenID install directory! The web applications configurations are managed and stored in LDAP by WebADM. To configure OpenID/SAML, just enter WebADM as super administrator and got to the ‘Applications’ menu. Click OpenID/SAML to enter the web-based configuration.
Start with TiQR Server 1. Introduction TiQR is an innovative way to authenticate users to web applications. It is based on open standards for secure authentication developed by the Open Authentication Initiative. TiQR’s unique user-friendly features include one-click enrollment using QR codes and secure authentication without having to re-type complicated codes by leveraging dynamic QR codes embedded in web pages. TiQR supports the OCRA suite of authentication protocols. The security is based on AES 256-bit encryption and the SHA-family hashing functions.
1. Introduction TiQR is a new and revolutionary way to authenticate for online applications, such as webmail or online banking. The key feature is the use of QR tags, which makes authenticating both secure and easy. You will no longer be burdened with typing username/password combinations or complicated one-time passwords. Scanning a QR code and typing your PIN is all there is to it. This is the secret behind tiqr’s ease of use.
Configuration of WebADM as a SAML Identity Provider 1. Configuration of the Identity Provider First, we need a WebADM server with MFA Authentication Server and OpenID & SAML Provider. We can use the appliance or install a new server. We need also a DNS name for the server. If we can not change the DNS, we can also add the name in /etc/hosts or c:\WINDOWS\system32\drivers\etc\hosts for testing purpose :