Installation
In order to deploy the TOTP MCF plugin, you’ll need to have a functioning installation of FMoP 7.4+ running on a supported application server.
The TOTP plugin installation tasks involves 3 high-level steps:
- Create the configuration file c-config-acsp_totp.xml
- Update the configuration file c-config-acsp.xml
- Copy the MCF plugin .jar file to the lib folder of the AdaptiveAuthentication.war application
These steps are documented in this section.
In the rsa/configs folder of each FMoP server, create a file called c-config-acsp_totp.xml and insert the content shown below.
TOTP configuration parameters are:
| Parameter Name | Description |
|---|---|
| max_totp_instances_per_user | The max number of TOTP instances that can be assigned to a user - Default 1. |
| acceptance_window_intervals | OTP codes falling in the time tolerance window (to cater for clock skew) will be accepted - Default 0. |
| allow_totp_reuse | Indicates whether an OTP can be re-used for multiple authentication attempts, if set to true. Defaults to false. |
| max_failures | Max number of failed OTP answers (authenticate method calls) before a TOTP instance will be disabled. Default 3. |
In FMoP “config” folder, add a file named “c-config-acsp_totp.xml” with the following content:
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean class="com.rsa.csd.mcf.acsp.generic.GenericAcspType"
id="TOTP_TYPE">
<property name="stringVal">
<value>TOTP</value>
</property>
<property name="implClass">
<value>com.rsa.csd.mcf.acsp.generic.AcspWrapper</value>
</property>
<property name="implFactory">
<value>au.com.safearea.totp.TOTPFactory</value>
</property>
<property name="isSync">
<value>true</value>
</property>
<property name="configuration">
<ref bean="totpConfiguration"/>
</property>
<property name="authLevel">
<value>850</value>
</property>
<property name="sessionTimeOut">
<value>600</value>
</property>
<property name="shouldCreAsFraud">
<value>false</value>
</property>
</bean>
<bean class="com.passmarksecurity.config.bean.ClassFreeBean"
id="totpConfiguration">
<property name="parameters">
<map>
<entry key="max_totp_instances_per_user">
<value>3</value>
</entry>
<entry key="acceptance_window_intervals">
<value>1</value>
</entry>
<entry key="allow_totp_reuse">
<value>false</value>
</entry>
<entry key="max_failures">
<value>3</value>
</entry>
</map>
</property>
</bean>
<bean class="com.rsa.csd.mcf.acsp.AcspMetaData"
id="TOTP_METADATA">
<property name="acspType">
<ref bean="TOTP_TYPE"/>
</property>
<property name="acspStatusString">
<value>ACTIVE</value>
</property>
<property name="clientManaged">
<value>false</value>
</property>
<property name="billFlag">
<value>false</value>
</property>
</bean>
<bean class="com.rsa.csd.mcf.acsp.generic.GenericMetadataListEntry"
id="TOTP_METADATA_ENTRY">
<property name="metadata">
<ref bean="TOTP_METADATA"/>
</property>
<property name="factory">
<value>au.com.safearea.totp.TOTPGenFactory</value>
</property>
</bean>
</beans>
Edit the In the c-config-acsp.xml file and in the “metadatalist” property, add a line as follows:
<ref bean="TOTP_METADATA_ENTRY"/>
Copy the TOTP MCF plugin TOTPMCFPlugin-jar-with-dependencies.jar file to the the WEB-INF/lib folder of the AdaptiveAuthentication application. For example, in the case of a Tomcat deployment, copy the file to the webapps\AdaptiveAuthentication\WEB-INF\lib folder.
After implementing the above changes, restart the FMoP application server.