WSO2 Identity Server is integrated to CASQUE SNR Multi-factor Authentication Technology.
The technology is based on a Challenge-Response protocol with the User having a hand held secure Token that calculates the response to a challenge after the User enters their credentials. There are many different Token forms including Optical, USB Tokens, Contact and Contactless Smartcard and Surrogate Tokens. All have the same highest level Secure processor chips rated at EAL6. There are options for Client and Client-less architectures.
The CASQUE SNR integration with WSO2 provides universal High Grade Identity Assurance to a Cloud of Web Application Services. This means the User determines who can access their data resources on the Cloud even if these are distributed on diverse Cloud Platforms. CASQUE SNR Tokens can be completely refreshed (unlike existing OTP Tokens) allowing re-use so can offer Identity as a Service to Managed Service Providers.
Distributed Management Systems (DMS) is the developer of the CASQUE SNR Technology and DMS or its Systems Integrator will supply the full CASQUE SNR System which comprises SAS software to initially populate the Tokens, a batch of "blank" Tokens and the CASQUE SNR Authentication Server Software for Linux or Windows Operating Systems together with CASQUE SNR Players for the desired client platforms. The SAS software enables the Customer to initially populate the blank Tokens - this means that DMS or its Systems Integrator can never be part of the security risk.There is detailed accompanying documentation that gives instruction on installation procedures and deployment options.
This topic provides instructions on how to configure the CASQUE SNR Multi-factor Authenticator with the WSO2 Identity Server.
Download WSO2 Identity Server from the WSO2 Identity Server and install it by following the instructions in the Installing the Product topic.
CASQUE SNR Version 1.1.0 Multi-factor Authenticator is supported by WSO2 Identity Server from version 5.4.0.
To download the CASQUE-SNR artifacts, go to CASQUE-SNR on WSO2 Store
Artifacts contains org.wso2.carbon.identity.casque.authenticator_1.1.0.jar (The jar can generate by casque_authenticator, you can find this in casque_authenticator/component/org.wso2.carbon.identity.casque.authenticator/target),casque.war and casque.conf
- Copy the connector (org.wso2.carbon.identity.casque.authenticator_1.1.0.jar) into <IS_HOME>/repository/components/dropins directory.
- Copy the casque.conf into <IS_HOME>/repository/deployment/server/webapps directory.
- Copy the casque.conf into <IS_HOME>/repository/conf directory.
This topic provides Instructions to set up a mapped claim for the CASQUE SNR Authenticator feature.
-
In the Management console Click Add under the Claims.
-
Click Add Local Claim.
-
Insert the followings
Claim URI - http://wso2.org/claims/identity/casqueSnrToken
Description - CASQUE SNR Token ID
Mapped Attribute(s) - PRIMARY displayName
If displayName is in use then map to another attribute.
-
Click Add.
-
Now edit token_id from the list as follows.
Regular Expression ^[a-fA-F0-9]{3} [0-9]{6}$ Supported by Default true
-
Now edit displayName (or the other attribute you chose) from the list as follows.
Regular Expression ^[a-fA-F0-9]{3} [0-9]{6}$ Supported by Default true
-
Click Update
Edit the “casque.conf” in the <IS_HOME>/repository/conf directory to associate the IP Address, Port and Secret of the accompanying CASQUE SNR Authentication Server. Now restart the WSO2 IS Server.
-
Go to the Users and Roles section tab under the Main then click Add.
-
Add User eg : “casque1” with a password.
-
Click Finish.
-
Now go to the casque1 User Profile. Add the token_id that is allocated to User casque1. Add First Name and Email.
-
Click Update
- In the Identity section under the Main tab, click Add under Service Providers.
- Add a name and description, e.g. CASQUEAuth CASQUE SNR Authenticator
- Click Register.
- Expand Inbound Authentication Configuration Expand OAuth/OpenID Connect Configuration Select Configure
- Enter callback Uri of the Relying Party e.g. Amazon Web Services.
- Click Add.
- Expand Local & Outbound Authentication Configuration.
- Select Advanced Configuration