Skip to end of metadata
Comment: Migrated to Confluence 4.0
Go to start of metadata

The default implementation of the OpenIAM Challenge response service is designed to store the questions and their corresponding answers within the OpenIAM repository. However, there are cases where we need to:

  • Obtain the questions from an external source
  • Validate the response against an external source. For example, you may want to ask the user to identify themselves by providing the amount of their last paycheck.

Payroll and other information may not be available with in OpenIAM, but is available through other systems. This information is typically not stored within OpenIAM. The following section describes how to extend the challenge response functionality so that it can be integrated with these external systems.

The ChallengeResponseWebService uses objects that implement the ChallengeResponseValidator interface to provide functionality to to getQuestions, answers and to check if the answers are valid.  The custom module can be created using either Java and the spring framework or with Groovy script.  The steps below use Groovy script due to the significantly lower effort in development and deployment.  The steps below describe how to create a custom ChallengeResponse module using Groovy.

  • Create a script in the apache-tomcat-6.0.26/iamscripts/plugin directory. The script should have the same name as the name of the class. For example, if the name of the class is MyChallengeResponse then the name of the script should be MyChallengeResponse.groovy_._
  • Define a class in the script that implements the ChallengeResponseValidator interface as shown below.
  • Provide an implementation for these methods. The example below queries a database table to obtain the questions and validate the answers. Since Groovy offers significant flexibility, you cam call others systems using SQL, Web Services, etc.

Sample Implementation:

  • Once the class have been created, we need integrate it with the ChallengeResponseWebService. To do this:
    • Open iam-plugin.properties file in a text editor
    • Assign challengeResponse.respValidatorObjType equal to 'groovy'
    • Assign challengeResponse.respValidatorObjName to the name of your new script
Labels:
None
Edit Labels