Extending OpenAM HOTP module to display OTP delivery details
2 min readOct 30, 2019
OpenAM provide HOTP authentication module which can send OTP to user’s email address and/or telephone number. By default, OpenAM doesn’t displays user’s email address and/or telephone number while sending this OTP.
Solution
Versions used for this implementation: OpenAM 13.5, OpenDJ 3.5
One of the solution can include extending out of the box OpenAM’s HOTP module:
- Extend HOTP auth module (openam-auth-hotp).
- Update below property in extended amAuthHOTP.properties: send.success=Please enter your One Time Password sent at
- Extend HOTPService appropriately to retrieve user profile details.
- Change extended HOTP module code as per below (both for auto send and on request):
substituteHeader(START_STATE, bundle.getString("send.success") + <Get User contact details from HOTPService>);Deploy
- Build the custom auth module by using maven.
- Deploy the custom auth module. Refer instructions: Building and Installing Custom Authentication Modules
Register service and module (Note that for OpenAM v12 use amAuthHOTPExt-12.xml) :
$ ./ssoadm create-svc --adminid amadmin --password-file /tmp/pwd.txt --xmlfile ~/softwares/amAuthHOTPExt.xml
$ ./ssoadm register-auth-module --adminid amadmin --password-file /tmp/pwd.txt --authmodule com.sun.identity.authentication.modules.hotp.HOTPExtUnRegister service and module (in case module needs to be uninstalled) :
$ ./ssoadm unregister-auth-module --adminid amadmin --password-file /tmp/pwd.txt --authmodule com.sun.identity.authentication.modules.hotp.HOTPExt
$ ./ssoadm delete-svc --adminid amadmin --password-file /tmp/pwd.txt -s sunAMAuthHOTPExtService
- Configure HOTPExt module with required SMTP server. Enable both SMS and Email.
- Create a chain(otpChain) with (LDAP:Required, HOTPExt:Required). Set this chain as default for “Organization Authentication”
- Restart OpenAM
- Invoke HOTP module and appropriate message is displayed on screen with user’s email address and/or telephone number:
See Also
Get code
OpenAM HOTP Authentication Module
OpenAM Custom Auth module sample
Originally published at http://theinfinitelooper.blogspot.com.
