1
0
-1

Hi,

we would like to make some of our forms available to our customers in a secure environment; only allow form access to our customers registered as internet banking customers - authentication would be using their internet banking credentials.

The KB article about User Spaces describes the Web Plugin and other articles mention Security Manager and Access Control Options, which uses Single Sign On (SSO). The articles provide a big picture, but not enough detail to apply to our use case.

Our internet banking system can provide authentication, but cannot provide an SSO token.

So, I am trying to design a system that uses our IB as authentication, and use Authy (or other 2FA provider).

We want to use some sort of authentication model, like SSO, or SAML, or other that allows the user to access the secure form, without having to create an account on TM. We would need some form of Security Manager so that we can manage login attempts, session time out, 2FA (using a One Time Password) and so on.

Does anyone have experience with the Web Plugin and secure forms, or SSO and 2FA?


Thanks

Mark

    CommentAdd your comment...

    1 answer

    1.  
      1
      0
      -1

      Hi Mark,

      "Our internet banking system can provide authentication, but cannot provide an SSO token.

      So, I am trying to design a system that uses our IB as authentication, and use Authy (or other 2FA provider)."

      By generating the SAML token based on the customer's IB authentication, the Avoka application can get the SAML assertion validated by the SSO Security Manager that you can setup in TM before the form is displayed.

      "We want to use some sort of authentication model, like SSO, or SAML, or other that allows the user to access the secure form, without having to create an account on TM."

      Once the SSO Security Manager in TM validates the SAML assertion a valid TM user can be created and assigned to the role for viewing the forms based on the customers IB login. If the Customer IB login id already exists then the TM user creation can be skipped.

      "We would need some form of Security Manager so that we can manage login attempts, session time out, 2FA (using a One Time Password) and so on."

      It becomes the responsibility of the system that does the authentication(IdP ==> Identity provider) to manage  login attempts, session time out etc and the SSO Manager setup in TM will act as the SP(Services provider).

      Information on SAML parser using groovy

      Saml2Parser

      Information on SSO federation

      Federation Services (SSO) Sequence Diagram 

      Hope the above is of help.

      Regards

      Bismi Mathew

      1. Mark Murray

        Hi Bismi,

        Thanks for the information; that has given me more to work with.

        I need to do a lot more research about the capabilities of our systems, but this helps point me in the right direction.

        Regards

        Mark

      CommentAdd your comment...