This tutorial explains how to implement multiphased authentication methods using Tivoli Access Manager (TAM) WebSEAL. It provides an overview of multiphased authentication systems support within TAM WebSEAL, and presents a coded example for extending the capabilities to include other multiphased authentication systems.
You'll see the implementation of a cross-domain authentication service (CDAS) within WebSEAL, and follow a practical example using the mobile phone Short Message Service (SMS). This example uses the
token-cdas interface provided within WebSEAL to simulate the multiphased authentication process.
Before you start this tutorial, you should be familiar with the following:
- Tivoli Access Manager installation and configuration: You should have a solid understanding of the Tivoli Access Manager operating environment. This includes previous installation and configuration experience with the product. You should also be familiar with the CDAS interface, as this tutorial uses this interface to present an advanced authentication topic.
- Solid C development: You should be able to read and understand C code so that you can adapt the sample code to your operating environment. This tutorial presents code that shows a real example of using the token CDAS interface.
- General Web experience: Access to a SMS gateway is helpful. This tutorial uses a Web form to post a message to an SMS gateway.
To complete the examples shown in this tutorial, you will need the following installed on your system:
- Windows development environment: To compile the example CDAS code provided. You'll need to install Microsoft Visual Studio C++ 6.0 and the Microsoft WinHTTP 5.0 development package; the latter is for testing the implementation with an HTTP-enabled SMS gateway.
- Access Manager WebADK package and its prerequisites: This includes IBM Tivoli Access Manager Base V4.1 and IBM Tivoli Access Manager Web Security ADK V4.1
WebSEAL test environment: To unit-test the implementation. You'll need the following components for this environment:
- IBM Tivoli Access Manager Base V4.1: This includes a configured runtime and policy server. In this tutorial, we'll use the IBM Directory; however, any supported directory could be used in its place.
- IBM Tivoli Access Manager WebSEAL V4.1: This includes a configured WebSEAL instance.
- SMS gateway: This component is not mandatory. However, the tutorial code communicates with a gateway via HTTP to send the one-time password to the end user's mobile phone via SMS, so having such a gateway would be helpful.