Configuring the reCAPTCHA Verification authentication mechanism
The reCAPTCHA Verification authentication mechanism provides anti-robot protection.
Before you begin
The appliance uses the Google reCAPTCHA service to provide such verification. For more information, see www.google.com/recaptcha.
Before configuring a reCAPTCHA Verification mechanism, you must first complete the following steps.
Ensure that the appliance can connect to www.google.com. You can test the connection in the CLI, for example:
myappliance.example.ibm.com:tools> myappliance.example.ibm.com:tools> connect www.google.com:443 Test: www.google.com (address: 216.58.197.68) on port 443 Status: connection was successful
Add the issuer of the Google CA certificate to the HTTP client default trust store, which is set by the value of the util.httpClient.defaultTrustStore advanced tuning parameter. The default value of the util.httpClient.defaultTrustStore parameter is rt_profile_keys.
- From the top menu, select .
- Select the rt_profile_keys key database.
- Select .
- Select the Signer Certificates tab.
- Select .
- Specify the following
fields.
Server: www.google.com Port:443 Certificate Label: Google
- Click Load.
About this task
The reCAPTCHA Verification mechanism can provide protection against spam or abuse caused by robots. With this mechanism, the user is presented with a web page that contains a simple Turing test provided by the Google reCAPTCHA API. These tests can distinguish a human user from a robot. You can add this mechanism to your policy to prevent robots from accessing your applications.
The following HTML snippet shows an example of embedding the reCAPTCHA mechanism in the template page:
<form method="POST" action="@ACTION@">
<input type="hidden" name="operation" value="verify"></input>
<div class="g-recaptcha" data-sitekey="@SITE_KEY@"></div>
<br>
<div class="controls">
<input class="submitButton" id="Submit" name="Submit"
type="submit" value="Submit"></input>
</div>
</form>
Procedure
What to do next
After you have configured the mechanism, a message that indicates the changes are not deployed will be displayed. Deploy changes when you are finished. For more information, see Deploying pending changes.
After deploying the changes, you can create policies that include this mechanism. For more information, see Creating an authentication policy.