Showing posts from August, 2013

ForgeRock OpenAM and Google Authenticator: Will it blend?

OpenAM provides built in support for OATH authentication (not to be confused with OAuth, which is a different kettle of fish altogether).

OATH defines an open standard for One Time Password (OTP) generators.  These can be HMAC Hash based (HOTP), or time based (TOTP).

Google Authenticator is a free application that you can download for your Android or iOS device that provides an implementation of the OATH TOTP standard.   It turns out to be surprisingly easy to configure Google Authenticator to work with OpenAM.

Let's walk through the steps.

We will configure this in a realm called "test". Realm's are a kick butt feature of OpenAM that allows us to create isolated administration, data store and policy domains.  A common use would be to configure separate environments for customers and employees, but realms are also great for creating test environments.

Navigate to your test realm, click on the "Authentication Tab". Under "Modules" edit the OATH mod…