Layer7 API Management

  • Private Community
 View Only

  • 1.  Two-factor authentication in API Portal

    Posted Jun 08, 2018 04:46 AM

    Hello,

    anyone was trying to implement two-factor authentication in API Developer Portal 3.5 CR6? As I know there isn't such an feature out-of-the-box.

    My idea was to overwrite login form and implement it somewhere there but I can't find login form in repository (/opt/Deployemnt/lrs/repository). It’s looks like this form is somewhere hardcoded.



  • 2.  Re: Two-factor authentication in API Portal

    Broadcom Employee
    Posted Jun 21, 2018 01:32 PM

    I have not done this personally but am thinking the auth work would be done in the Portal Authentication and Management Service and you would need to modify the Portal Login page and pass two-factor credentials to gateway if for two-factor authentication.  Can you provide more details on the two-factor flow for your requirements and perhaps a mock-up of a login page? 

     

    Thanks, Alex.

    CA Tech - Architecture. 



  • 3.  Re: Two-factor authentication in API Portal

    Posted Feb 07, 2019 04:56 AM

    Hi Alex,

    Would you like to give some tips, how to modify Portal login page? Should I modify /SYSTEM/stylesheets/login/login.xsl?

     

    Cheers

     

    Wojciech



  • 4.  Re: Two-factor authentication in API Portal

    Posted Jun 29, 2018 04:43 AM

    Hello Alex,

    thanks for your response. The flow should be pretty standard for this kind of implementation.

     

    First of all user should log in in standard way, providing login and password. Next, if provided data are correct, display form  with some information and input box for code should appear. The code will be send by SMS. The combination of login/password and code from SMS will login into portal.

    The engine for SMS send and verification is on our customer site.

     

    We don't have mock-up of a login page for now.

     

    Thanks,

    Bartosz



  • 5.  Re: Two-factor authentication in API Portal

    Broadcom Employee
    Posted Jul 03, 2018 12:48 AM

    Hello BARTOSZ Małż ,

    FYI, the MAG(mobile api gateway) already has an implementation of OTP (one time password) which supports SMS and email for two-factor authentication, for more details, please refer to,

    One-Time Password Policies - CA Mobile API Gateway - 4.1 - CA Technologies Documentation 

     

    But integrate portal with OTP might not be so simple, such as role mapping, etc.

     

    Regards,

    Mark



  • 6.  Re: Two-factor authentication in API Portal

    Broadcom Employee
    Posted Dec 14, 2018 02:27 PM

    Good afternoon,

     

    Were you able to resolve the issue? What was the final result?

     

    Sincerely,


    Stephen Hughes
    Broadcom Support



  • 7.  Re: Two-factor authentication in API Portal

    Posted Jan 31, 2019 10:24 AM

    Hello Stephen_Hughes,

     

    Of course it is not resolved. I have tried many things but every, even minor change in GUI (like 2FA) in portal looks like is impossible to implement.

     

    Regards,

    Bartosz



  • 8.  Re: Two-factor authentication in API Portal

    Broadcom Employee
    Posted Feb 19, 2019 10:02 AM

    Hi,

     

    Is the flow you depict the only acceptable solution?

    I wonder if it would be acceptable if you carry over the two step authentication in another box (a SAML Identity Provider, for instance CA Advanced Authentication) and then convey the authentication to the CA API Portal through standar SAML federation.

     

    regards,