3 Replies Latest reply on Nov 13, 2018 3:56 AM by PAWAN KAUSHIK

    Enabling OTP based Authentication In BMC Remedy 8.1

    PAWAN KAUSHIK

      Hi Experts,

       

      i am working with BMC Remedy 8.1 and i have a requirement to implement a two factor authentication for Remedy End users. Currently we have  LDAP authentication enabled in our environment. But it is recommended from the client to implement OTP based authentication in BMC Remedy. So here is the requirement:

       

      1. User Should enter their Username and password on bmc remedy login page

      2. After clicking on Login Button user should receive an OTP on his registered mobile number (In Remedy or AD)

      3. Then user should prompt for entering the received OTP

      4. We can give fields on login page itself to enter OTP

      5. Once user enter the OTP then system should validate it and if it is true then authentication should be successful.

       

      Require your suggestions that how this could be achieved.

       

      Thanks in advance!

        • 1. Re: Enabling OTP based Authentication In BMC Remedy 8.1
          Mark Walters

          Remedy SSO supports two factor authentication - Double authentication - Documentation for BMC Remedy Single Sign-On 9.1 - BMC Documentation

           

          Otherwise you will probably need a custom AREA plugin that uses the login page Authentication field to accept the additional login key and process it (Any idea on how to implement 2 factor authentication for users to login in through the mid tier? )

          1 of 1 people found this helpful
          • 2. Re: Enabling OTP based Authentication In BMC Remedy 8.1
            Sidhdesh Punaskar

            Just a thought

             

            part 1)

            Create a custom form to enter authentication code.

            Add two integer fields- one visible to user to actually enter the code received on mobile.

            Second to generate new code each time for that user. - This code should be generated on window open action and right away submit action should store that code. (in form record and eventually in DB). Then form should be reopened in modify mode.

            You can write particular formula for example - multiply day * month * year * hour *time and get last four digit of result of multiplication. This will give different result each time.

             

            Part 2)

            Add another character field on custom form to store phone number of user to fetch from people form.

            On submit action, write filter to call run process to send sms to that phone number with code generated. (There are different tool where we can send sms through windows - you just need to call that run file through run process in filter.

             

            Part 3) There should be some time decided when this code will be active. You can write an escalation to delete this record so that if code is put after decided time then login should fail.

             

            Part 4). Once code is entered and values are matching then put some text in some character field (name - Validation Text), This is required just to correctly authenticate user and reroute to actual home page.

             

            Part5). write active link on close window where you check if Validation Text field has correct text set in part 4 otherwise reroute back to same form with modify mode again. Consider a scenario if user is trying to route to actual remedy homepage through custom form. In this case if validation text is not right then you will be redirected again to same page. Also in else part (where validation text is correct then write open window action to landing console and close this custom form.

            1 of 1 people found this helpful
            • 3. Re: Enabling OTP based Authentication In BMC Remedy 8.1
              PAWAN KAUSHIK

              Hi Sidhdesh,

               

              i had done the following for a test. please correct me where i am wrong:

               

              1. I create a Regular form where it had Generated OTP, Mobile Number, Enter OTP, Validation Field and a Confirm_Login button.

              2. When user click on the login button from the Remedy login.jsp page then he directed to the Landing console hence i wrote an AL on Landing Console on OPEN WIndow Action which will open my OTPCUSTOM form.

              3. After that On Custom form first active link will generate the OTP through SQL set field command :"

               

              SELECT (1+CONVERT(INT,(9999-1)*RAND()))

               

                and set this value to "Generated OTP" field. Also set the values of mobile number and Email ID from people form by using USER ID

              4. Next Active Link on WIndow open itself push the generated details on the same form and create a new request

              5. Then a filter on SUbmit will trigger an email to user over his email id . Right now i don't have any SMS gateway integration so trying to user email communication

              6. user will check OTP from his email and will enter in the "ENter OTP Field" on the same form.

              7. If OTP is Valid then it will set the Validation Check Field to Validated

              8. If Validation is OK then User will be redirected to the HOME PAGE through RUN PROCESS command

               

              Kindly correct me if i am doing something wrong.

               

              Also i am facing a challenge if i am write an AL on Landing console to Open my OTP Custom field. We know if users will click on the HOme page from incident form or any other form then they will be redirected to the Landing Console hence if i will write the AL on the same form window open action then they will be visible with the OTP form again and again.

               

               

              My Concerns ARE:

               

              1. What to do if user manually closing the window by clicking on close button from the Tab

              2. is there any method or way to Direct the user Directly to the OTP form, direct from Login.jsp ?