NSD1173
- Document Revision History
Fact
Product:
Nordic Edge One Time Password Server
The Pledge client (mobile security token client)
Prerequisites
SituationThis article describes the profile enrollment process for the
Pledge client. It describes two different scenarios, self administration and centralized administration, typically a
IT-service desk.
There are also two different states of the self administration page and the centralized administration page. The first state enables single profile support (the most common one) and the second state enables multiple profile support.
When do I need to enable multiple profile support?
If you're planning to use more than one device you should enable multiple profile support.
For example, if you use two different cell phones or if you're using your cell phone and Pledge Desktop on your computer, you need to enable multiple profile support.
Multiple profile support is supported from OTP Server version 3 and later.
Install and configure the Pledge Profile Enrollment web application on Tomcat
- Start Tomcat (if it’s not already running)
- Copy the file PledgeEnrollment.war into the tomcat/webapps directory
Figure: PledgeEnrollment.war copied into the webapps directory
The Tomcat will now deploy the web archive into a directory called PledgeEnrollment under the webapps directory.
- Open the file ..\PledgeEnrollment\constants.jsp with a text editor (example below)
- Modify the string values to match your environment
/*----------------------Settings section start------------------------------------------------------------------*/
// OTP Server settings
String otpServerHostaddress = "localhost"; //The OTP Server IP address
String otpServerPortNumber = "3100"; //The OTP Server portnumber
String attributeContainingOATHKey = "carLicense"; //The attribute that contains the Pledge OATH key in the user database
String addKeyPrefix = "0x"; //Use 0x for backwards compatible mode with older versions of the OTP Server
String multipleProfileSupport ="false"; // True enables support for multiple profiles
String nativeClientName = ""; // For developers: Sets the native client name used by the OTP Server
//Nordic Edge Pledge Web Service
String pledgeWSUserAccount = "myPledgeFactoryAccount"; //The Nordic Edge Pledge Factory Web Service user name
String pledgeWSUserPassword = "myPledgeFactoryAccountPassword"; //The Nordic Edge Pledge Factory Web Service password
// Help Desk enrollment configuration
String groupAttributeName = "memberOf"; //The name of the LDAP attribute that contains the group or role values, memberOf for AD
String supportGroupName = "Domain Admins"; //Value containing the name of the support (Help desk) group object. This has to be a CN value
// Language and culture support
String language = "en"; //"sv" for Swedish. "en" for English. NOTE: The current browser language settings is used if 'language' is set to ""
String country = "US"; //"SE" for Sweden. "US" for United States.
// Proxy settings (to be configured if proxy is used)
String proxySet = ""; //proxySet = "true" to enable proxy configuration
String http_proxyHost = "proxy.name.com"; // http proxy host
String http_proxyPort = "3128"; // http proxy port
String https_proxyHost = "proxy.name.com"; // https proxy host
String https_proxyPort = "3128"; // https proxy port
String proxyUsername = ""; // The proxy user name (if any)
String proxyPassword = ""; // The proxy password (if any)
/*----------------------Settings section end------------------------------------------------------------------*/
Redirect the application in the ..webapps\PledgeEnrollment\index.jsp
Index.jsp gives the option to configure the application URL. Configure this file, unless you don't want to use the full path to the page in the URL
To enable the self service profile enrollment:
- Remove the slashes (//) from the line “response.sendRedirect( "enroll_se.jsp");”
//Self service registration
response.sendRedirect("enroll.jsp");
To enable the centralized administration profile enrollment:
- Remove the slashes (//) from the line “response.sendRedirect( "supportEnroll.jsp");”
//For Central administration (creating profiles for users)
response.sendRedirect("supportEnroll.jsp");
Running the Pledge Profile Enrollment Web Application
1. Scenario 1 - The self service profile enrollment
Open a browser and go to the PledgeEnrollment site to enroll a Pledge OTP profiles
- Enter a user name and password and click Login
Figure: The single profile supported page
If multiple profile support is enabled, the page below will turn up instead of the one above.
Figure: The multiple profile supported page
If the logon is successful, a Pledge profile ID is created (below).
On your mobile device (if you use the Pledge Desktop application: On your computer):
- Open the Pledge client on your mobile device (or the Pledge Desktop application on your computer)
- Add a new profile and enter the profile ID
- Enter your PIN-code (verification needed)
After this is done the new profile is ready to use. Verification of the Pledge profile can be done on the Test Pledge OTP profile page (below)
- Generate a One-Time Password from your Pledge client and enter your user name and the OTP in test page. Click Login.
2. Scenario 2 - Centralized administration
To enable this feature the file constants.jsp is needed to be edited. This is done in the last section of the file:
//For support enrollment
String groupAttributeName="memberOf"; //The LDAP attribute that contains the group or role values (memberOf for AD)
String supportGroupName="Domain Admins"; //The value that contains the support group. Must be the CN value
The attribute "supportGroupName" specifies a group object which a user needs to be a member of to be able to make a Pledge enrollment for a user object.
(The default value is “Domain Admins”)
The Pledge Profile Enrollment site now looks like this:
- Enter the administrator user name and password and the user name of the user the enrollment is ment for. Click Login.
Figure: The single profile supported page
If multiple profile support is enabled, the page below will turn up instead of the one above.
Figure: The multiple profile supported page
If the logon is successful, a Pledge profile ID is created (below). Note that the link 'Create another Pledge profile' now is visible.
Now it's time to test the profile if you as an adminstrator has access to the users mobile device.
- Open the Pledge client on the users mobile device
- Add the new profile by entering the profile ID
- Enter the profile PIN-code (verification needed)
After
this is done the new profile is ready to use. Verification of the
Pledge profile can be done on the Test Pledge OTP profile page (below)
- Generate a One-Time Password from your Pledge client and enter your user name and the OTP in test page. Click Login.
Document
Revision History
Pledge
Profile Enrollment 1.4
20th august 2010
- Multikey support added
- New info images added
- Confirmation boxes added
- Added the option to set a native Client Name (for developers) in the constants.jsp
Pledge
Profile Enrollment 1.2
12th may 2010
- Added Proxy settings for Proxy user name and Proxy password
Pledge
Profile Enrollment 1.1
12th november 2009
-
Proxy functionality added
- NSD1172 and NSD1173 rewritten and
separated from each other
Pledge
Profile Enrollment 1.0
16th october 2009
- NSD 1173 rewritten
June 2009, initial
edition
Disclaimer
The Origin of this information may be internal or
external to Nordic Edge. Nordic Edge makes all reasonable efforts to verify this
information. However, the information provided in this document is for your
information only. Nordic Edge makes no explicit or implied claims to the
validity of this information.
Any trademarks referenced in this document are the property of their respective
owners. Consult your product manuals for
complete trademark information.
Search the Knowledgebase
Browse by Category
Print this page
Email this page
Post a comment
Subscribe me
Add to favorites
Remove Highlighting
Edit this Article
