9.3 Configuring OAuth2 Event in Advanced Authentication Server Appliance for Power External Users

External users are allowed to connect to Filr through the Multi Factor Authentication. A new SQL repository is configured with the table that provides a power external user’s details like email address and phone number.

To create SQL repository,

  1. Log into the Advanced Authentication Administrative Portal as follows:

    https://advanced_authentication_dns_name_or_IP_Address/admin/repositories
  2. Enter the following details to add a new SQL repository.

    Table 9-1 AAF Repository page

    Field, Option, or Button

    Information and/or Action

    • Name

    • Enter the name of the repository. For example “External DB”

    • Database Type

    • For small deployment, select Postgresql. For large deployment, select the configured database type.

    • DB host

    • Enter the IP address of the database. For small deployment, enter the IP address of the Filr appliance.

    • DB name

    • Enter the name of the database.

    • DB user

    • Enter the name of the database user.

    • Password

    • Enter the database password.

    • Table or view name

    • Enter the table name as “ss_principals”.

    • User’s id column

    • For PostgreSQL and MySQL, enter “id”.

    • For MSSQL, enter “emailaddress”.

    • User’s id type

    • For PostgreSQL and MySQL, select “Integer”.

    • For MSSQL, select “String”.

    • User’s name column

    • Enter “emailaddress”.

    • User’s name type column

    • Select “String”.

    • User’s phone column

    • Enter “phone”.

    • User’s email column

    • Enter “emailaddress”.

    NOTE:If the AA server in unable to connect to the Filr small deployment server, run

    # sh /opt/novell/filr_config/pgRemoteAccess.sh <AA_ip_address/nw_mask>

    If no IP address is specified, access is enabled for all servers (0.0.0.0/0)

  3. In the Advanced Authentication Administrative Portal, go to :

    https://advanced_authentication_dns_name_or_IP_Address/admin/chains
  4. Configure an authentication method for Advanced Authentication.

    NOTE:The following methods have been tested with Filr.

    • SMS OTP

      The administrator must choose another authentication method along with SMS OTP. Since the Mobile Number field is optional in the Self-registration form, the external users who have not entered the mobile number or have entered an incorrect mobile number will not be able to receive the SMS OTP and may not be able to log in to Filr.

    • Email OTP

    Other authentication methods that NetIQ Advanced Authentication with OAuth2 event supports would also work, but they have not been explicitly tested. All the users must be registered at Advanced Authentication Self-Service Portal with the specific method else the user is not allowed to log in to the Filr application.

  5. Create an authentication chain that is a combination of all the authentication methods that users must pass for successful authentication.

  6. Configure OAuth2 type event.

    1. Specify a name for the event.

    2. Enable the event by changing Is enabled to ON.

    3. Select the OAuth2 event type.The client ID and client secret are generated automatically.

    4. Note down the client ID and client secret values. You must specify these values in the NetIQ Advanced Authentication page of the Filr Administration Console (Port 8443 Filr Admin Console > System > NetIQ Advanced Authentication). You can copy the values and paste them in the Filr admin Console. See NetIQ Advanced Authentication Configurationin the OpenText Filr 23.4: Administrative UI Reference.

    5. Select the chains that you want to assign to the event.

    6. In the Redirect URIs option, specify the following redirect URIs for redirection to Filr page after successful authentication:

      • The URI of the Filr web page

      • The URI of the Filr client application

      You can copy the URIs from the Redirection URIs option on the NetIQ Advanced Authentication page of the Filr Administration Console (Port 8443 Filr Admin Console > System > NetIQ Advanced Authentication) and paste them here. See NetIQ Advanced Authentication Configurationin the OpenText Filr 23.4: Administrative UI Reference.

    7. Click Save.