SyferLock Help Center

Realm Setup (Specific to mod_auth_pubtkt)

This article describes the specific steps in configuring a realm for mod_auth_pubtkt.

Realm Configuration

General Tab

General Tab

Realm Name: {Realm name identifier}

Corners: Number of corners used in each Grid cell. 8 is recommended in most situations.

Grid Mode: Grid Advanced

Process Type: Custom (or Mod_Auth_PubTkt if it is available)

Process Type Specific Parameters:

  • className: com.syferlock.gridguard.proctype.ModAuthPubTkt (REQUIRED)
  • signingKey: The UUID of the GridGuard encryption key used for signing a ticket. The list of valid UUIDs is in the Encryption Keys section of the ACC.(REQUIRED)
  • cookieDomain: The name and scope of Mod_Auth_PubTkt's authentication cookie.  It uses cookie style syntax (i.e.  .example.com will be the top level and the sub-levels domains of example.com) (REQUIRED)
  • sessionTimeout: Defaults to 20. Number of minutes before ticket invalidation.
  • gracePeriod: Defaults to 1. Number of minutes before sessionTimeout where ticket will be refreshed without needing re-authentication.
  • returnURLParam: Defaults to back. The URL the user is forwarded to after authentication. 'back' is the refer URL where the user came from.
  • secureCookie: Defaults to true. Sets the 'secure' cookie flag on the ticket's cookie making it only accessible by the HTTPS protocol.
  • httpOnly: Defaults to true. Set the 'httpOnly' cookie flag on the ticket's cookie making in accessible by the browser's scripting languages. This may need to be disabled for Java Web Start (JWS) applications.

 

Grid Options

Grid Options

Enable 2 Form: Checked

Enable GridPin: Checked

Device Configuration: N/A

Enable MyGrid: Allows user to pick a grid layout from a list of allowed layouts. Uncheck to enforce one layout.

MyGrid Options: List of allowed grid layouts.

Default Layout: Sets the default layout for when a user hasn't explicitly changed the layout.

Enable Password Change: User is allowed to change their GridCode.

Enable Number Pad: Enables number pad in webpage layout.

Enable GridPic: Allows users to upload a custom a personal photo.

GridPic Required: Requires user to upload GridPic photo at registration.

Require Dial-In access: User must have Dial-In access enabled (Active Directory Only)

Default Image: Upload a default GridPic image for the realm.

Grid Timeout: Specifies the timeout of the grids, in seconds

Session Timeout: Session times in seconds. This is mainly use for the Security Center.

Cryptographic Options

Cryptographic Options

2 Factor Options

2 Factor Options

All of the 2-Factor configurations are supported by mod_auth_pubtkt. Set as needed.

Fields

Fields

The fields are very web page template specific. If you are using the default template, the username field is 'username'.

User Groups

User Groups

Here the admin need to define the groups that are allow to use certain aspects of GridGuard. You need to put the name of the group that will have be allowed to use the different roles. When using external LDAP directories, such as Active Directory, the group is REQUIRED to be in DN format. You can specifiy multiple groups. One group per a line.

  • Admin Groups: User that are allowed to reset other user GridGuard account infomation. If blank, no user can manage users with this realm.
  • Helpdesk Groups: <Not currently used>
  • Authorized Groups: Users that are allowed to register and use GridGuard. If blank, any user can register and use gridguard within the companie's user store.

 

URLs

URLs

 

  • Base URL: <Not User>
  • Authentication URL: <Not Used>
  • Landing URL: <Not Used>
  • Logout URL: URL where use is forwarded when the user preforms a logout.
  • Login Failed URL: URL where the user is forwarded to when the user gives the incorrect credentials.
  • Locked Out URL: URL where the user is forwarded if the is locked out.

Stores

Stores

 

  • Grid Store: <Default Value>
  • History Store: <Default Value>
  • Primary Store: <Default Value>
  • Secondary Store: <External UserStore Name>
  • Userinfo Store: <Default Value>
  • Nonce Store: <Default Value>
  • Session Store: <Default Value>

Advanced Tab

Advanced Tab

 

  • Enabled Self-registration: <Default>
  • Proxy Header Field: <Default>
  • Pass Authentication to Backend: Checked (REQUIRED)
  • ClickJacking Protection: <Default>
  • Enable Debug Mode: <Default>
  • Disable Login Button: <Default>

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk