How-To: Use Email2FA OTP plugin with Gluu Server

This plugin allows end-users to enable email-based OTP as a second-factor authentication in CASA.

Prerequisites

• Gluu Server instance

Installation

Gluu Server

We need to enable email_2fa_core script in the Gluu Server. There are a couple of configurations required as well.

Enable Script

• Log into Gluu Server as admin
• Configuration > Person Authentication Scripts > Add custom script configuration
  • Name: email_2fa_core
  • Select SAML ACRs: not mandatory
  • Description: as you wish
  • Programming Language: Jython
  • Level: depends on your policy
  • Location: Database
  • Interactive: Web
  • Custom property(key/value):
    • token_length: 7
    • token_lifetime: 10
  • Take the script from here and paste it in the Script location.
• Save it

Email Configuration

You need SSH root access to complete this configuration.

• Go to /opt/gluu/jetty/oxauth/custom/pages/ and create a directory named casa if it is not available.
• Grab and copy two files in this casa location:
  • https://raw.githubusercontent.com/GluuFederation/casa/master/plugins/email_2fa_core/extras/otp_email.xhtml
  • https://raw.githubusercontent.com/GluuFederation/casa/master/plugins/email_2fa_core/extras/otp_email_prompt.xhtml
• Create a file named oxauth.properties inside /opt/gluu/jetty/oxauth/custom/i18n/ with the content below:

   #casa plugin - email otp
   casa.email_2fa.title= Email OTP
   casa.email_2fa.text=The Email OTP method enables you to authenticate using the one-time password (OTP) that is sent to the registered email address.
   casa.email.enter=Enter the code sent via Email
   casa.email.choose=Choose an email-id to send an OTP to
   casa.email.send=Send
  

• Grab the latest casa.xhtml from https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/webapp/casa/casa.xhtml and place it inside /opt/gluu/jetty/oxauth/custom/pages/casa/.
• Retrieve the image file from https://github.com/GluuFederation/oxAuth/blob/master/Server/src/main/webapp/img/email-ver.png and place it inside the /opt/gluu/jetty/oxauth/custom/static/img location.

CASA configuration

• Log into CASA with https://[hostname]/casa
• Click on Administration Console
• Navigate to Casa Plugins
• Download the latest Email_2fa_core plugin from here: https://maven.gluu.org/maven/org/gluu/casa/plugins/email_2fa_core/
• Upload the jar file you just downloaded
• Wait for some time

Now your Email 2FA OTP is ready to use.