-
Notifications
You must be signed in to change notification settings - Fork 0
Casa authentication script
Casa.py is a PersonAuthenticationType script which orchestrates a 2FA flow by delegating specific implementation details of authentication methods to other scripts. This allows the flow to present users with alternatives in case some credential is not working as expected or is lost. Specific behavior depends on how Casa application is parameterized, please see "About Two-Factor Authentication" for an introduction.
An important restriction to account is that users must present a username and password combination before any form of strong authentication can take place in the flow.
This custom script is aligned with how the application is configured by the administrator. This means the real potential of the script is perceived in the context of an actual casa deployment. The behavior of the script depends on a variety of settings (specially 2FA-related) that can be tweaked using Casa's administration console or via the configuration API.
Among others, the script performs actions such as:
- Identification of user device
- Geolocation of user IP
- Determine whether 2FA should take place
- Compute suitable 2FA mechanisms the user can be prompted depending on the context
The following are the assets involved in casa authentication script:
- Main script: Here
- Dependant scripts: Here. These are bundled with a default installation; more scripts may be required depending on the authentication mechanisms to support. Janssen installer already copies the default scripts in their destination:
/opt/jans/python/libs - XHTML templates:
[https://github.com/GluuFederation/oxAuth/tree/version_<version>/Server/src/main/webapp/casa](https://github.com/JanssenProject/jans/tree/main/jans-auth-server/server/src/main/webapp/casa). More files may be required depending on the authentication mechanisms to support. These files are already hosted by jans-auth web application.
For the main script:
| Name | Description | Sample value |
|---|---|---|
mobile_methods |
Optional. Click here | otp, twilio_sms, super_gluu |
2fa_requisite |
Optional. Click here | true |
supergluu_app_id |
U2F application ID used by SuperGluu enrollments made using Casa, if any | https://<your-host-name>/casa |
u2f_app_id |
U2F application ID used by FIDO (u2f) enrollments made using Casa, if any | https://<your-host-name> |
Auxiliary scripts require properties on their own. You can visit this page to locate specific pages for every authentication method.
If the method you want to add is already supported out-of-the-box, it is a matter of enabling it: Casa's admin console doc page has the required steps. If you are planning to onboard a different mechanism more work is required. In that case, we suggest reading this page of Casa's developer guide.
Casa flow pages inherit many of the design elements already set in the custom branding plugin. Changes in design elements such as color scheme or custom CSS rules should take effect in flow pages immediately.
If you require a full customization of the look and feel you have to modify the flow pages. Follow this as a guide. Account relevant pages are located in casa folder of jans-auth war.