NOTE: Latest update for Identity Platform 6.5 is available at https://github.com/ImageWare/ForgeRockGMIAuthentication/releases/latest.
A simple authentication node for ForgeRock's Identity Platform 5.5 and above. This node integrates with the ImageWare Biometric as a service platform, allowing users to verify identity via mobile device. An Tenant account with ImageWare Systems, Inc is required for usage.
Copy the .jar file from the ../target directory into the ../web-container/webapps/openam/WEB-INF/lib directory where AM is deployed. Restart the web container to pick up the new node. The node will then appear in the authentication trees components palette.
The ImageWare Initiator and ImageWare Decision nodes are meant to be used in a workflow with a Username Collector, Polling Wait Node and Retry Limit Decision node. See screenshots below for workflow layout.
The Username Collector node collects the user’s login name.
The ImageWare Initiator node
- Looks up the user’s email address in the local LDAP user store or fails in error if the user’s email cannot be found.
- Retrieves an OAuth token from ImageWare’s User Manager or fails in error
- Verifies the user belongs to the associated Tenant name or fails in error
- Sends a biometric verification message to the user’s mobile device or fails in error
The Polling Wait Node controls the time delay before the ImageWare Decision node looks for the authentication response.
The Retry Limit Decision node controls how many times the ImageWare Decision node will try to process an authentication response.
The ImageWare Decision node
- Looks for an authentication response to the original verification call and passes control back to the Retry Limit Decision node if none is found
- Verifies the biometric authentication for the user and returns status of pass or fail
The code in this repository has binary dependencies that live in the ForgeRock maven repository. Maven can be configured to authenticate to this repository by following the following ForgeRock Knowledge Base Article.
Add ImageWares' public git repo to your maven environment.
mvn package
Authentication Workflow example:
ImageWare Initiator settings example:
Sample login page:
Sample waiting page:
Sample successful login to user profile:
Sample failure to login:
The sample code described herein is provided on an "as is" basis, without warranty of any kind, to the fullest extent permitted by law. ForgeRock does not warrant or guarantee the individual success developers may have in implementing the sample code on their development platforms or in production configurations.
ForgeRock does not warrant, guarantee or make any representations regarding the use, results of use, accuracy, timeliness or completeness of any data or information relating to the sample code. ForgeRock disclaims all warranties, expressed or implied, and in particular, disclaims all warranties of merchantability, and warranties related to the code, or any service or software related thereto.
ForgeRock shall not be liable for any direct, indirect or consequential damages or costs of any type arising out of any action taken by you or others related to the sample code.