IP Blacklisting Value-Added Module Deployment Guide
This Value-Added Module adds the IP Blacklisting provider feature to the SecureAuth Identity Platform versions 9.2 and 9.3.
It consists of a customization that allows the administrator to add a Risk User Provider for Adaptive Authentication and specifies to send the IP in the service call. With this, a client service with the IP could send back a risk score which will be used to specify desired scenarios.
The IP Blacklisting Provider customization will give you the opportunity to set the course of the authentication process depending on the user’s IP.
Architecture
Installation guidelines
Download the files from the email you received from SecureAuth
Drag the files and drop them into the following folders:
Realm bin folder: SecureAuth.AnalyzeEngine.dll.
AnalyzeApi bin folder (located in the SecureAuth master folder):
SecureAuth.AnalyzeEngine.BLL.dll, SecureAuth.AnalyzeEngine.Model.dll.
System development parameters
This VAM was developed and tested using the following systems.
IP Blacklisting VAM package.
Tested using SecureAuth Identity Platform v9.2
Configuration guidance
Access the Admin panel and go to the Adaptive Authentication tab.
Slide the User Risk toggle switch to Enabled.
Click the Add User Risk Score Provider button, as shown in the figure below.
Complete the form information (as seen in the following image). Set the desired Risk Ranges, Risk Score Provider Name, Base URL, endpoint URL, Authentication Method, Username, and Password.
In your endpoint, specify {ip} in the Get Profile Relative URL text field wherever you want to send the user’s IP address.
For example,
/api/RiskService/{ip}
.An example call should be similar to:
baseurl/api/RiskService/xxx.xxx.xxx.xxx
.In the Risk Score JSON Path, you must specify the path to get the score from your service response.
For example, if your service response is
{“score”:55}
, then the path to get the value would be{score}
.Note
If there’s an authentication method other than “Basic”, user must provide valid credentials in the username/password fields.
Finally, specify every action for the score received, as demonstrated in the image below.
Installation overview
Copy the SecureAuth.AnalyzeEngine.dll into the bin folder of the desired realm and into the shared folder within realms called AnalyzeApi.
In that same shared folder, copy the rest of the dlls, SecureAuth.AnalyzeEngine.BLL.dll, and SecureAuth.AnalyzeEngine.Model.dll.
In the Admin Panel under the Adaptive Authentication tab, add a new Risk Provider, following the steps inside this guide to set up the service that will test the user IP and generate a score to be used to direct the desired flow of authentication.
Remember to enable User Risk and also the Provider, as shown in the previous images.
Upgrade information
Before upgrading SecureAuth software, open a Support ticket. The process of upgrading to a newer SecureAuth software version might cause the SecureAuth VAM to become invalid and stop working. When your site is ready to upgrade SecureAuth software, get started by creating a support ticket selecting I have a question or issue regarding SecureAuth Value-Added Modules (VAMs) from the "Submit a request" list. A SecureAuth Tailoring engineer will contact you to evaluate and ensure that the VAM will work with updated SecureAuth software.