This Wiki is a work space for old notes and new ideas. DO NOT RELY on anything you find on this Wiki!
Official Gluu Server documentation is at https://gluu.org/docs.
The Gluu Support site is https://support.gluu.org.

User Tools

Site Tools


oxpush:home

oxPush

Video Demo

oxPush is an open source two factor authentication application. It's based on:

  • oxAuth. OpenID Connect OP Endpoints
  • oxAuth custom authentication scripts. Custom business logic for authentication workflow.
  • oxPushServer. REST services responsible for pairing a user account with a mobile device. It also sends push messages to Android and iOS based devices.
  • oxPush. Cordova mobile application for Android and iOS.
  • oxTrust. Policy administration point (i.e. the GUI) for oxAuth.

Interaction of main components

This topic contains 2 workflow:

  • oxPush 2 factor user authentication.
  • oxPush pairing with user's device (Android or iOS based device).

For simplification these diagrams not contains oxAuth. We omitted it for simplification. But oxAuth is most important part. oxPush based on oxAuth customize authentication modules.

oxPush 2 factor user authentication

oxPushAuthenticationWorflow.txt
title oxPush authentication worflow
 
User->oxTrust: Access
oxTrust->User: Redirect to login page
User->oxTrust: Enter user/password
oxTrust->oxPushServer: Check if there is associated mobile device (check by user.oxExternalUid: oxpush: pairing_id)
alt Pairing
oxPushServer-->oxTrust: Negative response
oxTrust->User: Redirect to device pairing page
end
oxPushServer->oxTrust: Positive response
oxTrust->oxPushServer: Authenticate via mobile device (send: user.oxExternalUid, redirect uri, oxTrust request parameters)
oxPushServer->oxPushServer: Generate UUID with lifetime 1 minute
oxPushServer->Notification service:Send push notification with UUID and oxPushServer Uri in content
Notification service->Device: Get notification
Device->User: Display notification
User->Device: Open oxPush notification
Device->oxPush: Run oxPush
oxPush->oxPushServer: Request notification details by UUID
oxPushServer->oxPush: Request details
oxPush->User: Show approval page
User->oxPush: Chose approval result
oxPush->oxPushServer: Send approval result by UUID
oxTrust->oxPushServer: Check every 5 seconds if paring UUID marked as approved
alt Authentication code were out of date
oxPushServer-->oxTrust: Return expired if authentication UUID was out of date
oxTrust->User: Show message that authentication code were out of date
end
oxPushServer->oxTrust: Return authenticatied if authentication UUID status is authenticated
oxTrust->User: Allow or not log into oxTrust

oxPush pairing

oxPushPairingWorflow.txt
title oxPush pairing worflow
 
User->oxTrust: Access
oxTrust->User: Redirect to login page
User->oxTrust: Enter user/password
oxTrust->oxPushServer: Check if there is associated mobile device (check by user.oxExternalUid: oxpush: pairing_id)
oxPushServer->oxTrust: Negative response
oxTrust->User: Redirect to device pairing page
User->Device: Install oxPush using link from pairing page or install it from app store
Device->oxPush: Run oxPush
oxPush->User: Show main page
User->oxTrust: Click pair button
oxTrust->oxPushServer: Generate pairing UUID
oxPushServer->oxTrust: Send pairing QR code and pairing code with lifetime 1 minute
oxTrust->User: Display pairing QR code and pairing code
User->oxPush: Click pair button. Scan paring QR code (QR code contains UUID and oxPushServer URI) or enter pairing code and oxPushServer URI
oxPush->oxPushServer: Send UUID and device UUID
oxPushServer->oxPushServer: Mark pairing UUID as paired
oxPushServer->oxPushServer: Generate association UUID (AUUID accociated with this device and this oxPushServer)
oxPushServer->oxPush: Send response status
oxPush->oxPush: Store information in application local store
oxPush->User: Show paring result
oxTrust->oxPushServer: Check every 5 seconds if paring UUID marked as paired
alt Pairing code were out of date
oxPushServer-->oxTrust: Return expired if pairing UUID was out of date
oxTrust->User: Show message that pairing code were out of date
end
oxPushServer->oxTrust: Return paired and AUUID if pairing UUID status is paired
oxTrust->oxTrust: Store AUUID in user's entry (user.oxExternalUid: oxpush: AUUID
oxTrust->User: Allow user to log into oxTrust

Deployment instructions

This article cover oxPushServer deployment on server: oxPushServer deployment.

oxpush/home.txt · Last modified: 2016/02/10 18:08 (external edit)