Generate Virtual TOTP Tokens

If you are already a user of Google Authenticator Multi-factor or Two-factor authentication and would like to configure XTAM to use Google Auth, then please perform the following steps. Please note that you will need to be able to access and modify files on the XTAM host computer. Contact your XTAM System Administrator for assistance.

 

Pre-requisite: XTAM must be deployed with and configured to use its Federated Sign-In component in order to integrate with multi-factor authentication providers.

 

  1. Log on to the XTAM host computer.
  2. Open the file $XTAM_HOME/web/conf/catalina.properties
  3. Uncomment the following line only when a single global MFA for the entire XTAM is desired:
  4. Copy
    #cas.authn.mfa.globalProviderId=mfa-gauth

    If you wish to enable different MFA providers for individual users or group, please read this article for additional information.

  5. If you are using your own Database and not the XTAM internal database, then modify the following lines. If you are using XTAM’s internal database, then skip this step.

    Copy
    cas.authn.mfa.gauth.jpa.database.driverClass=org.apache.derby.jdbc.ClientDriver
    cas.authn.mfa.gauth.jpa.database.dialect=org.hibernate.dialect.DerbyTenSevenDialect

    You can find the values that need to be replaced in bold above from this same /catalina.properties file in the #PAM Database section. In this example, we would copy the bolded SQL database parameters below and use them to replace those of the Derby database above.

    Copy
    hibernate.dialect=org.hibernate.dialect.SQLServer2012Dialect
    hibernate.connection.driver_class=com.microsoft.sqlserver.jdbc.SQLServerDriver
  6. Optionally, you may modify the following lines to customize the branding of the Authentication page. Update the bolded parameters; numbers and letters only, no spaces are allowed.

    Copy
    cas.authn.mfa.gauth.issuer=XtonTechnologies
    cas.authn.mfa.gauth.label=XTAM
  7. When complete, save and close this file.

  8. Restart the service PamManagement

Once configured, refer to the following FAQ article Google Authenticator – How to Login as a User for steps on how to use Google Authenicator MFA with XTAM from an end user’s perspective.