Multifactor Authentication

Multifactor authentication, as the name implies, requires a user to provide two or more pieces of data (factors) to an authentication mechanism as proof of identity. For example, a bank can require, in addition to name and password, a code that the bank sends to the user's smart phone.

Guidewire provides the ability to pass multiple additional factors from the application login screen to PolicyCenter for processing. To implement the simplest, most basic, form of multifactor authentication, which is the addition of a multifactor entry field to the PolicyCenter login screen, you need to do the following:
  • Make visible the multifactor entry field on the PolicyCenter login screen.
  • Add additional Gosu classes to support the use of multifactor authentication in PolicyCenter.

Add multifactor authentication field to PolicyCenter Login screen

Guidewire provides the ability to pass multiple additional factors from the application login screen to PolicyCenter for processing.

About this task

This procedure illustrates how to add one or more multifactor authentication fields to the PolicyCenter login screen. The extra authentication fields perform no actual authentication. For multifactor authentication to work as intended, you must perform additional configuration work.
Important: Any PolicyCenter application server that uses multifactor authentication must have the messaging server role.

Procedure

  1. In Guidewire Studio, open the display_xx.properties file for your locale and add something similar to the following display keys to the file in an appropriate place:
    • Web.Login.RSADongleNumber = RSA Dongle Number
    • Web.Login.RSADongleId = RSA Dongle ID
  2. Open file Login.pcf in the following Studio directory:
    • configuration/config/web/pcf/util
    1. Ensure that you select the entire PCF element so that the various tabs show in the Properties area of the screen.
    2. In the Variables tab, select the entry for loginForm.
    3. Set the initial value (initialValue) for this variable to the following value (without the line breaks): 
      new gw.api.util.LoginForm(target, entryException)
    .withFactor( "Web.Login.RSADongleNumber", "XXX")
    .withFactor( "Web.Login.RSADongleId", "YYY")
      XXX and YYY represent constants from the supporting multifactor authentication classes. MFAAuthenticationSource.FACTOR_ATTRIBUTE_NAME, represents one such constant, for example.
  3. Open file LoginDV.pcf in the following Studio directory:
    • configuration/config/web/login
    1. Select the field with the label factor.Label. label.
    2. In the Properties tab at the bottom of the screen, select property numCols and set its value to 20.
      This action sets the length of all of the new entry fields on this screen to the same length as the existing entry fields.
  4. If using an application server other than the default Quickstart server, create and deploy a WAR or EAR file as necessary.
  5. Start the PolicyCenter server and let it compile the newly added code.

Results

Upon opening the PolicyCenter login screen, you see the additional RSA fields.

What to do next

To make the new multifactor authentication fields functionally useful, you must implement custom implementation classes for the following plugins, among other configuration changes:
  • AuthenticationServicePlugin
  • AuthenticationSourceCreatorPlugin

See Authentication integration for more information.