[OPENAM-13003] Update Multi-Factor Auth Section for Trees Created: 26/Apr/18  Updated: 22/May/18  Resolved: 22/May/18

Status: Resolved
Project: OpenAM
Component/s: documentation
Affects Version/s: 6.0.0, 6.5.0
Fix Version/s: 6.5.0

Type: Task Priority: Major
Reporter: Cristina Herraz Assignee: Laetitia Ellison [X] (Inactive)
Resolution: Fixed Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:


The multi-factor authentication section only talks about authentication modules. In AM 6 we can do this with trees, too. So the section should be updated.

Comment by Chris Lee [ 16/May/18 ]

Some useful info for getting AM to send an IP to the phone rather than its domain name (looks scarier than it is, I think):


As we want to be able to contact the OpenAM server using a nice DNS name (rather than the long one provided by AWS) we need to perform some tricks to get OpenAM to provide the IP address of the load balancer for the mobile device to contact OpenAM (rather than the load balancer DNS name).

  1. Add an FQDN map entry as an advanced server property: com.sun.identity.server.fqdnMap[] =
  2. Add the Base URL Source service to the top level realm:
  3. Add the IP address as a DNS alias via the realm properties page.
  4. Add the IP address as a cookie domain:
    • Configure > Global Services > Platform, Cookie Domains:


Comment by Laetitia Ellison [X] (Inactive) [ 22/May/18 ]

New sections for multi-factoring authenticating using trees. ( one-time password authentication us currently commented out).

I also deleted a repeated section in the creating authentication chains for push authentication section - the module had already been created in the previous step, and can be reused.

Generated at Sat Nov 28 23:14:54 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.