<< 2Configuration
(Quick Reference)

3 Tutorials - Reference Documentation

Authors: Sami Mäkelä

Version: 1.1.1

Table of Contents

3.1Radius authentication using Mobile-OTP
3.1.1MOTP Server
3.1.1.1Configuration
3.1.2MOTP Client
3.1.3MOTP and Grails application

3 Tutorials

Here you can find examples how to use this plugin.

3.1 Radius authentication using Mobile-OTP

Mobile-OTP is a free "strong authentication" solution for mobile devices like phones or PDAs.

Using static passwords for authentication, as it is commonly done, has quite a few security drawbacks: passwords can be guessed, forgotten, written down and stolen, eavesdropped or deliberately being told to other people. A better, more secure way of authentication is the so called "two-factor" or "strong authentication" based on one time passwords. Instead of authenticating with a simple password, each user carries a device ("token") to generate passwords that are valid only one time.

3.1.1 MOTP Server

In this tutorial we are using Mobile-OTP Authentication Server (MOTP-AS) as our server.

It's full blown RADIUS server specifically for Mobile-OTP. Features include:

  • authenticating users by RADIUS (and optionally PAM or Apache)
  • SQL database for user/device configuration
  • Administration Web Interface (for admins and users)

You can download it from here

I strongly recommend virtual image as it's a no-brainer to import to your favorite virtualization environment.

3.1.1.1 Configuration

After you have installed MOTP-AS follow next steps.
  1. Login to MOTP-AS administration web interface (username: admin password: motp).
  2. Go to SYSTEM -> RADIUS -> RADIUS CLIENTS
  3. Add new client:
    1. Name: Name of your client (Without spaces)
    2. Secret: Your shared secret
    3. IP: IP adress of the machine where Grails application is going to be running
  4. Go to ADMINISTRATION -> USERS
  5. Add new user:
    1. User: Username of the user
    2. Name: Name of the user
    3. Role: User
  6. Go to ADMINISTRATION -> DEVICES
  7. Add new device:
    1. Name: Name of the device
    2. Secret: Your mobile client's shared secret (e.g mobilephone)
    3. Timezone: Leave blank
  8. Go to ADMINISTRATION -> ACCOUNTS
  9. Add new account
    1. User: Choose the user you created
    2. PIN: Your mobile client's PIN (e.g 1234)
    3. Device: Choose the device you created

3.1.2 MOTP Client

I recommend these clients for using MOTP:

iPhone: iOTP

Android: DroidOTP

For another platforms go to MOTP web-site.

Next you have to configure same shared secret that you created in server configuration for the device.

3.1.3 MOTP and Grails application

All you need to do is install "grails-spring.security-radius" -plugin and do a minimum configuration to grails-app/conf/Config.groovy.

After that you can start authenticate with one-time passwords.

Please make sure your mobile client's and MOTP server's clocks are synchronized!

<< 2Configuration
Quick Reference (hide)