{"id":11363,"date":"2023-05-12T13:22:09","date_gmt":"2023-05-12T19:22:09","guid":{"rendered":"https:\/\/www.mrc-productivity.com\/techblog\/?p=11363"},"modified":"2023-06-20T14:32:58","modified_gmt":"2023-06-20T20:32:58","slug":"setting-up-two-factor-authentication-2fa-in-m-power","status":"publish","type":"ht_kb","link":"https:\/\/www.mrc-productivity.com\/techblog\/?ht_kb=setting-up-two-factor-authentication-2fa-in-m-power","title":{"rendered":"Setting up Two-Factor Authentication (2FA) in m-Power"},"content":{"rendered":"\n

Overview<\/h2>\n\n\n\n

Two-factor authentication has become a popular method of providing an additional security layer in regards to user authentication. When a user authenticates via their username and password, a secondary form of authentication is prompted where the user must enter in a unique code that is sent to the user via email or text message.<\/p>\n\n\n\n

This techblog post will discuss steps on how to set up two-factor authentication for end-users within m-Power. This documentation assumes you are using Dictionary Security, and specifically validating end-users against a database table, as discussed here<\/a>.<\/p>\n\n\n\n

Implementation<\/h2>\n\n\n\n

Step 1 – Editing your Security Settings<\/h3>\n\n\n\n

In the m-Power developer interface, navigate to Admin -> Menu & Security -> Edit Security Settings. In the Security Settings window that appears, use the Property Options -> Text Mode to open this file (the mrcSignon2.xml) in a text editor. This file will need the following code added to the bottom, inserted right before the final <\/mrc_signon><\/code> tag:<\/p>\n\n\n\n

<two_step_auth>  \t \n  <twoFactorAuthentication pdesc=\"twoFactorAuthentication\" value=\"false\"\/> \n  <sendTextEmail pdesc=\"sendTextEmail\" value=\"user-choice\"\/> \n  <emailSubject pagetype=\"template\">2FA Test from m-Power<\/emailSubject>\n  <emailBody pagetype=\"template\">Here is your verification code: ${CODE}<\/emailBody>\n  <smsTextBody pagetype=\"template\">Here is your verification code: ${CODE}<\/smsTextBody>\n  <expireInDays pdesc=\"expireInDays\" value=\"31\"\/>\n  <user_info_table tablename=\"UPD2023Q2.MRCSEC1\" col_user=\"USERID\" col_email=\"USEREMAIL\" col_phone=\"USERPHONE\"\/>\n<\/two_step_auth><\/code><\/pre>\n\n\n\n
Once this block of code has been added, Save the editor and re-open the Edit Security Settings window. The Two Factor Authentication section should now be presented:<\/p>\n\n\n\n
\"Security<\/figure>\n\n\n\n
A few important notes on these properties, shown above:<\/p>\n\n\n\n
    \n
  • For the “Email Text” and “SMS Text Body” properties:\n
      \n
    • This is the display text the user will be shown via SMS text and email, respectively. Each message may be modified to your liking.<\/li>\n\n\n\n
    • The variable ${CODE} represents the authentication code that will supplied to the user. If you do not put it in there, it will append the code to the end of the body.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
    • For the “Table and Column info…” property:\n
        \n
      • Ensure this is pointing to your appropriate users table (if not MRCSEC1) and schema. Additionally, your database table must have a user id, user email, and user phone field. Make sure to specify the names of those columns.<\/li>\n<\/ul>\n<\/li>\n\n\n\n
      • For the “Two Factor Expiration” property, you may enter the number of days before the two factor authentication will expire for the user:\n
          \n
        • A value of 30 for instance, would mean thirty days before the user’s sign on will require 2FA again.<\/li>\n\n\n\n
        • A value of 0 means no there is no expiration date after the user’s initial 2FA.<\/li>\n\n\n\n
        • A value of -1 means 2FA will be prompted to the user on every<\/strong> sign on attempt.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
          If any changes were made, please make sure to save those changes and then restart Tomcat.<\/p>\n\n\n\n
          Step 2 – Setting up the 2FA screen<\/h3>\n\n\n\n
          The screen that will presented to the end-user during the 2FA process is the mrcAuthentication.html file located in your dictionary folder, …\/m-power\/mrcjava\/WEB-INF\/classes\/DICTIONARY, where ‘DICTONARY’ is name of your data dictionary. If this file is not within this directory, simply copy it from …\/m-power\/mrcjava\/mrcclasses\/ into your dictionary folder.<\/p>\n\n\n\n
          While not necessary, you may customize the style of this page to your liking, if desired. Here is an example of how that screen will look by default:<\/p>\n\n\n\n
          \"2FA<\/figure>\n\n\n\n
          Step 3 – Add entry to web.xml file<\/h3>\n\n\n\n
          Open the web.xml file, located in …\/m-power\/mrcjava\/WEB-INF in a text editor and do a search for “mrc_auth2”. The following servlet must be listed in this file:<\/p>\n\n\n\n
          <servlet>\r\n<servlet-name>mrc_auth2<\/servlet-name>\r\n<servlet-class>mrc.TwoFactorAuthentication<\/servlet-class>\r\n<\/servlet>\n<servlet-mapping>\r\n<servlet-name>mrc_auth2<\/servlet-name>\r\n<url-pattern>\/servlet\/mrc.auth2<\/url-pattern>\r\n<\/servlet-mapping><\/code><\/pre>\n\n\n\n
          If is it not listed, please copy the above code and place this at the bottom of the file before the final <\/code> tag at the very bottom of the file. Once the file has been saved, Tomcat will need to be restarted at this point.<\/p>\n","protected":false},"excerpt":{"rendered":"
          Overview Two-factor authentication has become a popular method of providing an additional security layer in regards to user authentication. When a user authenticates via their username and password, a secondary form of authentication is prompted where the user must enter in a unique code that is sent to the user…<\/p>\n","protected":false},"author":12,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"footnotes":""},"ht-kb-category":[155],"ht-kb-tag":[],"class_list":["post-11363","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-security"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/ht-kb\/11363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11363"}],"version-history":[{"count":74,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/ht-kb\/11363\/revisions"}],"predecessor-version":[{"id":11897,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=\/wp\/v2\/ht-kb\/11363\/revisions\/11897"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11363"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=%2Fwp%2Fv2%2Fht-kb-category&post=11363"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/techblog\/index.php?rest_route=%2Fwp%2Fv2%2Fht-kb-tag&post=11363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}