2FA Web Proxy - Proxy Web A2F

System Profile

Technology Assessment

Environment Access Information

System Overview

An online tool to allow 2 factor authentication (via SMS) within external Apps.

2FA Web Proxy is receiving the One Time Passcode (OTP) from 2FA module, and it is responsible to send the code to the sms/email service provider, depending on which service it provides, sms, email or both. Since 2FA and eMer are in Gart server, 2FA cannot directly consume the service so that’s why 2FA Web Proxy comes to the picture. Once the OTP is sent to sms/email service provider, the user receives a formatted message including the code in her/his cell phone or email. Thereafter they enter the OTP in the associated page and they are authenticated through 2FA module.

GC Notify:

We need to create an account and then create a Service in GC Notify. There is a portal for this at: https://notification.canada.ca/

Once a service is created, we can create an ApiKey and a template.

There are three different types of API keys:

• test

• team and safelist

• live

When you set up a new service it will start in trial mode. A service in trial mode can create either test or team and safelist keys. You must have a live service to create a live key.

Sending a text message

Open

Templates specify the text message that the recipients receive in their cell phone otr email. It also includes an access key as part of the case (within double brackets) that will be replaced with OTP.

Each ApiKey and Template has its own unique ID.

In order to migrate from Twilio to GC Notify, a class is created to handle this.

GCNotify class: this class handles sending the OTP to the service provider, in this case GC Notify. In order to send the message according to GC Notify, we need the address of the service (URL), ApiKey which is created within GC Notify ,the template, Access Keyword (the keyword that se specify as part of the template to be replaced with OTP) and apparently we need the phone number.

2FA Web Proxy uses a dependency container called Ninject, the associated service (in this case GC Notify) is registered and the dependencies are injected through the constructor of GCNotify class with the following parameters:

url, apiKey, templateId, accessKeyword and defaultFrom.

The values for parameters are obtained from web.config and are set in the NinjectWebCommon class.

2FA calls 2FA Web proxy by a URL which is set in 2FA web.config file with 2 parameters in url. 2FA provides 2 paramaters and replaces them in the url . These 2 parameters are OTP and the phone number. Then 2FA Web Proxy is called and its SmsContoller / Get action method is called. Within Get action method, Send function (within GCNotify class) is called and it sents the OTP to the phone number. The text and otp are fomatted using the template in GC Notify that we provided in 2FA Web Proxy.

The following diagram explains the DEV envrionment setup:

https://034gc.sharepoint.com/sites/DSD-CivilAviation/Shared%20Documents/2FA/MicrosoftTeams-image%20(1).png

The following diagram explain the connection flow:

https://034gc.sharepoint.com/sites/DSD-CivilAviation/Shared%20Documents/2FA/MicrosoftTeams-image%20(2).png

Good To Know

TCAPPSTEST and WWWAPPSTEST Web Farm

\\tctestmaster\tcappsroot (tcappstest web site code)

\\tctestmaster\wwwappsroot (wwwappstest web site code)

\\ncrws488\logfiles (All IIS logs, events, IIS logs, Failed Request, etc.)

\\ncrws488\logfiles\W3SVC4 (wwwappstest IIS logs)

\\ncrws488\wwwfiles (Application Logs)

\\ncrws489\logfiles (All IIS logs, events, IIS logs, Failed Request, etc.)

\\ncrws488\logfiles\W3SVC3 (tcappstest IIS logs)

\\ncrws489\wwwfiles (Application Logs)

Gart IIS Logs
\\tcwebscripts\GACSIISLogs
Gart Application Logs
\\tcwebscripts\GACSwwwfiles

How-To and Fixes

<Sub-sections should describe how to address known support request, including any scripts, instructions / steps, etc… >