Skip to main content

Ruby is an increasingly popular programming language. This document demonstrates how to use WiKID Strong Authentication in a Ruby application.

Start your page with this code:

<%
require 'cgi'
begin
  require 'rubygems'
  require_gem 'WiKID'
rescue LoadError
  require 'WiKID'
end

 

Instantiation

This section instantiates the connection between the network client application and the WiKID server. For this to succeed, the network client must have been issued a certificate from the WiKID server. The certificate is contained withing a PKCS12 certificate store and requires a passphrase to access.

When the Auth_WiKID object is instantiated it will load the cert and establish a persistent authenticated SSL connection. This is normally done once per server or application and shared by multiple threads. In this example the object is created and destroyed each page request. This greatly (1000 times) increases overhead of the process but allows all the functions to be shown in this single example page.

Parameters are:

WiKID.new(String host, int port, String keyfile, String pass)
Where:
host = IP address of WIKID server
port = TCP port number to connect to (default 8388)
keyfile = Path to the PKCS12 certificate file
pass = Passphrase to open the PKCS12 file

servercode_default  = "127000000001"
server_host    = "wikid-server.example.com"
server_port    = 8388
ca_cert_file   = "/srv/www/htdocs/wikid/ruby/gem/share/data/WiKID-ca.pem"
client_key_file= "issued-client-cert-and-key.pem"
client_key_pass= "changeme"

form_action = "sample.rhtml"

# puts "ENV: " + ENV.to_s

cgi = CGI.new

status = ''

r = Hash.new
valid_params = ['action','username','regcode','passcode','servercode']
valid_params.each { |k| 
    v = cgi[k].untaint.to_s
    # pull out the first word-chunk, and drop the rest
    # v = /^\W(\w+)./.match(v)[1]
    r[k] = v
}
if (!r['action'].empty?)
    r['action'] = r['action'].downcase
end

require 'pp'
STDERR.puts r.to_s

wc = WiKID::Auth.new(server_host, server_port, client_key_file, client_key_pass, ca_cert_file)
if (wc.nil?)
	puts "Unable to load ruby WiKID module!!"
else
	puts "WiKID module loaded!"
end

Registration

The registration process associates a device that has regitered its key with the WiKID server to a userid that represents a individual with rights in the network.Devices can register with the server at will but have no access rights until registered to a userid.Inactive registrations are purged from the system automatically.

The registration process should be completed only after validating that the user is not an imposter.This may be done in various ways according to local security policy.It is assumed that whatever validation is required has been completed successfully before callint the registerUsername function.

Parameters are:

registerUsername(String user, String regcode, String servercode)
user = userid with which to associate device
regcode = the registration code provided to the device
servercode = the 12-digit code that represents the server/domain

This method returns an integer representing the result of the registration.

res = -1
if (r['action'] == "register")
    res = wc.registerUsername(r['username'], r['regcode'], r['servercode'])
    if (res == 0)
			status = "Success"
    else 
			status = "Failed ("+res+")"
    end
end

Login Online

This function is the normal-state login for users.This is called when the users device is connected to the network and able to directly request a passcode for access.

Parameters are:

user = userid to validate credentials for
passcode = time-bounded, 1 use passcode
servercode = 12-digit code that represents the server/domain

This method returns a boolean representing sucessful or unsuccessful authentication

isValid = false
if (r['action'] == "check online")
    isValid = wc.checkCredentials(r['username'], r['passcode'], r['servercode'])
    if (isValid)
			status = "Success"
    else 
			status = "Authentication Failed"
		end
end

Login Offline

This function implements the challenge-reponse authentication for offline devices.Users are given a random challenge and the signed response is returned and validated. NB: This is for use with the wireless clients only and is not supported by the Open Source release

Parameters are:

 

checkCredentials(String user, String challenge, String response, String servercode)

 

user = userid to validate credentials for

challenge = the challeng value provided to the user

response = the hashed/signed responss from the device

servercode = 12-digit code that represents the server/domain

r_challenge = cgi["challenge"]
r_response = cgi["response"]

if (r['action'] == "check offline")
    isValid = false
    isValid = wc.checkCredentials(r['username'], r_challenge, r_response, r['servercode'])
    if (isValid)
   status = "Success"
		else
   status = "Authentication Failed"
		end
end

Add additional device to existing userid

This method is used to add an additional device to the users account.It follows the same process as a normal registration but requires a passcode from a device already registered to the userid.This methodwill authenticate the user with the passcode provided prior to registering the new device.

Parameters are:

registerUsername(String user, String regcode, String servercode, String passcode)

user = userid with which to associate device
regcode = the registration code provided to the device
servercode = the 12-digit code that represents the server/domain
passcode = time-bounded, 1 use passcode from a device already registered to this user

This method returns an integer representing the result of the registration.

if (r['action'] == "add device")
    res = wc.registerUsername(r['username'], r['regcode'], r['servercode'], r['passcode'])
    if (res == 0)
			status = "Success"
    else 
			status = "Failed (" + res + ")"
    end
end

if (!r['action'].nil? && !r['action'].empty?)
    puts "

Result: #{status}

"
else

=begin
			# generate a random number for the offline challenge
			chall = ''
			min = 1000000000
			max = mt_getrandmax()
			num = min + ((max-min)mt_rand(0, 32767)/32767)
			chall = num+""
			chall = substr(chall, 0, 8)
=end
    %>

HTML for the page

Here is the HTML for the page:

<!-- Registration -->
<h2>Registration</h2>
<form action=\"<%= form_action %>\" method=\"POST\" >
   UserID: <input type=\"text\" size=\"25\" name=\"username\" value=\"\"/><br />
   Registration code: <input type=\"text\" size=\"12\" name=\"regcode\" value=\"\"/><br />
   Domain code: <input type=\"text\" size=\"16\" name=\"servercode\" value=\"<%= servercode_default %>\"/><br />
   <input type=\"submit\" name=\"action\" value=\"Register\"><br />
</form>
<h2>Online Login:
</h2>
<form action=\"<%= form_action %>\" method=\"POST\" >
   UserID: <input type=\"text\" size=\"25\" name=\"username\" value=\"\"/><br />
   Passcode: <input type=\"text\" size=\"12\" name=\"passcode\" value=\"\"/><br />
   Domain code: <input type=\"text\" size=\"16\" name=\"servercode\" value=\"<%= servercode_default %>\"/><br />
   <input type=\"submit\" name=\"action\" value=\"Check Online\"><br />
</form>

	<%
=begin
		if (0)
		%>
		 # Not currently supported by the Open Source release
<!-- Offline Login -->

<h2>Offline Login:
</h2>
<form action=\"<%= form_action %>\" method=\"POST\" >
   UserID: <input type=\"text\" size=\"25\" name=\"username\" value=\"\"/><br />
   Challenge: <%= chall %> <input type=\"hidden\" name=\"challenge\" value=\"<%= chall %>\"/><br />
   Response: <input type=\"text\" size=\"12\" name=\"response\" value=\"\"/><br />
   Domain code: <input type=\"text\" size=\"16\" name=\"servercode\" value=\"<%= servercode_default %>\"/><br />
   <input type=\"submit\" name=\"action\" value=\"Check Offline\"><br />
</form>
		<%
		end
=end
%>
<h2>Add device:</h2>
<form action=\"<%= form_action %>\" method=\"POST\" >
   UserID: <input type=\"text\" size=\"25\" name=\"username\" value=\"\"/><br />
   Registration code: <input type=\"text\" size=\"12\" name=\"regcode\" value=\"\"/><br />
   Passcode: <input type=\"text\" size=\"12\" name=\"passcode\" value=\"\"/><br />
   Domain code: <input type=\"text\" size=\"16\" name=\"servercode\" value=\"<%= servercode_default %>\"/><br />
   <input type=\"submit\" name=\"action\" value=\"Add device\"><br />
</form>
<%
end
%>
 
 
 
History
Action Performed by Date and Time Comment
Make visible   Feb 08, 2007 05:21 PM No comments.

 



 

Copyright © WiKID Systems, Inc. 2019 | Two-factor Authentication