Configure the reCAPTCHA Verification authentication mechanism

The reCAPTCHA Verification authentication mechanism provides anti-robot protection.

The appliance uses the Google reCAPTCHA service to provide such verification. For more information, see www.google.com/recaptcha. The appliance supports only Google reCAPTCHA V2.

Before configuring a reCAPTCHA Verification mechanism, we must first complete the following steps.

• Ensure the appliance can connect to www.google.com. We can test the connection in the CLI, for example:

   
  myappliance.example.ibm.com:tools>
  myappliance.example.ibm.com:tools> connect www.google.com:443
  Test:   www.google.com (address: 216.58.197.68) on port 443
  Status: connection was successful

• Add the issuer of the Google CA certificate to the HTTP client default trust store, which is set by the value of the util.httpClient.defaultTrustStore advanced tuning parameter. The default value of the util.httpClient.defaultTrustStore parameter is rt_profile_keys.

  1. From the top menu, select System > Secure Settings > SSL Certificates.
  2. Select the rt_profile_keys key database.
  3. Select Manage > Edit SSL Certificate Database.
  4. Select the Signer Certificates tab.
  5. Select Manage > Load.
  6. Specify the following fields.

     Server: www.google.com
     Port:443
     Certificate Label: Google

Click Load.

The reCAPTCHA Verification mechanism can provide protection against spam or abuse caused by robots. With this mechanism, the user is presented with a web page that contains a simple Turing test provided by the Google reCAPTCHA API. These tests can distinguish a human user from a robot. We can add this mechanism to our policy to prevent robots from accessing your applications.

The following HTML snippet shows an example of embedding the reCAPTCHA mechanism in the template page:

<form method="POST" action="@ACTION@">
      <input type="hidden" name="operation" value="verify"></input>
      <div class="g-recaptcha" data-sitekey="@SITE_KEY@"></div>
      <br>	
      <div class="controls">
      <input class="submitButton" id="Submit" name="Submit" 
      type="submit" value="Submit"></input>	
      </div>
</form>

Steps

1. Log in to the local management interface.
2. Click AAC.
3. Under Policy, click Authentication.
4. Click Mechanisms.
5. Click reCAPTCHA Verification.
6. Click the Properties tab.
   1. Select a property that we want to configure.
   2. Click Modify Property.
   3. Enter the value for that property.
   4. Click OK.
7. Take note of the properties for the mechanism.

   Site Key

   This property is embedded in the HTML template and used to generate the CAPTCHA in the client browser.

   Default value: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI

   Secret Key

   This property is used on the server side by the appliance to verify reCAPTCHA responses with Google.

   Default value: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe The default Site Key and Secret Key values are designated Google test credentials. When these default values are used, all verification requests will pass.

   Template Page

   The path to the template HTML page to be displayed to the user.

   Default value: /authsvc/authenticator/recaptcha/standalone.html

8. Click Save.

What to do next

After you have configured the mechanism, a message that indicates the changes are not deployed will be displayed. Deploy changes when you are finished. For more information, see Deploying pending changes.

After deploying the changes, we can create policies that include this mechanism. For more information, see Create an authentication policy.

Parent topic: Authentication