REL-ID Web Authentication Module
🎯 What is REL-ID Web Authentication Module?
The REL-ID Web Authentication Module (WAM) is a comprehensive OpenID Connect (OIDC) Provider that facilitates secure user authentication through multiple factors. It serves as a centralised authentication portal that integrates seamlessly with enterprise applications while providing users with flexible authentication options and self-service capabilities.
🏗️ Core Architecture
- OpenID Connect Provider - Standards-compliant identity provider supporting OIDC 1.0 specification\
- Multi-Factor Authentication - Supports multiple authentication methods for enhanced security
- Browser-Based Portal - Web interface for authentication, user management, and account recovery
- Modular Design - Flexible components that can be customized and integrated independently
- Enterprise Integration - OAuth2/OIDC integration with existing enterprise applications
🔒 Supported Authentication Factors
📱 REL-ID Mobile App Factors (Enterprise-Grade)
- Push Notification - Real-time tap-to-approve authentication\
- Time-based OTP (TOTP) - 6-digit codes generated every 30 seconds (offline capable)
🌐 Web-Based Factors (User Configurable)
- Password - User-defined password with policy enforcement\
- Email OTP - One-time codes delivered via email
- SMS OTP - One-time codes delivered via text message
🎭 Authentication Flows
REL-ID Web Authentication supports the following.
🆕 Unrecognised Browser Flow
| Aspect | Details |
|---|---|
| When Used | Browser hasn't been marked as "remembered" |
| Process | Full username entry + multi-factor authentication |
| Steps | Username → First Factor → Second Factor → Success |
✅ Recognized Browser Flow
| Aspect | Details |
|---|---|
| When Used | Browser previously trusted through "Remember Me" |
| Process | Account chooser + streamlined authentication |
| Steps | Account Selection → Second Factor → Success |
🌐 Remember Me Functionality
- User Control - Optional checkbox during authentication\
- Duration - Configurable trust period (default: 1 year)
- Browser Trust - Secure cookie-based browser recognition
- Self-Management - Users can view and remove trusted browsers via User Portal
👤 User Self-Service Portal
- Access Method - "Manage your Account Security Preferences" link\
- Authentication Required - Full MFA completion needed for access
- Capabilities - Update passwords, email, mobile numbers, manage trusted browsers
- Security - Re-authentication required for sensitive changes
🔄 Account Recovery System
Recovery Methods Available
- Forgot Username - Retrieve username via email/SMS\
- Pre-login Recovery - Mobile app access, forgot password options
- Partial-login Recovery - Email access, SMS access, mobile app options
- AR-IDV Module - Identity verification using documents and data
- AR-C Module - Challenge-based recovery using security questions/backup codes
Recovery Flow Types
- Identity Verification (AR-IDV) - High-security recovery using verified identity\
- Challenge-Based (AR-C) - Alternative recovery using pre-configured challenges
- Factor Re-registration - Establish new authentication factors after recovery
- Contact Updates - Update email and phone numbers during recovery
🌍 Internationalisation Support
- Multi-Language - Support for multiple languages with language chooser\
- Text Localization - All UI text elements can be translated
- Image Localization - OTP images can be customized for different languages
- URL Parameters - Language specification via
langparameter in URLs
🔗 Enterprise Integration
OAuth2/OIDC Integration
- Client Registration - OAuth2 client setup via Gateway Manager console\
- Authorization Code Flow - Standard OIDC authentication flow
- Client Credentials Flow - Server-to-server authentication
- Token Management - JWT access tokens with user information
User Activation Integration
- Web-Only Activation - Browser-based credential setup for users\
- Token Generation - Secure activation tokens via API
- Redirect Flexibility - Configurable redirect URIs for seamless integration
Account Recovery Integration
- Custom IDV Systems - Integration with existing identity verification systems\
- API-Based Recovery - Token-based recovery flow integration
- Seamless Handoff - Smooth transitions between systems
⚙️ Administrative Features
Gateway Manager Console
- Enterprise Management - OAuth2 client registration and configuration\
- User Management - User creation, status management, bulk operations
- Module Configuration - System-wide settings and authentication policies
- Localization Management - Multi-language configuration
Key Configuration Areas
- Authentication Factors - Control available authentication methods (
allowed.auth.factors)\ - Registration Factors - Determine user self-registration options (
allowed.reg.factors) - Security Policies - Password policies, session management, attempt counters
- Integration Settings - RP server IPs, hostnames, IDV server URLs
🛡️ Security Features
Multi-Layer Security
- Factor Combinations - Multiple authentication factors required\
- Account Lockout - Automatic lockout after failed attempts with cooling periods
- Session Security - Secure session management with configurable timeouts
- Audit Trail - Comprehensive logging of all authentication and recovery activities
Protection Mechanisms
- Rate Limiting - Prevents brute force attacks on authentication\
- Token Security - Time-limited, single-use tokens for sensitive operations
- IP & Hostname Whitelisting - Restrict access to authorised servers only
- Secure Communication - HTTPS-only with proper certificate validation
📊 User Experience Benefits
- Flexible Authentication - Multiple options to suit different user preferences\
- Self-Service Capabilities - Users can manage their own security settings
- Seamless Integration - Smooth transitions between applications
- Mobile & Web Support - Consistent experience across platforms
- Accessibility - Multi-language support for diverse user populations
🔧 Deployment Flexibility
- Modular Components - Use individual components as needed\
- Custom Integration - Integrate with existing enterprise systems
- Scalable Architecture - Supports high-volume authentication scenarios
- Configuration Control - Extensive customisation options via admin console
🎯 Ideal Use Cases
- Enterprise SSO - Single sign-on for multiple enterprise applications\
- Customer Authentication - Secure customer login for banking, healthcare, government
- Multi-Tenant Systems - Support multiple organizations with separate configurations
- Regulatory Compliance - Meet security requirements for regulated industries
- Legacy System Modernization - Add modern authentication to existing applications
Updated 15 days ago
What’s Next
- REL-ID Web Authentication Module
- Key Features & Highlights
- REL-ID Web Authentication Portal
- Management Console Configuration
- User Activation on Web (Web Credential Activation / Web-Only user activation)
- Authentication Orchestration
- User Portal (Security Settings)
- Account Recovery flows on web
- Internationalization
- Integration