TypingDNA with WSO2 Identity Server

What is Typing DNA?

Typing DNA is a simply recognize the people by the way they type and uses AI-driven behavioral-based technology. This is identified as one of a most secured and accurate bio metric in verifying people. This technology can be used for continuous authentication in difference areas.

TypingDNA with WSO2 Identity Server

Typing DNA’s typing biometrics provides risk-based adaptive authentication for user authentication flows in WSO2 Identity Server.

To enabling TypingDNA in the WSO2 Identity Server:

• Add the configuration in the <IS-Home>/repository/conf/deployment.toml file.

[myaccount.security]
enabled_features=["security.loginVerifyData.typingDNA"]

To Deploy TypingDNA Artifacts:

(TypingDNA is support 5.12.0-alpha10 version onwards.)

• Download the Wso2 identity server
• Download the connector from the WSO2 store.
• Copy the org.wso2.carbon.identity.conditional.auth.typingdna.functions-x.x.x.jar file into the <IS-Home>/repository/components/dropins directory.
• Copy the api#identity#typingdna#v_.war file into the <IS-Home>/repository/deployment/server/webapps directory.

To setup the TypingDNA account:

• To create a TypingDNA account follow the instructions here.

To Configure the TypingDNA in WSO2 Identity Server:

• Start the WSO2 Identity Server and log in to the management console using admin credentials.
• Go to Identity Providers -> Resident -> Other settings -> TypingDNA Configuration.
• Enable TypingDNA and configure API Key and Secret. You can get the key and secret from the TypingDNA dashboard.
• Enable Advance TypingDNA-API mode if you have pro/enterprise typingDNA account (This advance mode will allow you to use TypingDNA’s advance APIs and configurations for the authentication).
• Configure the region ( type eu or us ).

To configure the application to use TypingDNA:

• Go to Service Providers -> List, select the sample application you have configured, and click Edit.
• Expand Local and Outbound Authentication Configuration and click Advanced Configuration.

• Configure two authentication steps (2FA) in the login flow and use the Typing DNA adaptive script as shown below.

// This script will step up 2FA authentication if the user's typing behaviour mis-match with enrolled behaviour.

// You can use score(num 0-100), result(boolean), confidence(num 0-100), comparedPatterns in your logic to promote 
2nd step. Only the typingVerified.result is used in the sample script. 

var onLoginRequest = function(context) {
    executeStep(1, {
        onSuccess: function (context) {
            verifyUserWithTypingDNA(context, {
                onSuccess: function(context,data){
                    // Change the definition here if you want.
                    var userVerified = data.result;

                    // data.isTypingPatternReceived indicates whether a typing patterns is received from login portal.
                    if (data.isTypingPatternReceived && !userVerified){
                        executeStep(2);
                    }
                },onFail: function(context,data){
                    executeStep(2);
                }
            });
        }
    });
}

Test scenarios

1. Ensure privileged user can install typing DNA connector artifacts to the product.
2. Ensure privileged user can configure typingDNA for authentication. {Different could region eu/us} {TypingDNA account is pro or enterprise enable/disable} {Invalid API credentials} {TypingDNA Authentication checkbox enable/disable}
3. Ensure privileged user can use typing bio metrics as a risk calculation option for the adaptive authentication flow. {Different could region eu/us} {TypingDNA account is pro or enterprise enable/disable}
4. Ensure privileged user can provide an additional authentication step to enhance the security during the phase of initial enrollment of end-users typing bio metrics.
5. Ensure end-user can login to the application with typing DNA for the 1st time {TypingDNA account is pro or enterprise enable/disable}
6. Ensure end-user can login to the application with typing DNA and user typing pattern is match with to the recorded typing pattern {TypingDNA account is pro or enterprise enable/disable}
7. Ensure end-user can login to the application with typing DNA for the 1st time {TypingDNA account is pro or enterprise enable/disable}
8. Ensure end-user can login to the application with typing DNA and user typing pattern is match with to the recorded typing pattern {TypingDNA account is pro or enterprise enable/disable}
9. Ensure end-user can login to the application with typing DNA and user typing pattern is not match with to the recorded typing pattern {TypingDNA account is pro or enterprise enable/disable}
10. Ensure end-user can remove my previously enrolled typing bio metrics so that I can re-enroll my evolved typing behavior.
11. Ensure privileged user can provide an additional authentication step to enhance the security during the phase of initial enrollment of end-users typing bio metrics. {Multi factor authentication, Multi option authentication}

🔐 Unlock IAM Excellence!

📖 Follow me on Medium for insights on into Identity and Access Management strategies, WSO2 Identity Server, Asgardeo and tech trends. Connect with me on LinkedIn and Twitter for more content!

📧 Got questions? Email me at aaujayasena@gmail.com 😊