How to Use inWebo as your Authentication Provider

inWebo is a SaaS authentication provider. This blog will explain how to use Gluu’s inWebo interception script to configure the Gluu Server for authentication using inWebo’s browser authenticator called Virtual authenticator or inWebo’s desktop and mobile app called Authenticator 6. In order to use this authentication mechanism your organization will need an inWebo account (Service ID) and users will need to download the inWebo mobile app.


Gluu Server filesystem configuration

  • Prepare the inwebo credential file /etc/certs/inwebo_creds.json with CERT_PASSWORD which will contain the passphrase of the configured certificates.
  • Download the certificate (needed to make calls to Inwebo’s API) from inwebo console. Place the certificate in /etc/certs/

oxTrust configuration

Follow the steps below to configure the inWebo module in the oxTrust Admin GUI. 1. Navigate to Configuration > Manage Custom Scripts. 2. Click on the Person Authentication tab. 3. Scroll down to the inWebo authentication script and configure the following parameters Property nameProperty value
iw_cert_store_type pkcs12
iw_cert_path /etc/certs/Filename.p12
iw_creds_file /etc/certs/iw_creds.json
iw_service_id 1234
iw_push_withoutpin false
2fa_requisite false
4. Enable the script by ticking the check box “Enabled”


Now the inWebo should be an available authentication mechanism for your Gluu Server. An OpenID Connect application can use the acr_values parameter in the authentication request to specify inWebo authentication. Note:To make sure inWebo has been enabled successfully, you can check your Gluu Server’s OpenID Connect configuration by navigating to the following URL: https://your.hostname/.well-known/openid-configuration. Find acr_values_supported and you should see inwebo. One quick way to test is to make inWebo a default authentication method. To do so, you can follow these instructions:
  1. Navigate to Configuration > Manage Authentication.
  2. Select the Default Authentication Method tab.
  3. In the Default Authentication Method window you will see two options: Default acr and oxTrust acr.
If you just want to test inWebo using oxTrust, toggle the the oxTrust acr field in the default authentication panel to inWebo. If you want to set inWebo for all SAML and OpenID Connect relying parties, make it the default acr.

Join our Developer Community