In this article I will walk you through configuring Google reCAPTCHA as an additional authentication step on your Hypersocket Server. Google reCAPTCHA protects your website from spam and abuse by introducing a small test to verify whether the user visiting the site is human.
Step 1 - Configure reCAPTCHA
In order to use Google reCAPTCHA you must register with Google to obtain a site key. Navigate to Authentication->Settings and select the reCAPTCHA tab.
Under the Site Key field you will see a link to Google for registration. If you have not currently got a Site Key then click this link and register.
To register you will need to enter a name for your site, the domain names and a support email address.
Once registered, you will be given the Site Key and Secret Key immediately.
Enter these values into the field on the configuration screen, and click Apply.
Step 2 - Configure Authentication
reCAPTCHA is now ready to use.
Hypersocket provides a number of Authentication flows, each depending on the source of the user. For example the Browser flow is presented to users logging in directly to the Hypersocket product by visiting the server's URL.
Products such as Hypersocket SSO have a separate SSO flow which is present to users that have attempted to access a single sign-on resource and are redirected to Hypersocket for authentication.
Navigate to Authentication->Schemes and select the tab of the authentication flow you want to configure.
In this example I am modifying the Browser flow which looks like this:
Locate the reCAPTCHA method in the list of supported authentication methods on the right hand side of the page.
Click the icon to add the module into the flow. It will be placed at the beginning of the flow.
You can now Save the flow to commit the configuration.
Step 3 - Logging In
Now that you have modified the flow, you can test the new mechanism by logging out. At the login screen you should now see the standard Google reCAPTCHA prompt.
Click the box to start the process. The user may be presented with a further prompt asking them to answer a visual question. The majority of times the user will simply be redirected to the next part of the logon flow.
In this article we have demonstrated how you can secure your Hypersocket server with the Google reCAPTCHA authentication method.