Check Point Gaia Portal

Protecting your site with CryptoPhoto is quick and easy.

Check Point Gaia Portal

CryptoPhoto for Gaia Portal


Before being able to deploy the CryptoPhoto Check Point Gaia Portal plugin, you must register a new CryptoPhoto administration account and obtain API Keys, which will be used to configure CryptoPhoto for Check Point Gaia Portal.

Creating and configuring a CryptoPhoto administration account is described here.

Download Check Point Plugin RPM


CryptoPhoto Check Point Gaia Portal Plugin (R80): cryptophoto-1.0-101.webui.R80.gaia.noarch.rpm

CryptoPhoto Check Point Gaia Portal Plugin (R77): cryptophoto-1.0-102.webui.R77.gaia.noarch.rpm

Install & Configure


Install the rpm package on the machine where your Check Point Gaia Portal is deployed

$> rpm -ivh --replacefiles cryptophoto-1.0-101.webui.R80.gaia.noarch.rpm
or
$> rpm -ivh --replacefiles cryptophoto-1.0-102.webui.gaia.noarch.rpm

Once the package is installed you can start configuring the plugin. First we need to set the API Keys that will be used with the CryptoPhoto deployment. Execute the following command:

$> /etc/cryptophoto/webuiconfig.sh

And follow the onscreen instructions. Example:

$> /etc/cryptophoto/webuiconfig.sh
Configure CryptoPhoto plugin (see https://cryptophoto.com/info/admin on how to aquire API keys)
Enter CryptoPhoto Public API key []: dsaldkasldk
Enter CryptoPhoto Private API key []: vsnekmlasdf
A SALT (random string) is needed to hash your users IDs. Once set, it must not be changed.
Enter SALT[]: 7nse8nceneoi
Updating pubkey in /web/cgi-bin2/cryptophotoconf.tcl.
Updating privkey in /web/cgi-bin2/cryptophotoconf.tcl.
Updating salt in /web/cgi-bin2/cryptophotoconf.tcl.
Enable CryptoPhoto service (y/n): y
Changing cpenabled to 1 in /web/cgi-bin2/cryptophotoconf.tcl.
Configuration finished.
$>



Notes: The "Salt" is used to create unique user IDs. It is recommended to use a random string and once set, not to change it, otherwise the CryptoPhoto settings for each of your users will be reset.

Additionally, the administrator can enable/disable CryptoPhoto Service. Edit file /web/cgi-bin2/cryptophotoconf.tcl and change the value of cpenabled to 1 (enable) or 0 (disable).

From this point on, your users can download/enroll new tokens for CryptoPhoto Authentication by accessing "CryptoPhoto Settings" under "User Management" section:


Uninstall CryptoPhoto


Should you need to remove CryptoPhoto, uninstallation is simply:

$> rpm -e cryptophoto-webui-gaia-R80-1.0-101
or
$> rpm -e cryptophoto-webui-gaia-1.0-102

Video


Example of Enrolment and Authentication using CryptoPhoto for Check Point Gaia Portal.