OTP validator
Used to validate a OTP either generated by an mobile app, token device or sent to the user via SMS/e-mail. Often used in conjunction with other authenticators. Requires modules AuthN & Pipes.
3.2.0 - Access
Used to validate a OTP either generated by an mobile app, token device or sent to the user via SMS/e-mail. Often used in conjunction with other authenticators. Requires modules AuthN & Pipes.
Using tokens when authenticating assumes that the user has a token. Fortified ID have a product called Fortified ID Enrollment to help user to easily enroll for tokens.
Common Authenticator configuration can be found .
pipe_id
Pipe to use for validation.
N/A
pre_pipe_id
Pipe commonly used for sending OTPs.
N/A
allowed_otp_retry
Allowed number of times a user is allowed to enter OTP before process is aborted.
2
webroot_dir
See common authenticator configuration
web/authenticator/otp_validation
Property base_path should not contain the full path when used in conjunction with the , instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Apart from system logging, event logging is done when completing and failing a transaction.
Event ids are:
WEB_100019("OTP validated")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
WEB_100020("OTP validation failed")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
On otp-validation, data sent to pipe is:
otp - entered by user
None
Start by sending in a Ajax request containing identifier & password:
The response back will contain either a COMPLETED or ERROR: