OTP validator
Used to validate a OTP either generated by an mobile app, token device or sent to the user via SMS/e-mail. Often used in conjunction with other authenticators. Requires modules AuthN & Pipes.
Using tokens when authenticating assumes that the user has a token. Fortified ID have a product called Fortified ID Enrollment to help user to easily enroll for tokens.
Configuration
Common Authenticator configuration can be found here.
pipe_id
Pipe to use for validation.
N/A
pre_pipe_id
Pipe commonly used for sending OTPs.
N/A
allowed_otp_retry
Allowed number of times a user is allowed to enter OTP before process is aborted.
2
webroot_dir
See common authenticator configuration
web/authenticator/otp_validation
custom_identifier
Tag used for event separation
N/A
{
"id": "iodpwd",
"type": "OTPValidator",
"config": {
"base_path": "/saml/authn",
"context_path": "/saml/authn/otp",
"pipe_id": "otp_validation_pipe"
}
}Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when completing and failing a transaction.
Event ids are:
WEB_100019("OTP validated")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
WEB_100020("OTP validation failed")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
Data sent to validation pipe
On otp-validation, data sent to pipe is:
otp - entered by user
Data exposed to global state
None
API
Starting an authentication
Start by sending in a Ajax request containing identifier & password:
The response back will contain either a COMPLETED or ERROR: