OTP validator

Used to validate a OTP either generated by an mobile app, token device or sent to the user via SMS/e-mail. Often used in conjunction with other authenticators. Requires modules AuthN & Pipes.

Note: If validating an OATH token OTP click here: https://docs.fortifiedid.se/tokens/oath

Using tokens when authenticating assumes that the user has a token. Fortified ID have a product called Fortified ID Enrollment to help user to easily enroll for tokens.

Configuration

Authenticator type: OTP | OTPAuthenticator | OTPValidator

Common Authenticator configuration can be found here.

Name Description Default value Mandatory

Name	Description	Default value
`pipe_id`	Pipe to use for validation.	N/A
`pre_pipe_id`	Pipe commonly used for sending OTPs.	N/A
`allowed_otp_retry`	Allowed number of times a user is allowed to enter OTP before process is aborted.	`2`

pipe_id

Pipe to use for validation.

N/A

pre_pipe_id

Pipe commonly used for sending OTPs.

N/A

allowed_otp_retry

Allowed number of times a user is allowed to enter OTP before process is aborted.

2

{
  "id": "iodpwd",
  "type": "OTPValidator",
  "config": {
    "base_path": "/saml/authn",
    "context_path": "/saml/authn/otp",
    "pipe_id": "otp_validation_pipe",
    "webroot_dir": "web/authenticator/otp_validation"
  }
}

Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.

Logging

Apart from system logging, event logging is done when completing and failing a transaction.

Event ids are:

WEB_100019("OTP validated")
- IDENTIFIER (user trace id)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_ADDRESS (ip of the remote session)
WEB_100020("OTP validation failed")
- IDENTIFIER (user trace id)
- CUSTOMER_IDENTIFIER (if configured)
- SOURCE_ADDRESS (ip of the remote session)

Data sent to validation pipe

On otp-validation, data sent to pipe is:

otp - entered by user

Data exposed to global state

None

API

Starting an authentication

Start by sending in a Ajax request containing identifier & password:

{
    "type": "start",
    "data": {
        "otp": "<otp>"
    }
}

The response back will contain either a COMPLETED or ERROR:

{
    "status": "COMPLETED"
}

Translation keys

{
  "otp_validation.otp": "One-time password",
  "otp_validation.start_validate": "Verify one-time password",
  "otp_validation.verified": "One-time password verified",
  "otp_validation.redirecting": "Redirecting...",
  "otp_validation.cancel": "Cancel",
  "otp_validation.ERROR": "Wrong one-time password",
  "allow-cookies-body": "To save your language settings on this device you need to approve a language cookie.",
  "allow-cookies-button": "Approve language cookie",
  "change_language": ""
}

{
  "otp_validation.otp": "Engångslösenord",
  "otp_validation.start_validate": "Verifiera engångslösenord",
  "otp_validation.verified": "Engångslösenord verifierat",
  "otp_validation.redirecting": "Omdirigerar...",
  "otp_validation.cancel": "Avbryt",
  "otp_validation.ERROR": "Felaktigt engångslösenord",
  "allow-cookies-body": "Vill du spara dina språkinställningar på denna enhet behövs ett godkännande av  språk-cookie.",
  "allow-cookies-button": "Godkänn språk-cookie",
  "change_language": ""
}

PreviousUser lookup NextPasskey validator