OTP validator
Used to validate a OTP either generated by an mobile app, token device or sent to the user via SMS/e-mail. Often used in conjunction with other authenticators. Requires modules AuthN & Pipes.
Note: If validating an OATH token OTP click here: https://docs.fortifiedid.se/tokens/oath
Using tokens when authenticating assumes that the user has a token. Fortified ID have a product called Fortified ID Enrollment to help user to easily enroll for tokens.
Configuration
Authenticator type: OTP | OTPAuthenticator | OTPValidator
Common Authenticator configuration can be found here.
Name | Description | Default value | Mandatory |
---|---|---|---|
| Pipe to use for validation. | N/A | |
| Pipe commonly used for sending OTPs. | N/A | |
| Allowed number of times a user is allowed to enter OTP before process is aborted. |
|
Property base_path should not contain the full path when used in conjunction with the Selector, instead, the full URI will be handled by the selector. The full path will be base_path + / + id.
Logging
Apart from system logging, event logging is done when completing and failing a transaction.
Event ids are:
WEB_100019("OTP validated")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
WEB_100020("OTP validation failed")
IDENTIFIER (user trace id)
CUSTOMER_IDENTIFIER (if configured)
SOURCE_ADDRESS (ip of the remote session)
Data sent to validation pipe
On otp-validation, data sent to pipe is:
otp - entered by user
Data exposed to global state
None
API
Starting an authentication
Start by sending in a Ajax request containing identifier & password:
The response back will contain either a COMPLETED or ERROR: