Older versionVersion 2.2 SolutionsMisc Configuration options

Misc Configuration options

Different configuration options.

Please make sure to have a resent copy/backup of the files being edited before making the changes.

Default country prefix

Go to Scenarios, Radius, <your scenario>. On the tab"Execution flow" edit the valve used for message delivery (SMS or Voice), for example OTPBySMSValve, press "+ Add" and set the following:

Parameter = recipient_prefix         Value = +46

Suffix for token enrollment

During the configuration of scenario "Self Service" you will set the value for "Issuer". This is the name that will be seen when doing enrollment.

If this needs to be changed please go to Scenarios, Applications, Self Service, Self Service and the tab Software token/One Touch. Edit the value for "Issuer".

OTP Retries

To enable OTP retries, please go to Scenarios, Radius, <your scenario>. On the tab"Execution flow" edit the OTPValidationValve on the pipe "Verify otp", press "+ Add" and set the number of retries accordingly:

Parameter = otp_retries       Value= 3

Should look like this:

{
	"generated_otp_param_name": "generated_otp",
	"provided_otp_param_name": "{{request.User-Password}}",
	"otp_retries": "3"
}

We also need the valve called ItemCreateValve. Press "+ Add valve", "Type" should be "ItemCreateValve", set it to "Enabled" and add the parameter "dest_id" with the value "data" and press "Add valve" Should now look like this:

{
	"dest_id": "data"
}

Drag it before the OTPValidationValve in the Validation pipe, then press "Save".

To change the corresponding message, in the file <PhenixIDinstallationdirectory>/mods/com.phenixidentity~phenix-radius~<version>/lang/en/strings.xml/ change    <string name="radius.uidpwdotpauth.accesschallenge.retry.message">Wrong otp. Please enter your otp:</string>

Customized Challenge response message

In the configuration GUI go to the tab "Advanced", press the pencil besides "Authentication - Radius" and add the desired message to the parameter challenge_message, ilke this:

"challenge_message”:”Your customized message to the user:”

Then press "Stage changes"/"Commit changes".

The RADIUS AUTHENTICATOR should be of the type usernamepasswordotp

Change post SAML assertion delay

Open <auth_http_template_root>/templates/autopost.template

Change timeout value (default is 5s (5000ms)):

setTimeout('document.phenixform.submit()',5000);

Save file.

 

LDAP Connection settings in some Firewall scenarios

In the configuration GUI, go to Scenarios, Connections, LDAP, <yourldap>. Set the value for "Connection pool max age" like the example below. This setting will reconnect to the LDAP server every minute, to make sure we won't time out.

"pool_max_age" : "60000"

Property expansion expressions with dotted keys

Turn on globally with system property: com.phenixidentity.globals.useExtendedExprSyntax=true

Example in vmoptions file:

-Dcom.phenixidentity.globals.useExtendedExprSyntax=true

Has to be added to each valve where used if not configured globally.

"use_extended_expr_syntax": "true" 

Requires dots to be escaped with '\\' (ex: {{request.apa\\.banan}})

Also supported for system properties (when turned on, otherwise use '_' as separator)

By default this behaviour is switched off (for compatibility with existing configurations)