Misc Configuration options

Different configuration options.

Default country prefix

Add the following to the valve used for message delivery (SMS or Voice), for example OTPBySMSValve:

"recipient_prefix":"+46"

Suffix for token enrollment

After completing the Scenario PhenixID "Self Service" you will find a parameter called "enrollmentsuffix" in the module com.phenixidentity~phenix-prism-otpenrollment.

Add your suffix between the quotes, like this example:

"enrollmentsuffix" : "@phenixid.net"

OTP Retries

To enable OTP retries, please add the option below to your OTPValidationValve, and set the number of retries accordingly:

“otp_retries”:”3”

We also need the following valve:

{
      "name" : "ItemCreateValve",
      "config" : {
        "dest_id" : "data"
      }
    }, 

Add it before the OTPValidationValve in the Validation pipe.

To change the corresponding message, in the file <PhenixIDinstallationdirectory>/mods/com.phenixidentity~phenix-radius~<version>/lang/en/strings.xml/ change    <string name="radius.uidpwdotpauth.accesschallenge.retry.message">Wrong otp. Please enter your otp:</string>

Customized Challenge response message

Add the following to your RADIUS AUTHENTICATOR/S:

"challenge_message”:”Your customized message to the user:”

The RADIUS AUTHENTICATOR should be of the type usernamepasswordotp

Change post SAML assertion delay

Open <auth_http_template_root>/templates/autopost.template

Change timeout value (default is 5s (5000ms)):

setTimeout('document.phenixform.submit()',5000);

Save file.

 

LDAP Connection settings in some Firewall scenarios

This setting will reconnect to the LDAP server every minute, to make sure we won't time out.

This should be added to the "CONNECTIONS" :  part of the configuration.

"pool_max_age" : "60000"

LDAP Connection failover with multiple hosts and ports

This setting will allow failover to 3 different LDAP hosts.

Each host will listen on a different port.

192.168.0.3 will use the default port configured in the "port" parameter.

{
    "id" : "My_Connection",
    "type" : "ldap",
    "name" : "LDAP",
    "description" : "MyLDAPConnection",
    "config" : {
      "host" : "192.168.0.1:1389,192.168.0.2:50000,192.168.0.3",
      "port" : "389",
      "bind_dn" : "CN=ldapsearch,CN=Users,DC=org",
      "password" : "{enc}WLZH655qoowXT/Lk4yki8cb/yhbr1KGzdj1pztXv/nU=",
      "use_ssl" : "false",
      "ssl_trust_all" : "true",
      "follow_referrals" : "false",
      "auto_reconnect" : "true",
      "use_keep_alive" : "true",
      "response_timeout_ms" : "30000",
      "pool_initial_size" : "1",
      "pool_max_size" : "2"
    }
  },

Property expansion expressions with dotted keys

Turn on globally with system property: com.phenixidentity.globals.useExtendedExprSyntax=true

Example in vmoptions file:

-Dcom.phenixidentity.globals.useExtendedExprSyntax=true

Has to be added to each valve where used if not configured globally.

"use_extended_expr_syntax": "true" 

Requires dots to be escaped with '\\' (ex: {{request.apa\\.banan}})

Also supported for system properties (when turned on, otherwise use '_' as separator)

By default this behaviour is switched off (for compatibility with existing configurations)