Older version

Disable OTP

This PhenixID Solution Document (PSD) is written for PhenixID Server.

This PSD describes how to exclude users from two-factor authentication (NOT recommended).

The reader should have some basic knowledge about PhenixID Server.

Overview

In some scenarios customers wants to exclude some users from two-factor authentication. These users will only use userid/password.

This setup is not recommended but might be required in some scenarios.

Requirements

PhenixID Server installed

Instruction

We will make changes to the file phenix-store.json. Please make sure that you have a recent copy/backup of this file.

Set the parameters "exec_if_expr" and "skip_if_expr" to relevant valves according to the example below.

The Radius authenticator will not send access challenge when disable_otp=true.

Example 1

This example will disable OTP if the attribute postOfficeBox is set to NOOTP

{
  "name" : "PropertyAddValve",
  "config" : {
    "name" : "disable_otp",
    "value" : "true",
    "exec_if_expr" : "(flow.items().get(0).containsProperty('postOfficeBox') && flow.items().get(0).getPropertyValue('postOfficeBox').startsWith('NOOTP'))"
  }
}, {
  "name" : "OTPGeneratorValve",
  "config" : {
    "length" : "6",
    "alpha_numeric" : "false",
    "name" : "generated_otp",
    "skip_if_expr" : "(flow.items().get(0).containsProperty('postOfficeBox') && flow.items().get(0).getPropertyValue('postOfficeBox').startsWith('NOOTP'))"
  }
}, {
  "name" : "OTPBySMSValve",
  "config" : {
    "gw_username" : "",
    "gw_password" : "",
    "skip_if_expr" : "(flow.items().get(0).containsProperty('postOfficeBox') && flow.items().get(0).getPropertyValue('postOfficeBox').startsWith('NOOTP'))"
  }
}

Example 2

This example will disable OTP if mobile starts with +46

{
  "name" : "PropertyAddValve",
  "config" : {
    "name" : "disable_otp",
    "value" : "true",
    "exec_if_expr" : "(flow.items().get(0).containsProperty('mobile') && flow.items().get(0).getPropertyValue('mobile').startsWith('+46'))"
  }
}, {
  "name" : "OTPGeneratorValve",
  "config" : {
    "length" : "6",
    "alpha_numeric" : "false",
    "name" : "generated_otp",
    "skip_if_expr" : "(flow.items().get(0).containsProperty('mobile') && flow.items().get(0).getPropertyValue('mobile').startsWith('+46'))"
  }
}, {
  "name" : "OTPBySMSValve",
  "config" : {
    "gw_username" : "",
    "gw_password" : "",
    "skip_if_expr" : "(flow.items().get(0).containsProperty('mobile') && flow.items().get(0).getPropertyValue('mobile').startsWith('+46'))"
  }
}