OTPValidationValve

Valve for validating the one-time password.

This valve supports user lockout. See: PhenixID Authentication Services › Version 2.8 › Solutions › User Lockout in PhenixID Server

Properties

Name Description Default value Mandatory Supports property expansion
generated_otp_param_name Session property containing the generated otp. generated_otp Yes No
userid_param_name Property containing the username. User-Name No Yes
provided_otp_param_name Property containing the provided otp value. Yes Yes
otp_retries The number of retries the user gets for the otp. 0 No No

Example Configuration

{
        "name": "OTPValidationValve",
        "config": { 
              "generated_otp_param_name":"generated_otp", 
              "provided_otp_param_name":"{{request.User-Password}}",
              "otp_retries": "1",
              "userid_param_name": "{{request.User-Name}}"
        }
}

The value for parameter provided_otp_param_name is the  provided otp sent in the request.

The value for  userid_param_name  is the userid sent in the request.
Most common values for userid_param_name are User-Name for RADIUS and username for HTTP.

Parameter otp_retries would normally be set to default value 0 but can be set to a higher value in specific environments, where a reuse of same otp is needed by the integrated system.

Requirements

None