Skip to main content
Version: 2.82.x.x LTS

OTP

This table lists the policy parameters specific to OTP credentials.

In addition to the policy parameters defined in this table, the policy parameter defined in the table in the chapter All credential types is also valid for OTP credentials.

NameData Type, ValuesDefaultDescription
closeToExpirationThresholdData type: int (days)10Defines the number of days preceeding the real expiry date at which the batch job UpdateCredentialStateJob, if configured, will trigger renewal or other communication events. Example: If set to 2, then all OTPs that expire the day after tomorrow (between 00:00 and 23:59) will be affected.
coordinateCardFormatData type: booleanfalseDefines the format in which the challenges in the OTP card are stored. When true, the coordinate format is used, i.e., the challenges are numbered from A1 to N12. When false, the challenges are sequentially numbered from 001 to 168.
credentialLifetimeData type: int (>0)10 years in millisecondsThe time to live (in milliseconds) of the OTP credential. After the defined period of time, the user will not be able to log in with this OTP credential anymore.
fallbackAllowedData type: booleantrue
fallbackTransitionPeriodData type: int (>0)14Defines the period in days during which a user may still use his old OTP card although a new OTP card was already sent to him.
lowOnChallengesThresholdData type: int20Threshold that triggers a warning as soon as the number of remaining challenges on the OTP card goes below the configured value.
maxCredFailureCountData type: int (>0) or -13Maximum number of login failures before a password is definitely locked. If set to "-1", the max. failure counter is disabled.
renewWhenCloseToExpirationData type: booleanfalseDefines whether the batch job UpdateCredentialStateJob should trigger an OTP card renewal when closeToExpirationThreshold is reached.
renewWhenLowOnChallengesData type: booleantrueIf set to true, it triggers an OTP card renewal event when the lowOnChallengesThreshold is underrun. Renewal means generating an additional OTP card while the original card remains untouched.
reuseChallengesData type: booleantrueEnable/disable the reuse of challenges.
sendingMethodData Type: comma-separated list of enums Values: any subset of PDFstore, Print, PDFemail, NonePDFstoreDefines a fallback list of different methods of how a credential should be communicated to the user (if the first method fails for some reason, the second is tried, and so on). All methods (except None) will fail if the corresponding template is missing or one or more of the mandatory placeholders are empty. If sendingMethod was not defined at all, nevisIDM takes the default value. The default value has no fallbacks.
If "PDFstore" is configured, the following additional parameters can be defined:
    PDFstore.destDir (optional): Defines the destination directory where the PDF is to be saved. If the parameter is not configured, the destination directory set in the configuration nevisidm-prod.properties will be used as fallback.
The sending method "PDFemail" requires two templates: one e-mail and one OpenOffice template. If either of the templates is missing, the PDF sending will fail. The credential value will be propagated only to the PDF document. If "PDFemail" is configured, the following additional parameter can be defined:
    PDFemail.htmlEmail (optional, default: false): If the parameter is "true", an HTML e-mail will be sent. Otherwise, a plain text e-mail will be sent.
sendWarningWhenCloseTo-ExpirationData type: booleanfalseDefines whether the batch job UpdateCredentialStateJob should trigger an OTPExpirationWarning communication event when closeToExpirationThreshold is reached.
sendWarningWhenLowOnChallengesData type: booleanfalseIf set to true, it triggers an OTPLowOnChallengesWarning as soon as the lowOnChallengesThreshold is underrun.
supportLegacyCardTransitionData type: booleanfalseEnables the fallback mechanism to legacy OTP cards (migrated cards, whose dimensions are different from nevisIDM OTP cards). If this parameter is set to true, nevisIDM will generate a pair of challenges during the transition phase from the old migrated OTP card to the new OTP card. Example pair of challenges: 168#J10. The user can log in with the old card (giving the value of position J10 in the old card as response) or with the new card (giving the value of position 168 in the new card as response).
templatePrecedenceData type: intnullThe precedence number of the template we want to use during the communication with the user. If the parameter is not set, the default template will be used. If no template exists with the given precedence number, an error will occur.