Configuration of the IdmSecurityQuestionVerifyState
Topic | Description |
---|---|
Class | ch.nevis.idm.authstate.IdmSecurityQuestionVerifyState |
Logging | IdmAuth |
Auditing | None |
Marker | NevisIDM:challenge/response |
Properties | requiredAnswers (int, optional, default: 1) Number of questions the user must answer for successful authentication. |
Methods | process (all events) |
Input | answer (String: "${inargs:answer}") Answer to the selected security questions. |
Transitions | ok: All answers were correct, user is now authenticated. |
prospect: The question to be answered is stored in the session, and a dialog to answer it is shown. | |
noCredential: The user does not have an active security question credential. | |
invalidCredential: The user's security question credential does not contain enough active and unanswered questions. | |
lockWarn: The answer was wrong, next failure will lock the credential. | |
nowLocked: Last try failed, the credential is now locked. | |
locked: The user's security question credential is locked. | |
failed: The provided answer was not correct or not enough answers were provided. | |
clientNotFound: User uses an unsupported client ID or the "default" client ID (see input above) is not available. | |
Output | ch.adnovum.nevisidm.sq.label: The security question that needs to be answered (in the set user language). |
ch.adnovum.nevisidm.sq.answersRequired: The number of answers the user must provide until "requiredAnswers" is reached. | |
Errors | 1: Wrong answer 1: Invalid security question credential. 3: Next authentication failure will lock the account. 8: Account locked due to too many consecutive authentication failures. 8: Account was already locked. 11: Missing or inactive security question credential. 98: Account no longer exists. 98: Account or credential disabled by admin. 98: Credential archived. 98: Account or credential is not yet valid. 98: Account or credential expired. |
Notes | None |
Example
<AuthState name="SecurityQuestionVerify"
class="ch.nevis.idm.authstate.IdmSecurityQuestionVerifyState"
final="false" >
<ResultCond name="failed" next="SecurityQuestionVerify"/>
<ResultCond name="prospect" next="SecurityQuestionVerify"/>
<ResultCond name="ok" next="IdmPostProcessing"/>
<ResultCond name="noCredential" next="AuthError"/>
<ResultCond name="invalidCredential" next="AuthError"/>
<ResultCond name="locked" next="AuthError"/>
<ResultCond name="nowLocked" next="AuthError"/>
<ResultCond name="lockWarn" next="SecurityQuestionVerify"/>
<Response value="AUTH_CONTINUE">
<Gui name="Security Question" label="sq.verify.title.label">
<GuiElem name="lasterror" type="error"
label="${notes:lasterrorinfo}" value="${notes:lasterror}" />
<GuiElem name="answersRequired" type="info" label="Required answers left: ${sess:ch.adnovum.nevisidm.sq.answersRequired}" />
<GuiElem name="question" type="info" label="Question: ${sess:ch.adnovum.nevisidm.sq.label}" />
<GuiElem name="answer" type="text"
label="sq.verify.answer.label" />
<GuiElem name="submit" type="submit"
label="sq.verify.submit.label" />
</Gui>
</Response>
<propertyRef name="IdmCertificateWhiteList"/>
<property name="requiredAnswers" value="2" />
</AuthState>