Skip to main content
Version: 7.2405.x.x LTS

Configuration of the IdmSecurityQuestionVerifyState

TopicDescription
Classch.nevis.idm.authstate.IdmSecurityQuestionVerifyState
LoggingIdmAuth
AuditingNone
MarkerNevisIDM:challenge/response
PropertiesrequiredAnswers (int, optional, default: 1) Number of questions the user must answer for successful authentication.
Methodsprocess (all events)
Inputanswer (String: "${inargs:answer}") Answer to the selected security questions.
Transitionsok: All answers were correct, user is now authenticated.
prospect: The question to be answered is stored in the session, and a dialog to answer it is shown.
noCredential: The user does not have an active security question credential.
invalidCredential: The user's security question credential does not contain enough active and unanswered questions.
lockWarn: The answer was wrong, next failure will lock the credential.
nowLocked: Last try failed, the credential is now locked.
locked: The user's security question credential is locked.
failed: The provided answer was not correct or not enough answers were provided.
clientNotFound: User uses an unsupported client ID or the "default" client ID (see input above) is not available.
Outputch.adnovum.nevisidm.sq.label: The security question that needs to be answered (in the set user language).
ch.adnovum.nevisidm.sq.answersRequired: The number of answers the user must provide until "requiredAnswers" is reached.
Errors1: Wrong answer
1: Invalid security question credential.
3: Next authentication failure will lock the account.
8: Account locked due to too many consecutive authentication failures.
8: Account was already locked.
11: Missing or inactive security question credential.
98: Account no longer exists.
98: Account or credential disabled by admin.
98: Credential archived.
98: Account or credential is not yet valid.
98: Account or credential expired.
NotesNone

Example

<AuthState name="SecurityQuestionVerify"
class="ch.nevis.idm.authstate.IdmSecurityQuestionVerifyState"
final="false" >
<ResultCond name="failed" next="SecurityQuestionVerify"/>
<ResultCond name="prospect" next="SecurityQuestionVerify"/>
<ResultCond name="ok" next="IdmPostProcessing"/>
<ResultCond name="noCredential" next="AuthError"/>
<ResultCond name="invalidCredential" next="AuthError"/>
<ResultCond name="locked" next="AuthError"/>
<ResultCond name="nowLocked" next="AuthError"/>
<ResultCond name="lockWarn" next="SecurityQuestionVerify"/>
<Response value="AUTH_CONTINUE">
<Gui name="Security Question" label="sq.verify.title.label">
<GuiElem name="lasterror" type="error"
label="${notes:lasterrorinfo}" value="${notes:lasterror}" />
<GuiElem name="answersRequired" type="info" label="Required answers left: ${sess:ch.adnovum.nevisidm.sq.answersRequired}" />
<GuiElem name="question" type="info" label="Question: ${sess:ch.adnovum.nevisidm.sq.label}" />
<GuiElem name="answer" type="text"
label="sq.verify.answer.label" />
<GuiElem name="submit" type="submit"
label="sq.verify.submit.label" />
</Gui>
</Response>
<propertyRef name="IdmCertificateWhiteList"/>
<property name="requiredAnswers" value="2" />
</AuthState>