IdmShareOTPState
This AuthState is a processing AuthState.
This IDM auth plug-in is used for exposing OATH credentials to the user.
Topic | Description |
---|---|
Class | ch.nevis.idm.authstate.IdmShareOTPState |
Logging | IdmAuth |
Marker | None |
Properties | credential.id: The extId of the credential for which the QR code of the credential needs to be displayed. (Required) |
resultCondition: The condition when the attributes should be cleared from the session and the transition OK should be set. The default configuration is triggered if the "inargs" parameter "result" is set. This is equivalent to clicking a button with the name "result". Default: "${inargs:result}" | |
client.name (defined in the chapter "Default input properties") | |
Methods | process (all events) |
Input | |
Transitions | ok: The secret was shared successfully. |
failed: The authentication failed. More info can be found in the error attributes of the response and in the log. | |
showGui: The QR code is fetched successfully and put in the session for displaying. This transition is deprecated. Use the default transition instead. | |
secretAlreadyShared: The secret of the OATH credential was already shared. It is not possible to share it again. | |
noCredential: The user does not have a credential with the specified type in nevisIDM. Use transition to fallback to another (strong) authentication mechanism. | |
clientNotFound: No client was provided or no client was found with the provided name or extId. | |
Output | The following attributes will be written into notes after successful retrieval:
|
Errors | 1: client not found; 11: no credential; 11: credential is already shared; 11: No credential or the credential does not belongs to the authenticated user. |
Example
<AuthState name="ShareOATH" class="ch.nevis.idm.authstate.IdmShareOTPState"
final="false">
<ResultCond name="ok" next="IdmPostProcessing" />
<ResultCond name="failed" next="FailedToShareOATH" />
<ResultCond name="noCredential" next="NoCredentialExists"/>
<ResultCond name="secretAlreadyShared" next="OATHSharedAlready"/>
<Response value="AUTH_CONTINUE">
<Gui name="OathGui" label="Scan this QR code with your mobile device!">
<GuiElem name="lasterror" type="error" label="${notes:lasterrorinfo}" value="${notes:lasterror}" />
<GuiElem name="qrcodeimage" type="image" value="${notes:oath_qrcode}"/>
<GuiElem name="infotext" type="info" label="Use FreeOTP or an
other HOTP/TOTP App to scan the QR code." />
<GuiElem name="result" type="button" label="gui.button.continue" value="Continue" />
</Gui>
</Response>
<property name="credential.id" value="${sess:credExtId}" />
</AuthState>