twofa/basic.md

@@ -29,3 +29,36 @@ var resolveConfig = function (scriptingEnv, configMap, identity, logger) {
         configMap.put("userId", identity.getTwoFaUserName());
 };
 ```
+
+A more sophisticated example, with possible linked accounts and OIDC OPs:
+
+```javascript
+var resolveConfig = function (scriptingEnv, configMap, identity, logger) {
+        logger.debug("Starting linotp config resolv");
+
+        configMap.put("url", "https://<linotp-host>/");
+
+        for each (user in identity.getUsers()) {
+			if (user instanceof Java.type("edu.kit.scc.webreg.entity.SamlUserEntity")) {
+                if (user.getIdp().getEntityId().equals("<entity-id>")) {
+                    logger.debug("Using alternative Linotp Server");
+					configMap.put("realm", "<alt-realm-name>");
+					configMap.put("username", "<alt-linotp-user>");
+					configMap.put("password", "<alt-linotp-pw");
+                    configMap.put("userId", user.getAttributeStore().get("urn:oid:0.9.2342.19200300.100.1.1"));
+                    configMap.put("readOnly", "true");
+                    configMap.put("managementUrl", "<management-url-shown-to-user>");
+                    return;
+                }
+            }
+        }
+
+        logger.debug("Other User detected: {}, {}",identity.getTwoFaUserId(), identity.getTwoFaUserName());
+        configMap.put("realm", "<realm-name>");
+        configMap.put("username", "<linotp-user>");
+        configMap.put("password", "<linotp-pw");
+        configMap.put("adminRole", "StandardTokenRealmRole");
+        configMap.put("userId", identity.getTwoFaUserName());
+};
+```
+