twofa/basic.md

+# Two Factor Authentication
+
+Two factor authentication is configured with a (script)[/configuration/scripts]. 
+
+```javascript
+var resolveConfig = function (scriptingEnv, configMap, identity, logger) {
+        logger.debug("Starting linotp config resolv");
+
+
+        for each (user in identity.getUsers()) {
+                if (user.getIdp().getEntityId().equals("<entity-id>")) {
+                       logger.debug("Using KIT Linotp Server");
+					   configMap.put("url", "<alternative-otp-server-url>");
+                       configMap.put("realm", "idp");
+                       configMap.put("userId", user.getAttributeStore().get("urn:oid:0.9.2342.19200300.100.1.1"));
+                       configMap.put("reallyReadOnly", "true");
+                       configMap.put("managementUrl", "<management-url-shown-to-user>");
+                       return;
+                }
+        }
+
+        logger.debug("Other user detected: {}, {}",identity.getTwoFaUserId(), identity.getTwoFaUserName());
+        configMap.put("url", "https://<linotp-host>/");
+        configMap.put("realm", "<realm-name>");
+        configMap.put("username", "<linotp-user>");
+        configMap.put("password", "<linotp-pw");
+        configMap.put("adminRole", "StandardTokenRealmRole");
+        configMap.put("userId", identity.getTwoFaUserName());
+};
+
+```
\ No newline at end of file