|
|
|
# Two Factor Authentication
|
|
|
|
|
|
|
|
Two factor authentication is configured with a [script](/configuration/rules#scripts). The configuration is resolved through the ´resolveConfig´ method. An example configuration:
|
|
|
|
|
|
|
|
```javascript
|
|
|
|
var resolveConfig = function (scriptingEnv, configMap, identity, logger) {
|
|
|
|
logger.debug("Starting linotp config resolv");
|
|
|
|
|
|
|
|
for each (user in identity.getUsers()) {
|
|
|
|
if (user.getIdp().getEntityId().equals("<entity-id>")) {
|
|
|
|
logger.debug("Using alternative Linotp Server");
|
|
|
|
configMap.put("url", "<alternative-otp-server-url>");
|
|
|
|
configMap.put("realm", "idp");
|
|
|
|
configMap.put("userId", user.getAttributeStore().get("urn:oid:0.9.2342.19200300.100.1.1"));
|
|
|
|
configMap.put("reallyReadOnly", "true");
|
|
|
|
configMap.put("managementUrl", "<management-url-shown-to-user>");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
logger.debug("Other user detected: {}, {}",identity.getTwoFaUserId(), identity.getTwoFaUserName());
|
|
|
|
configMap.put("url", "https://<linotp-host>/");
|
|
|
|
configMap.put("realm", "<realm-name>");
|
|
|
|
configMap.put("username", "<linotp-user>");
|
|
|
|
configMap.put("password", "<linotp-pw");
|
|
|
|
configMap.put("adminRole", "StandardTokenRealmRole");
|
|
|
|
configMap.put("userId", identity.getTwoFaUserName());
|
|
|
|
};
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
# Two Factor Authentication
|
|
|
|
|
|
|
|
Two factor authentication is configured with a [script](/configuration/rules#scripts). The configuration is resolved through the ´resolveConfig´ method. The script must be configured in the global configuration (/admin/config/index.xhtml) as "linotp_resolve_config" and the name of the script. To show the MFA link in the navigation bar, configure the option "show_twofa" to "true".
|
|
|
|
|
|
|
|
An example configuration:
|
|
|
|
|
|
|
|
```javascript
|
|
|
|
var resolveConfig = function (scriptingEnv, configMap, identity, logger) {
|
|
|
|
logger.debug("Starting linotp config resolv");
|
|
|
|
|
|
|
|
for each (user in identity.getUsers()) {
|
|
|
|
if (user.getIdp().getEntityId().equals("<entity-id>")) {
|
|
|
|
logger.debug("Using alternative Linotp Server");
|
|
|
|
configMap.put("url", "<alternative-otp-server-url>");
|
|
|
|
configMap.put("realm", "idp");
|
|
|
|
configMap.put("userId", user.getAttributeStore().get("urn:oid:0.9.2342.19200300.100.1.1"));
|
|
|
|
configMap.put("reallyReadOnly", "true");
|
|
|
|
configMap.put("managementUrl", "<management-url-shown-to-user>");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
logger.debug("Other user detected: {}, {}",identity.getTwoFaUserId(), identity.getTwoFaUserName());
|
|
|
|
configMap.put("url", "https://<linotp-host>/");
|
|
|
|
configMap.put("realm", "<realm-name>");
|
|
|
|
configMap.put("username", "<linotp-user>");
|
|
|
|
configMap.put("password", "<linotp-pw");
|
|
|
|
configMap.put("adminRole", "StandardTokenRealmRole");
|
|
|
|
configMap.put("userId", identity.getTwoFaUserName());
|
|
|
|
};
|
|
|
|
``` |
|
|
\ No newline at end of file |
