REST Second Factor
This plugin can be used to append a second factor authentication device
like SMS or OTP. It uses an external web service to submit and validate
the second factor.
Configuration
All parameters are set in “General Parameters » Portal Parameters »
Second Factors » REST 2nd Factor”.
- Activation
- Code regex: regular expression to create an OTP code. If this option is
set, LemonLDAP::NG will generate the code and send it through the Init URL,
then verify it internally.
- Init URL (optional): REST URL to initialize dialog (send
OTP). Leave it blank if your API doesn’t need any initialization
- Init arguments: list of arguments to send (see below)
- Verify URL (required): REST URL to verify code
- Verify arguments: list of arguments to send (see below)
- Re-send interval: Set this to a non-empty value to allow the user to
re-send the code in case a transmission error occured. The value sets how
many seconds the user has to wait before each attempt
- Authentication level (Optional): if you want to overwrite the
value sent by your authentication module, you can define here the new
authentication level. Example: 5
- Label (Optional): label that should be displayed to the user on
the choice screen
- Logo (Optional): logo file (in static/<skin> directory)
Arguments
Arguments are a list of key/value. Key is the name of JSON entry, value
is attribute or macro name.
REST Dialog
REST web services have just to reply with a “result” key in a JSON file.
Auth/UserDB can add an “info” array. It will be stored in session data
(without reading “Exported variables”).
If Code regex is set
URL |
Query |
Response |
Init URL |
JSON body: {"user":$user,"code":"$code",...} |
JSON body: {"result":true/false} |
The Verify URL is not called, since the code is checked against the internally saved value
If Code regex is not set
URL |
Query |
Response |
Init URL |
JSON body: {"user":$user,...} |
JSON body: {"result":true/false} |
Verify URL |
JSON body: {"user":$user,"code":"$code",...} |
JSON body: {"result":true/false} |