This topic has 2 replies, 2 voices, and was last updated 4 years, 7 months ago by 
-
Posts
-
Hi,
We have a requirement for configuring 2 factor authentication using OpenAM.
Stage1 Auth: LDAP auth
Stage2 Auth: using OTP
We have configured the authentication chain in OpenAM13 with auth modules for LDAP (as required) & OAuthHOTP (as required) and it works fine as OOTB behaviour, i.e. every time a user tries to log in, he is prompted to first enter his LDAP credentials and then verify the OTP sent to him via email.However, our requirement is, that the OTP generated should remain valid for 2 days and
when a user who has once verified its OTP, tries to login again within 2 days, he should not be prompted to enter the OTP again.Any pointers to achieve this would be highly helpful.
Thanks!Hi,
You should be able to configure the OTP validation length to 2880 minutes to allow them to be valid for 2 days.
To allow a user to login for the next 2 days after using the OTP you can use the Adaptive Risk module as Sufficient before the HOTP module and activate the last login time condition. Note that this stores the last login time in an encrypted cookie on the client so will be unique to that client. Otherwise you could achieve the same with a scripted auth module that checks the last login time via an attribute in the user profile.
You must be logged in to reply to this topic.
