Skip to main content
Version: 4.18.1



The main task of this execution is to authenticate the user based on accepting or declining a confirmation message called a transaction.


ProtocolOpenID Connect 1.0
HTTP methodGET
TypeBrowser Flow
EndpointAuthorization Endpoint
Flow SupportedAuthorization code flow
Implicit flow
Hybrid flow
ResponseID Token, Access Token, Refresh Token
Response Modequery, form_post, fragment

How to configure

To access the config of the execution press the Actions button and select Config. The authenticator configuration screen will appear. Then enter your config data.



Parameters involved in KOBIL AST TMS
AliasDisplay name of configuration, which occurs in authentication flow. (Example: User Group)
Enable Update MLoAEnable to update device authentication levels or not configuration.
Display Stale Device Cleaner PopupEnable to notify the device name which has been already registered in the AST.
Execute based on ACR flow typeIf enabled, execution will be based on the session data.
TMS Timeout TMS timeout for transaction process.
Retrieval TimeoutDuration of the transaction.
Require Explicit AuthenticationWhether the TMS result must be submitted with an specifically authenticated token.
Require Freshness of Authentication The maximum age in seconds the access token may have when submitting the TMS result. Default value is -1 to omit this requirement.
Audit MessageAn optional message that is written to auditing.
Enable auto polling for tms resultEnable polling for tms result to get accept/decline response, else user has to manually click on validate button to get the tms result.
Enable TMS result validation with Kafka responseCheck TMS result retrieved in kafka topic before taking response from ast result endpoint, Config applies only if Poll for tms result is disabled.
Skip TMSSkip triggering TMS, when it is not a transaction flow and new device registration.
Enable broadcasting TMSEnable to initiate transactions for the latest logged-in/activated devices.
Authentication Flow Type Type of the Authentication Flow.
ACR level to list devices Devices to list for sending tms request with greater than or equal to specified ACR (Note: Not applicable for flow type Step-Up).
Skip If No Target ACR DevicesIf enabled the transaction will be skipped. Else, authenticator will be executed.
Web portal device nameConfigure the device name to be displayed in the web portal.
Enable TMS Push NotificationEnable to send contents present in the Push notification title and Push notification body.
Push notification titleConfigure the specific push notification title's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device.
Push notification bodyConfigure the specific push notification text's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device.
Show success pageEnabled to show the success page after completing the TMS flow.
Transaction Message  Message to be sent as a part of TMS. Use placeholders {userid} and {token} to send login.
Skip JSON ScriptIf enabled JSON script will not be displayed.
Skip Device SelectionEnabled and device ID should present in the header so that device selection option can be skipped.
Reset flow if user abortsEnable to redirect Username Password request page.
JSON Script JSON to display inputs in Headless V2 theme.
JSON Error Script JSON to display the error messages in Headless V2 theme.


User Flow

Execution Flow

This execution contains the following main steps:

  1. KOBIL AST TMS must be preceded by 1FA since it procures a user's identity validation from this precedent Authenticator. For instance: KOBIL Login.
  2. When an user executes the flow, the user will be authenticated and the transaction will be initiated.

Note: The TMS Transaction Keys are required to trigger the transaction.