KOBIL AST TMS
KOBIL AST TMS
The main task of this execution is to authenticate the user based on accepting or declining a confirmation message called a transaction.
Type
Protocol | OpenID Connect 1.0 |
---|---|
HTTP method | GET |
Type | Browser Flow |
Endpoint | Authorization Endpoint |
Flow Supported | Authorization code flow Implicit flow Hybrid flow |
Response | ID Token, Access Token, Refresh Token |
Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Actions
button and select Config
. The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL AST TMS
Parameter | Description |
---|---|
Alias | Display name of configuration, which occurs in authentication flow. (Example: User Group) |
Enable Update MLoA | Enable to update device authentication levels or not configuration. |
Display Stale Device Cleaner Popup | Enable to notify the device name which has been already registered in the AST. |
Execute based on ACR flow type | If enabled, execution will be based on the session data. |
TMS Timeout | TMS timeout for transaction process. |
Retrieval Timeout | Duration of the transaction. |
Require Explicit Authentication | Whether the TMS result must be submitted with an specifically authenticated token. |
Require Freshness of Authentication | The maximum age in seconds the access token may have when submitting the TMS result. Default value is -1 to omit this requirement. |
Audit Message | An optional message that is written to auditing. |
Enable auto polling for tms result | Enable polling for tms result to get accept/decline response, else user has to manually click on validate button to get the tms result. |
Enable TMS result validation with Kafka response | Check TMS result retrieved in kafka topic before taking response from ast result endpoint, Config applies only if Poll for tms result is disabled. |
Skip TMS | Skip triggering TMS, when it is not a transaction flow and new device registration. |
Enable broadcasting TMS | Enable to initiate transactions for the latest logged-in/activated devices. |
Authentication Flow Type | Type of the Authentication Flow. |
ACR level to list devices | Devices to list for sending tms request with greater than or equal to specified ACR (Note: Not applicable for flow type Step-Up). |
Skip If No Target ACR Devices | If enabled the transaction will be skipped. Else, authenticator will be executed. |
Web portal device name | Configure the device name to be displayed in the web portal. |
Enable TMS Push Notification | Enable to send contents present in the Push notification title and Push notification body . |
Push notification title | Configure the specific push notification title's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device. |
Push notification body | Configure the specific push notification text's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device. |
Show success page | Enabled to show the success page after completing the TMS flow. |
Transaction Message | Message to be sent as a part of TMS. Use placeholders {userid} and {token} to send login. |
Skip JSON Script | If enabled JSON script will not be displayed. |
Skip Device Selection | Enabled and device ID should present in the header so that device selection option can be skipped. |
Reset flow if user aborts | Enable to redirect Username Password request page. |
JSON Script | JSON to display inputs in Headless V2 theme. |
JSON Error Script | JSON to display the error messages in Headless V2 theme. |
User Flow
Execution Flow
This execution contains the following main steps:
- KOBIL AST TMS must be preceded by 1FA since it procures a user's identity validation from this precedent Authenticator. For instance: KOBIL Login.
- When an user executes the flow, the user will be authenticated and the transaction will be initiated.
Note: The TMS Transaction Keys are required to trigger the transaction.