KOBIL AST TMS
KOBIL AST TMS
The main task of this execution is to authenticate the user based on accepting or declining a confirmation message called a transaction.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Actions button and select Config. The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL AST TMS
| Parameter | Description |
|---|---|
| Alias | Display name of configuration, which occurs in authentication flow. (Example: User Group) |
| Enable Update MLoA | Enable to update device authentication levels or not configuration. |
| Display Stale Device Cleaner Popup | Enable to notify the device name which has been already registered in the AST. |
| Execute based on ACR flow type | If enabled, execution will be based on the session data. |
| TMS Timeout | TMS timeout for transaction process. |
| Retrieval Timeout | Duration of the transaction. |
| Require Explicit Authentication | Whether the TMS result must be submitted with an specifically authenticated token. |
| Require Freshness of Authentication | The maximum age in seconds the access token may have when submitting the TMS result. Default value is -1 to omit this requirement. |
| Audit Message | An optional message that is written to auditing. |
| Enable auto polling for tms result | Enable polling for tms result to get accept/decline response, else user has to manually click on validate button to get the tms result. |
| Enable TMS result validation with Kafka response | Check TMS result retrieved in kafka topic before taking response from ast result endpoint, Config applies only if Poll for tms result is disabled. |
| Skip TMS | Skip triggering TMS, when it is not a transaction flow and new device registration. |
| Enable broadcasting TMS | Enable to initiate transactions for the latest logged-in/activated devices. |
| Authentication Flow Type | Type of the Authentication Flow. |
| ACR level to list devices | Devices to list for sending tms request with greater than or equal to specified ACR (Note: Not applicable for flow type Step-Up). |
| Skip If No Target ACR Devices | If enabled the transaction will be skipped. Else, authenticator will be executed. |
| Web portal device name | Configure the device name to be displayed in the web portal. |
| Enable TMS Push Notification | Enable to send contents present in the Push notification title and Push notification body. |
| Push notification title | Configure the specific push notification title's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device. |
| Push notification body | Configure the specific push notification text's message key to fetch value from Realm localization with locale support or message bundles will send actual title text to the Master device. |
| Show success page | Enabled to show the success page after completing the TMS flow. |
| Transaction Message | Message to be sent as a part of TMS. Use placeholders {userid} and {token} to send login. |
| Skip JSON Script | If enabled JSON script will not be displayed. |
| Skip Device Selection | Enabled and device ID should present in the header so that device selection option can be skipped. |
| Reset flow if user aborts | Enable to redirect Username Password request page. |
| JSON Script | JSON to display inputs in Headless V2 theme. |
| JSON Error Script | JSON to display the error messages in Headless V2 theme. |
User Flow
Execution Flow
This execution contains the following main steps:
- KOBIL AST TMS must be preceded by 1FA since it procures a user's identity validation from this precedent Authenticator. For instance: KOBIL Login.
- When an user executes the flow, the user will be authenticated and the transaction will be initiated.
Note: The TMS Transaction Keys are required to trigger the transaction.