KOBIL eTAN
KOBIL eTan
The main task of this execution is to verify the email and also support AST Service as well as SSMS based installations.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To access the config of the execution press the Actions button and select Config. The authenticator configuration screen will appear. Then enter your config data.
Configuration
Parameters involved in KOBIL eTan execution
| Parameter | Description |
|---|---|
| ID | Unique system UUID, which will be assigned automatically. |
| Alias | Display name of configuration, which occurs in authentication flow. (Example: Email Confirmation) |
| Authentication Flow Type | Type of flow for which the authenticator is used. (Example: Reset-credentials) |
| User Identity attribute | User property to identify the user for login validation. Default : Email. |
| User Attribute | User attribute value selected for login validation. This should be set only if the User Identity Attribute value is "user attribute". |
| Enable Password Check | If enable this will turn on password verification against IDP Provider credentials. |
| Reset Bruteforce failure count | If enabled the Bruteforce failure count will be set to 0 on successful login. |
| Invalid User ID message | Message to be displayed when the user ID is invalid or user not found. |
| Invalid credentials message | Message to be displayed when the user credentials invalid. For default invalid username or password. |
| User disabled message | Message to be displayed when the user is disabled. Default Message: User is currently disabled, please contact admin. |
| User temporarily locked message | Message to be displayed when the user is temporarily locked. Example: User is temporarily locked for %time% minutes. |
| ACR value | This ACR value will be set in the end, if verification succeeds |
| AMR value | This AMR value will be set in the end, if verification succeeds |
| Show Success Popup Screen | Enable to show success popup in the flow. |
| Success Popup Title | Text wil be displayed in the success popup title. |
| Success Popup Description | Text wil be displayed in the success popup body. |
| Email Verification Code Length | Length of the Email Verification code. The default value is 6. |
| Email Verification Code TTL | Provide the validity of the verification code. (Example: for days 2d, for hours 2h, for secs 2s.) Default value is 1h. |
| Email OTP Expired Message | Message to be displayed when the user enters expired OTP. |
| Show Email Confirmation | Enable to show email confirmation view. |
| Retry Attempt Exceeded | To display the retry exceeded message along with the timer. |
| OTP temporarily locked message | Message to be displayed when the OTP resend option is temporarily locked. |
| Reset OTP Bruteforce failure count | Enable to reset OTP Brute Force failure count on successful login. It is disabled by default. |
| REG Enable Session OTP brute force | Enable the Session OTP brute force. Enabled only for the Registration flow. |
| REG Max Session OTP Resend | Number of re-tries a user is allowed to do. (Example: 10, Default: 5). Used only in the Registration flow. |
| Allow non-existent user | If enabled, non-existent user will not get blocked instead the user will be redirected to OTP page to not reveal whether the user has an account. |
| REG Max Session OTP Resend | Number of re-tries a user is allowed to do. (Example: 10, Default: 5). Used only in the Registration flow |
| REG Wait Increment | Wait time (in seconds) for the user, if the user gets locked. (Example: 3600, Default: 5). Value has to be in seconds. |
| Resend Interval Duration | Enter the duration for for Resend code interval. |
| JSON Script | JSON to display inputs in Headless V2 theme. |
User Flow
Execution Flow
This execution contains the following main steps:
- KOBIL eTan must be preceded by another authenticator since it procures a user from this precedent Authenticator. For instance: KOBIL Configure User Identity for user identification. This execution will be used in the registration flow.