Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.3

...

  1. Open the Ubisecure Management application.

  2. Select Select Global Method Settings and  and click the New Method... button.

  3. Add New Method window opens.
    Give the method a title (external name visible to end users) and name (name for internal use).
    Set the title to Unregistered SMTP (This text is shown to end users on the login screen. Consider "Login using email code")
    Set the name to ubikey.smtp.unregistered
    Set the method type to SMTP Unregistered Unregistered. The Method Class is automatically selected.
    A directory needs to be selected only if the Directory User Mapping is required. i.e. If the email address will be used to look up an existing user from a connected user repository.
    Press OK.

    Figure 1. Adding a new unregistered SMTP method to Ubisecure SSO 
  4. In the Main page of the new method, select the Enabled checkbox to activate the new method.

  5. Add the following lines to the Configuration String field:

    Code Block
    languagetext
    mail.smtp.host=[mail server hostname]
    mail.smtp.port=[mail server port]
    mail.smtp.from=[address users see the mail coming from]

    Alternatively you can refer to a JNDI mail session, which are configured in file Configure the email service for sending the OTP. 

    For production systems, a JNDI mail session must be configured in file ubilogin/custom/tomcat/mail-resources.xml. Note that it should contain only Resource-elements and no parent element. If the file needs to be updated, Tomcat must also be updated by running running ubilogin/config/tomcat/update.[sh|cmd].

    Code Block
    languagetext
    titleubilogin/custom/tomcat/mail-resources.xml
      <Resource name="mail/Session" 
    	auth="Container" 
    	type="javax.mail.Session"
            	mail.transportsmtp.protocolhost="smtp"
            mail.smtp.starttls.enable="false"
            .example.com"
    	mail.smtp.hostport="localhost465"
            	mail.smtp.portauth="25true"
            	mail.smtp.fromuser="noreply+admin@exampledonotreply@example.com"
            	password="yourPassword"
    	mail.smtp.authstarttls.enable="falsetrue"
            	mail.smtptransport.userprotocol="smtps" 
           password=""/>
    Authentication method's configuration parameter mail-session then refers
    />

    SMTPS (SMTP over TLS) should always be used in production environments.

    Next, set the parameter mail-session to refer to the mail resource's name attribute in the Configuration String field .

    Code Block
    languagetext
    mail-session=mail/Session

    An alternative solution for test or development is to add the following lines directly to the Configuration String field:

    Code Block
    languagetext
    mail.smtp.host=[mail server hostname]
    mail.smtp.port=[mail server port]
    mail.smtp.from=[address users see the mail coming from]

    Note that if you define both, then mail-session takes  takes the precedence and any any mail.smtp.* is  is completely ignored.

    If none is set, then the default setting setting mail-session=mail/Session will  will be used.

    When using SMTP unregistered method for smtp-otp unregistered grant, the otp timeout can be optionally configured to the method by adding the following line to configuration string.

    Code Block
    languagetext
    policy.oauth.otp.timeout=[timeout in minutes]

    When an OTP is sent from the interactive login screen via the user interface, validity time (timeout) is always 10 minutes. 

  6. Configure UI Text and email text

    The variable {0} will be replaced with the verification code, which is expected to be given by the user.

    The message, that is shown on the SSO UI screen during the authentication, can be set using the tag SMTP_UNREGISTERED_TEXT in the localization files. Please refer to the the Login UI Customization Guide

    Code Block
    languagetext
    titleListing 1. Customizing and localizing message text
    SMTP_HEADER = Your one time password for entry
    SMTP_TEXT = Your one time password is {0}
    SMTP_TEXT_CONTENT_TYPE = text/plain

    Note that when using OAuth 2.0 SMS-MT-OTP and SMTP-OTP grant, these can be overridden by setting the the x_globalsign_iam_otp_title and/or , x_ubisecure_otp_content_type and/or x_globalsign_iam_otp_body parameters parameters. We support two content types for emails: text/plain and text/html.

  7. The method is now installed. Complete the configuration and access control.

After completing these settings, Ubisecure Server is configured to use unregistered SMTP as an authentication method.

Additional parameters

Info
titleSSO 8.3.3

In SSO version 8.3.3 token formatting parameters were added.

tokenPattern

The tokenPattern parameter is defined in the authentication method's Configuration String view. This parameter defines how the one-time password should be formatted in a friendly way that is easy for a person to process. Acceptable values hold only pound characters (#) and spaces, where each pound sign represents an individual number from the one-time password and spaces represent themselves, any other characters in configuration string will revert to default behavior. One-Time passwords consist typically of 8 numbers that are printed in 4-number sequences (e.g. 1234 5678). In case you want to sequence them differently, you can use the tokenPattern configuration option to produce any kind of sequencing. For example, the configuration: "tokenPattern=## ### ## #" would change the formatting of the one-time password "1234 5678" to "12 345 67 8".

tokenLength:

The generated token's length is, by default, 8 digits. This can be modified using the tokenLength parameter. Generated tokens are split, by default, to sequences of four digits in order to make the token more easy to copy. Note that spaces are completely disregarded in token validation - they are there only to make the process more user friendly. The minimum allowed length is 4 digits - if the token is parameterized any shorter, then the default value will apply.

Configuring Ubisecure Unregistered SMTP for Users and Web Applications

...

For detailed instructions for configuring authentication methods, please refer to the page page Management user interface - SSO.

...