Versions Compared

Old Version 1

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user John Jellema

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

...

  • Add Title e.g: Acme Authenticator
  • Add name e.g: acme.totp.1
  • Choose Method Type: SPI TOTP

Image Modified

In the Directory selection choose the Directory Service where user accounts are stored. TOTP method supports all directory types including SQL directories.

...

Then, select the tab "SPI TOTP" to configure the TOTP specific settings.

Image Modified

Management API

The same configuration as above can be created using the Management API. You need to do two separate calls to configure the method and link it to a directory.

/sso-api/method/acme.totp.1

MethodDescriptionExample payload
PUT

Create or update TOTP method.

If configuration values are left out the defaults from below will be used.

methodType=SPI TOTP
className=ubilogin.method.provider.spi.DirectoryTOTPMethod
title=Acme Authenticator
configuration=totpAlgorithm HmacSHA1
configuration=totpKeySize 20
configuration=totpT0 0
configuration=totpTimeStep 30000
configuration=totpDigits 6
configuration=totpWindowBefore 1
configuration=totpWindowAfter 0

/sso-api/directory/Ubilogin%20Directory/$link/method/acme.totp.1

MethodDescriptionExample payload
PUTLink a directory to the authentication methodNo actual payload as the parameters Ubilogin Directory and acme.totp.1 are URL encoded in path variables.


Configuration explanations

...

Number time steps in the past with valid codes. Can be a number between 0 and 9. Default is 1.

API key: totpWindowBefore

TOTP Future Window

Number time steps in the future with valid codes. Can be a number between 0 and 9. Default is 0.

API key: totpWindowAfter

TOTP Key Generation Configuration

...

The length of TOTP codes in digits. Can be a number between 4 and 8. Default is 6.

API key: totpDigits

TOTP Algorithm

The algorithm in which the TOTP algorithm is based on. Can be either HmacSHA1, HmacSHA256 or HmacSHA512. Default is HmacSHA1.

API key: totpAlgorithm

T0

The Unix time in milliseconds to start counting time steps. Default is 0.

API key: totpT0

Time Step

The duration of one time step in milliseconds. Default is 30000.

API key: totpTimeStep

Key Size

The length of generated keys in bytes. Can be a number between 10 and 99. Default is 20.

API key: totpKeySize

After Configuring the TOTP Method

...

The TOTP specific user information is stored in the built-in Ubisecure Directory regardless of the directory. However TOTP secrets can be managed from Management UI for Ubilogin Directory users only.

Info

For other directories like SQL directory or external LDAP directory you need to use the TOTP API for managing the secrets

When using Active Directory, you must ensure that the directory.schema=Active Directory. Setting directory.schema=Generic will not work. 

In order to activate TOTP authentication method for an Ubilogin Directory user, you must first:

...

After that you can open the TOTP authentication method configuration window for the User, which is shown below.

Image Modified

Manage TOTP authentication method for a Ubilogin Directory user

In TOTP authentication method configuration window for the User you can either:

...