Versions Compared

Old Version 2

changes.mady.by.user Arto Vainiolehto

Saved on

compared with

New Version Current

changes.mady.by.user John Jellema

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. In the Main page of the new method, select the Enabled checkbox to activate the new method.

  2. Configure the email service for sending the OTP. 

    For production systems, a JNDI mail session must be configured in file ubilogin/custom/tomcat/mail-resources.xml. Note that it should contain only Resource-elements and no parent element. If the file needs to be updated, Tomcat must also be updated by running ubilogin/config/tomcat/update.[sh|cmd].

    Code Block
    languagetext
    titleubilogin/custom/tomcat/mail-resources.xml
    <Resource name="mail/Session" 
	auth="Container" 
	type="javax.mail.Session"
	mail.smtp.host="smtp.example.com"
	mail.smtp.port="465"
	mail.smtp.auth="true"
	mail.smtp.user="donotreply@example.com"
	password="yourPassword"
	mail.smtp.starttls.enable="true"
	mail.transport.protocol="smtps" 
/>

    SMTPS (SMTP over TLS) should always be used in production environments.

    Next, set the parameter mail-session to refer to the mail resource's name attribute in the Configuration String field.

    Code Block
    languagetext
    mail-session=mail/Session

    An alternative solution for test or development is to add the following lines directly to the Configuration String field:

    Code Block
    languagetext
    mail.smtp.host=[mail server hostname]
mail.smtp.port=[mail server port]
mail.smtp.from=[address users see the mail coming from]

    Note that if you define both, then mail-session takes the precedence and any mail.smtp.* is completely ignored.

    If none is set, then the default setting mail-session=mail/Session will be used.

    When using SMTP unregistered method for smtp-otp unregistered grant, the otp timeout can be optionally configured to the method by adding the following line to configuration string.

    Code Block
    languagetext
    policy.oauth.otp.timeout=[timeout in minutes]

    When an OTP is sent from the interactive login screen via the user interface, validity time (timeout) is always 10 minutes. 

  3. Configure UI Text and email text

    The variable {0} will be replaced with the verification code, which is expected to be given by the user.

    The message, that is shown on the SSO UI screen during the authentication, can be set using the tag SMTP_TEXT in the localization files. Please refer to the Login UI Customization Guide

    Code Block
    languagetext
    titleListing 1. Customizing and localizing message text
    SMTP_HEADER = Your one time password for entry
SMTP_TEXT = Your one time password is {0}
SMTP_TEXT_CONTENT_TYPE = text/plain

    Note that when using OAuth 2.0 SMS-MT-OTP and SMTP-OTP grant, these can be overridden by setting the x_globalsign_iam_otp_title, x_ubisecure_otp_content_type and/or x_globalsign_iam_otp_body parameters. We support two content types for emails: text/plain and text/html.

  4. The method is now installed. Complete the configuration and access control.

...