...
- In the Main page of the new method, select the Enabled checkbox to activate the new method.
Configure the email service for sending the OTP.
For production systems, a JNDI mail session must be configured in fileubilogin/custom/tomcat/mail-resources.xml
. Note that it should contain only Resource-elements and no parent element. If the file needs to be updated, Tomcat must also be updated by runningubilogin/config/tomcat/update.[sh|cmd]
.Code Block language text title ubilogin/custom/tomcat/mail-resources.xml <Resource name="mail/Session" auth="Container" type="javax.mail.Session" mail.smtp.host="smtp.example.com" mail.smtp.port="465" mail.smtp.auth="true" mail.smtp.user="donotreply@example.com" password="yourPassword" mail.smtp.starttls.enable="true" mail.transport.protocol="smtps" />
SMTPS (SMTP over TLS) should always be used in production environments.
Next, set the parametermail-session
to refer to the mail resource's name attribute in the Configuration String field.Code Block language text mail-session=mail/Session
An alternative solution for test or development is to add the following lines directly to the Configuration String field:
Code Block language text mail.smtp.host=[mail server hostname] mail.smtp.port=[mail server port] mail.smtp.from=[address users see the mail coming from]
Note that if you define both, then
mail-session
takes the precedence and anymail.smtp.*
is completely ignored.If none is set, then the default setting
mail-session=mail/Session
will be used.When using SMTP unregistered method for smtp-otp unregistered grant, the otp timeout can be optionally configured to the method by adding the following line to configuration string.
Code Block language text policy.oauth.otp.timeout=[timeout in minutes]
When an OTP is sent from the interactive login screen via the user interface, validity time (timeout) is always 10 minutes.
Configure UI Text and email text
The variable {0} will be replaced with the verification code, which is expected to be given by the user.
The message, that is shown on the SSO UI screen during the authentication, can be set using the tag SMTP_TEXT in the localization files. Please refer to the Login UI Customization Guide
Code Block language text title Listing 1. Customizing and localizing message text SMTP_HEADER = Your one time password for entry SMTP_TEXT = Your one time password is {0} SMTP_TEXT_CONTENT_TYPE = text/plain
Note that when using OAuth 2.0 SMS-MT-OTP and SMTP-OTP grant, these can be overridden by setting the x_globalsign_iam_otp_title, x_ubisecure_otp_content_type and/or x_globalsign_iam_otp_body parameters. We support two content types for emails:
text/plain
andtext/html
.- The method is now installed. Complete the configuration and access control.
...