Skip to end of metadata
  • Created by Former user, last modified on 2018-12-28
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

System Requirements

  • Ubisecure SSO version 6.x or later
  • Access to an SMTP mail server

Configuring the Unregistered SMTP Method

SMTP methods are configured in Ubisecure SSO Server in a similar way to other authentication methods.
To configure the SMTP method in Ubisecure SSO:

  1. Open the Ubisecure Management application.

  2. Select Global Method Settings and click the New Method... button.

  3. Add New Method window opens.
    Give the method a title (external name visible to end users) and name (name for internal use).
    Set the title to Unregistered SMTP (This text is shown to end users on the login screen. Consider "Login using email code")
    Set the name to ubikey.smtp.unregistered
    Set the method type to SMTP Unregistered. The Method Class is automatically selected.
    A directory needs to be selected only if the Directory User Mapping is required. i.e. If the email address will be used to look up an existing user from a connected user repository.
    Press OK.

    Figure 1. Adding a new unregistered SMTP method to Ubisecure SSO 
  4. In the Main page of the new method, select the Enabled checkbox to activate the new method.

  5. Add the following lines to the Configuration String field:

    mail.smtp.host=[mail server hostname]
mail.smtp.port=[mail server port]
mail.smtp.from=[address users see the mail coming from]

    Alternatively you can refer to a JNDI mail session, which are configured in file ubilogin/custom/tomcat/mail-resources.xml. Note that it should contain only Resource-elements and no parent element. If the file needs to be updated, Tomcat must also be updated by running ubilogin/config/tomcat/update.[sh|cmd].

    ubilogin/custom/tomcat/mail-resources.xml
      <Resource name="mail/Session" auth="Container" type="javax.mail.Session"
        mail.transport.protocol="smtp"
        mail.smtp.starttls.enable="false"
        mail.smtp.host="localhost"
        mail.smtp.port="25"
        mail.smtp.from="noreply+admin@example.com"
        mail.smtp.auth="false"
        mail.smtp.user=""
        password=""/>

    Authentication method's configuration parameter mail-session then refers to the mail resource's name attribute.

    mail-session=mail/Session

    Note that if you define both, then mail-session takes the precedence and any mail.smtp.* is completely ignored.

    If none is set, then the default setting mail-session=mail/Session will be used.

    When using SMTP unregistered method for smtp-otp unregistered grant, the otp timeout can be optionally configured to the method by adding the following line to configuration string.

    policy.oauth.otp.timeout=[timeout in minutes]

    When an OTP is sent from the interactive login screen via the user interface, validity time (timeout) is always 10 minutes. 

  6. Configure UI Text and email text

    The variable {0} will be replaced with the verification code, which is expected to be given by the user.

    The message, that is shown on the SSO UI screen during the authentication, can be set using the tag SMTP_UNREGISTERED_TEXT in the localization files. Please refer to the Login UI Customization Guide

    Listing 1. Customizing and localizing message text
    SMTP_HEADER = Your one time password for entry
SMTP_TEXT = Your one time password is {0}

    Note that when using OAuth 2.0 SMS-MT-OTP and SMTP-OTP grant, these can be overridden by setting the x_globalsign_iam_otp_title and/or x_globalsign_iam_otp_body parameters.

    SSO 8.3.2

    In version 8.3.2 we introduced a new language key SMTP_TEXT_CONTENT_TYPE and OAuth 2.0 extension x_ubisecure_otp_content_type for supporting defining the content type of the sent email messages. The valid values are: text/plain and text/html.

  7. The method is now installed. Complete the configuration and access control.

After completing these settings, Ubisecure Server is configured to use unregistered SMTP as an authentication method.

Configuring Ubisecure Unregistered SMTP for Users and Web Applications

After installing and configuring the unregistered SMTP authentication method for the Ubisecure Server, use Ubisecure Management to configure the authentication method for an application. The unregistered SMTP method must be enabled at the system, site and application levels. An access control group should be created for users of this method and added to the Allowed To settings of the target application.

For detailed instructions for configuring authentication methods, please refer to the page Management user interface - SSO.

Logging In First Time with the Unregistered SMTP Authentication Method

Ubisecure Server sends an eight digit one-time password to the user email address through the configured mail server.

The user receives an email containing an eight digit code. The number must be entered in the One-Time Password field.

If the number is correct, login succeeds.

  • No labels

Ubisecure Privacy Policy & Cookie Statement