Trace:
Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
jvx:server:security:mfa [2022/11/18 12:50] admin |
jvx:server:security:mfa [2022/11/18 14:01] admin |
||
---|---|---|---|
Line 42: | Line 42: | ||
The important thing is the authenticator. The ''TextInputMFAuthenticator'' creates a password/code for confirmation. It sends the code via ''notificationhandler''. The default implementation sends an email. It's possible to create your own notification handler to send the code as SMS or use a different communication channel. | The important thing is the authenticator. The ''TextInputMFAuthenticator'' creates a password/code for confirmation. It sends the code via ''notificationhandler''. The default implementation sends an email. It's possible to create your own notification handler to send the code as SMS or use a different communication channel. | ||
+ | |||
+ | The default implementation is ''com.sibvisions.rad.server.security.mfa.auth.DefaultTextInputNotificationHandler''. It reads the mail server configuration from config.xml: | ||
+ | |||
+ | <file xml> | ||
+ | <mail> | ||
+ | <smtp> | ||
+ | <host>mail.server.com</host> | ||
+ | <port>587</port> | ||
+ | <username>user</username> | ||
+ | <password>pwd</password> | ||
+ | <tlsenabled>true</tlsenabled> | ||
+ | <defaultsender>Noreply <noreply@server.com></defaultsender> | ||
+ | </smtp> | ||
+ | </mail> | ||
+ | </file> | ||
+ | |||
+ | The email is configured as template. The standard templates are located in package ''/com/sibvisions/rad/server/security/mfa/auth/''. If you create custom templates, define your own package via ''searchpath'': | ||
+ | |||
+ | <file xml> | ||
+ | <authenticator> | ||
+ | <searchpath>com/myapp/mfa/auth</searchpath> | ||
+ | </authenticator | ||
+ | </file> | ||
+ | |||
+ | The template mechanism loads different files. The first one is the translation file and the second one is the template html: | ||
+ | |||
+ | * package/translation_mfa_<language_code>.xml | ||
+ | * package/translation_mfa.xml (fallback: if no language specific xml file was found) | ||
+ | * package/confirmationcode_<language_code>.html | ||
+ | * package/confirmationcode.html (fallback: if no language specific html file was found) | ||
+ | |||
+ | The template should contain placeholders: [CONFIRMATION_CODE], [TIMEOUT].\\ | ||
+ | This placehoders will be replaced with generated values. | ||
+ | |||
+ | If no template was found, a standard email with following text will be sent: | ||
+ | |||
+ | <file html> | ||
+ | Confirmation code: [CONFIRMATION_CODE] is valid for [TIMEOUT] seconds | ||
+ | </file> | ||
+ | |||
+ | The UI will look like this screenshot: | ||
+ | |||
+ | {{:jvx:server:security:textinput.png?nolink&400|}} | ||
+ | |||
+ | The ''TextInputMFAuthenticator'' is one of three default authenticators. The other two are | ||
+ | |||
+ | * ''com.sibvisions.rad.server.security.mfa.auth.WaitMFAuthenticator'' | ||
+ | * ''com.sibvisions.rad.server.security.mfa.auth.AbstractURLMFAuthenticator'' | ||
+ | |||
+ | If you configure the ''WaitMFAuthenticator'', the UI will look like this screenshot: | ||
+ | |||
+ | {{:jvx:server:security:wait.png?nolink&400|}} |