REST Second Factor ================== This plugin can be used to append a second factor authentication device like SMS or OTP. It uses an external web service to submit and validate the second factor. Configuration ~~~~~~~~~~~~~ All parameters are set in "General Parameters » Portal Parameters » Second Factors » REST 2nd Factor". - **Activation** - **Code regex**: regular expression to create an OTP code. If this option is set, LemonLDAP::NG will generate the code and send it through the Init URL, then verify it internally. - **Init URL** *(optional)*: REST URL to initialize dialog *(send OTP)*. Leave it blank if your API doesn't need any initialization - **Init arguments**: list of arguments to send *(see below)* - **Verify URL** *(required)*: REST URL to verify code - **Verify arguments**: list of arguments to send *(see below)* - **Re-send interval**: Set this to a non-empty value to allow the user to re-send the code in case a transmission error occured. The value sets how many seconds the user has to wait before each attempt - **Authentication level** (Optional): if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5 - **Label** (Optional): label that should be displayed to the user on the choice screen - **Logo** (Optional): logo file *(in static/ directory)* Arguments --------- Arguments are a list of key/value. Key is the name of JSON entry, value is attribute or macro name. REST Dialog ----------- REST web services have just to reply with a "result" key in a JSON file. Auth/UserDB can add an "info" array. It will be stored in session data (without reading "Exported variables"). If *Code regex* is set ~~~~~~~~~~~~~~~~~~~~~~ ========== ================================================ ==================================== URL Query Response ========== ================================================ ==================================== Init URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}`` ========== ================================================ ==================================== The Verify URL is not called, since the code is checked against the internally saved value If *Code regex* is not set ~~~~~~~~~~~~~~~~~~~~~~~~~~ ========== ================================================ ==================================== URL Query Response ========== ================================================ ==================================== Init URL JSON body: ``{"user":$user,...}`` JSON body: ``{"result":true/false}`` Verify URL JSON body: ``{"user":$user,"code":"$code",...}`` JSON body: ``{"result":true/false}`` ========== ================================================ ====================================