OATH Registration widget

Definition

The OATH registration widget is used to provision the shared secret key between an OTP generator (such as Google Authenticator) and the verification server (AM server).

It is a standalone widget that requires a host feature of type "self" or an object feature where the object is the current subject.

Typically used in a UI_FOR_OBJECT feature of type "self".

The user is presented with a screen that invites him to proceed to a "One Time Password" registration. He can click the store links to obtain the recommended application (Google Authenticator, MS authenticator etc.).

Upon pressing on continue, a QR code is presented to the user, encoding the shared secret. The user must use his application (like Google Authenticator) to scan the QR code.

After registering the QR code, the user needs to provide a valid TOTP code in the field at the bottom using his application. If the code is correct the user will be informed that the registration is complete.

Configuration

Properties

The widget has no mandatory properties.

Example

CODE

<widget id="oath-registration-widget" xsi:type="ctdbum:OATHRegistrationWidgetType">
     <hidden>false</hidden>
     <config>
        <bordered>false</bordered>
        <title>true</title>
        <displayWizardSteps>false</displayWizardSteps>
        <displayWizardProgressBar>true</displayWizardProgressBar>
    </config>
</widget>

Settings

In order for the widget to correctly send the credentials, the Replay Gateway Provisioning service location and credentials must have been configured.

This configuration is done for each tenants by BUM settings:

Setting name	Type	Description
rgw.prov.baseURL	`String`	The base URL of the Replay Gateway Provisioning Service
rgw.prov.credentials	`Credentials`	The credentials for authenticating on the Replay Gateway Provisioning Service

Additional settings must be configured:

Note that the "issuer" and "label" field are used to display the account in the application (Google authenticator). They can use attributes (excerpt) of the user.

Feature Example

A full feature example

CODE

<?xml version="1.0" encoding="UTF-8"?>
<kit:DataSet xmlns:ctd="http://www.memority.com/citadel/1_0" xmlns:ctdbpmn="http://www.memority.com/citadel/bpmn/1_0" xmlns:ctdbum="http://www.memority.com/citadel/bum/1_0" xmlns:ctdcore="http://www.memority.com/citadel/core/1_0" xmlns:ctdidm="http://www.memority.com/citadel/idm/1_0" xmlns:ctdrep="http://www.memority.com/citadel/rep/1_0" xmlns:ctdrule="http://www.memority.com/citadel/rule/1_0" xmlns:ctdtnt="http://www.memority.com/citadel/tnt/1_0" xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
   <ctdbum:FeatureConfiguration id="test_oath-registration">
      <createdAt>2021-12-16T08:29:40.574Z</createdAt>
      <updatedAt>2021-12-16T08:58:29.402Z</updatedAt>
      <name>oath-registration</name>
      <description>Register user with OATH key</description>
      <type>UI_FOR_OBJECT</type>
      <scope type="EXPRESSION" objectKind="IDENTITY">
         <searchExpression/>
         <objectTypes>
            <objectType>test_identityType_employee</objectType>
         </objectTypes>
      </scope>
      <options>
         <formLabelOnTop>false</formLabelOnTop>
         <pendingOperationBehaviour>WARN</pendingOperationBehaviour>
         <submit>
            <reportDisplay>DISPLAY_ALL</reportDisplay>
         </submit>
      </options>
      <screen>
         <views>
            <view id="oath-registration-view-1">
               <description></description>
               <icon>fa fa-user</icon>
               <sections>
                  <section id="oath-registration-section-1">
                     <layout>SINGLE</layout>
                     <columns>
                        <column>
                           <widgets>
                              <widget id="oath-registration-widget" xsi:type="ctdbum:OATHRegistrationWidgetType">
                                 <hidden>false</hidden>
                                 <displayOptions>
                                    <modalSize>SM</modalSize>
                                 </displayOptions>
                                 <config>
                                    <bordered>false</bordered>
                                    <title>true</title>
                                    <displayWizardSteps>false</displayWizardSteps>
                                    <displayWizardProgressBar>false</displayWizardProgressBar>
                                 </config>
                              </widget>
                           </widgets>
                        </column>
                     </columns>
                  </section>
               </sections>
            </view>
         </views>
         <frame>
            <actions/>
            <collapsible>false</collapsible>
            <display>PORTLET</display>
            <initiallyCollapsed>false</initiallyCollapsed>
            <title>false</title>
         </frame>
      </screen>
      <authentication>
         <authenticationLevelComparison>MINIMUM</authenticationLevelComparison>
      </authentication>
      <operations/>
      <operationOnSelf>true</operationOnSelf>
   </ctdbum:FeatureConfiguration>
</kit:DataSet>

Read Next

Search Widgets — Allows to perform search on objects and to create a result table.

List Widget — Allows to display a list of results (external or internal data).

Roles Widgets — Allows to manage all functionalities about roles (assignment, request, dashboard, dimensions...).

Password Widgets — Allows to manage password for Identities (generate a password according to several criteria, reset password).

Report Widgets — Allows to display report information (audit or scheduled actions) on objects.

Button Widgets — Allows to display button in order to redirect the user to another feature.

MFA Widgets — Allows to enroll and manage MFA devices.

Webauthn Widgets — Allows to enroll and manage Webauthn devices.

Separator Widget — Allows to separate several widgets on a feature.

Replay Gateway Credentials Widget — Allows to provision application credentials to LDAP for the Replay Gateway

OATH Registration widget — Allows to provision the shared secret key between an OTP generator (such as Google Authenticator) and the verification server (AM server).

OTP Widgets — Allows to enroll and manage OTP addresses

Workflow History Widget — Allows to display pending workflows history launched from a Feature

Reporting Widgets

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.