Hi Kanapriya, On Tue, Oct 24, 2017 at 10:35 AM, Kanapriya Kuleswararajan < kanapr...@wso2.com> wrote:
> Hi Malithi, > > If you wanted to re-scan the QR code then you have to deselect the Enable > TOTP claim in the dashboard, this will automatically remove the secret key > claim from the user profile. > Noted. Thanks > BTW, for both local user and federated user this will work once you > de-select the Enable TOTP claim from the dashboard. Because for the > federated scenario, based on the use-cases have to create the user in the > local user store. If you are not setting any use case, then default (local) > use-case will get involved in the federation scenario. Please refer the > documentation [1] for more info. > So you mean, the federated user always needs to be some how associated with a local user ? If so, if such a local user is not found should it proceed further ? I was using 'userAttribute' usecase to associate with the local account. It worked for SMS OTP but not for TOTP. Will have a check on this again, because as per the code same utilities seems to be used in both cases. > > [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ > Authenticator > > Thanks > > > Kanapriya Kuleswararajan > Software Engineer | WSO2 > Mobile : - 0774894438 > Mail : - kanapr...@wso2.com > LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ > <https://www.linkedin.com/in/hariprasath-thanarajah-5234b660> > > On Mon, Oct 23, 2017 at 11:51 PM, Malithi Edirisinghe <malit...@wso2.com> > wrote: > >> Hi Team, >> >> I configured two step authentication with google federated authentication >> and TOTP for a service provider; i.e, first step is configured to use >> google as federated IdP, second step is TOTP. >> Both 'authenticationMandatory' and 'enrolUserInAuthenticationFlow' is >> set to true in TOTP authenticator configuration in >> application-authentication.xml file, such that TOTP is enforced and can >> enrol user while login. >> >> Now, when trying to access the SP, Google login page popped up for which >> user credentials were provided and authenticated. Then, in the next step, >> TOTP propose to enrol the user by scanning the QR code which was done. The >> federated user logged in successfully. >> >> Now, suppose I want to refresh the secret key of this account or clear >> it, such that the user needs to scan the QR code again. This could be done >> for a local user as the secret key was stored under ' >> http://wso2.org/claims/identity/secretkey' claim. But, for the user >> federated over google this could not be done. And I'm not sure where do we >> store the secret key for this account. >> >> Appreciate your input. >> >> Thanks, >> Malithi. >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> malit...@wso2.com >> > > -- *Malithi Edirisinghe* Associate Technical Lead WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
