I am using the below script to re-attempt on failures from step1;
var rolesToStepUp = ['admin', 'Manager'];
var errorPageParameters = {
'status': 'Unauthorized',
'statusMsg': 'You are not authorized to access this application'
};
var errorPage = '';
function onLoginRequest(context) {
executeBasicAuth(context);
}
function executeBasicAuth(context) {
executeStep(1,{
onSuccess: function (context) {
// Extracting authenticated subject from the first step
var user = context.currentKnownSubject;
// Checking if the user is assigned to one of the given roles
var hasRole = hasAnyOfTheRoles(user, rolesToStepUp);
if (hasRole) {
Log.info(user.username + ' Has one of Roles: ' +
rolesToStepUp.toString());
executeStep(2);
} else {
sendError(errorPage, errorPageParameters);
}
},
onFail: function (context) {
executeBasicAuth(context);
}
});
}
On Thu, Oct 11, 2018 at 2:10 PM Hasitha De Silva <[email protected]>
wrote:
> [+ maduranga]
>
> On Wed, Oct 10, 2018 at 3:46 PM Hasitha De Silva <[email protected]>
> wrote:
>
>> Hi,
>>
>> I'm having some trouble trying to simulate the login failure scenarios
>> with conditional auth scripts. What is the ideal way to enforce the script
>> to retry login attempts ?
>>
>> Right now my script is as below;
>>
>> function onLoginRequest(context) {
>> executeStep(1, {
>> onSuccess: function(context) {
>> if (!checkIP(context)) {
>> if (!checkIPInSubnet(context)) {
>> if (step2CheckEmail(context)) {
>> executeStep(2, {
>> onFail: function(context) {
>> executeStep(2);
>> }
>> });
>> }
>> }
>> }
>> },
>> onFail: function(context) {
>> executeStep(1);
>> }
>> });
>> }
>>
>> The expected flow is that the user is taken to the email otp page after
>> basic login, and then, if he/she enters the wrong OTP code, the user should
>> be allowed to retry another OTP code. However, what actually happens is
>> that the user is taken to a default IS error page with following error
>> trace :
>>
>> [2018-10-10 15:26:01,298] ERROR
>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler}
>> - Code mismatch
>> org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException:
>> Code mismatch
>> at
>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.processAuthenticationResponse(EmailOTPAuthenticator.java:242)
>> at
>> org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:77)
>> at
>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.process(EmailOTPAuthenticator.java:125)
>> at
>> org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:490)
>>
>> [2018-10-10 15:26:01,362] ERROR
>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator}
>> - Exception in Authentication Framework
>> java.lang.NullPointerException
>> at
>> org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil.setUsernameFromFirstStep(FederatedAuthenticatorUtil.java:399)
>> at
>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.initiateAuthenticationRequest(EmailOTPAuthenticator.java:160)
>> at
>> org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:71)
>> at
>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.process(EmailOTPAuthenticator.java:125)
>>
>>
>> Appreciate any help :)
>>
>>
>> Best Regards,
>>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
--
Hasintha Indrajee
WSO2, Inc.
Mobile:+94 771892453
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
