Hi Hasitha, Will you able to try this on IS 5.7.0 ? Adaptive authentication was in dev state as at IS 5.6.0. Cheers, Ruwan
On Thu, Oct 11, 2018 at 5:01 PM Hasitha De Silva <[email protected]> wrote: > Thanks a lot Hasintha. > > I tried with the above approach and still got an NPE. Created a PR with a > possible fix. > > https://github.com/wso2-extensions/identity-extension-utils/pull/13 > > Do let me know if there is a better approach that works out of the box. > > Best Regards, > > On Thu, Oct 11, 2018 at 12:29 PM Hasintha Indrajee <[email protected]> > wrote: > >> I am using the below script to re-attempt on failures from step1; >> >> >> var rolesToStepUp = ['admin', 'Manager']; >> >> var errorPageParameters = { >> >> 'status': 'Unauthorized', >> >> 'statusMsg': 'You are not authorized to access this application' >> >> }; >> >> var errorPage = ''; >> >> function onLoginRequest(context) { >> >> executeBasicAuth(context); >> >> } >> >> function executeBasicAuth(context) { >> >> executeStep(1,{ >> >> onSuccess: function (context) { >> >> // Extracting authenticated subject from the first step >> >> var user = context.currentKnownSubject; >> >> // Checking if the user is assigned to one of the given roles >> >> var hasRole = hasAnyOfTheRoles(user, rolesToStepUp); >> >> if (hasRole) { >> >> Log.info(user.username + ' Has one of Roles: ' + >> rolesToStepUp.toString()); >> >> executeStep(2); >> >> } else { >> >> sendError(errorPage, errorPageParameters); >> >> } >> >> }, >> >> onFail: function (context) { >> >> executeBasicAuth(context); >> >> } >> >> >> >> }); >> >> } >> >> >> On Thu, Oct 11, 2018 at 2:10 PM Hasitha De Silva <[email protected]> >> wrote: >> >>> [+ maduranga] >>> >>> On Wed, Oct 10, 2018 at 3:46 PM Hasitha De Silva <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I'm having some trouble trying to simulate the login failure scenarios >>>> with conditional auth scripts. What is the ideal way to enforce the script >>>> to retry login attempts ? >>>> >>>> Right now my script is as below; >>>> >>>> function onLoginRequest(context) { >>>> executeStep(1, { >>>> onSuccess: function(context) { >>>> if (!checkIP(context)) { >>>> if (!checkIPInSubnet(context)) { >>>> if (step2CheckEmail(context)) { >>>> executeStep(2, { >>>> onFail: function(context) { >>>> executeStep(2); >>>> } >>>> }); >>>> } >>>> } >>>> } >>>> }, >>>> onFail: function(context) { >>>> executeStep(1); >>>> } >>>> }); >>>> } >>>> >>>> The expected flow is that the user is taken to the email otp page after >>>> basic login, and then, if he/she enters the wrong OTP code, the user should >>>> be allowed to retry another OTP code. However, what actually happens is >>>> that the user is taken to a default IS error page with following error >>>> trace : >>>> >>>> [2018-10-10 15:26:01,298] ERROR >>>> {org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler} >>>> - Code mismatch >>>> org.wso2.carbon.identity.application.authentication.framework.exception.AuthenticationFailedException: >>>> Code mismatch >>>> at >>>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.processAuthenticationResponse(EmailOTPAuthenticator.java:242) >>>> at >>>> org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:77) >>>> at >>>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.process(EmailOTPAuthenticator.java:125) >>>> at >>>> org.wso2.carbon.identity.application.authentication.framework.handler.step.impl.DefaultStepHandler.doAuthentication(DefaultStepHandler.java:490) >>>> >>>> [2018-10-10 15:26:01,362] ERROR >>>> {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>> - Exception in Authentication Framework >>>> java.lang.NullPointerException >>>> at >>>> org.wso2.carbon.extension.identity.helper.FederatedAuthenticatorUtil.setUsernameFromFirstStep(FederatedAuthenticatorUtil.java:399) >>>> at >>>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.initiateAuthenticationRequest(EmailOTPAuthenticator.java:160) >>>> at >>>> org.wso2.carbon.identity.application.authentication.framework.AbstractApplicationAuthenticator.process(AbstractApplicationAuthenticator.java:71) >>>> at >>>> org.wso2.carbon.identity.authenticator.emailotp.EmailOTPAuthenticator.process(EmailOTPAuthenticator.java:125) >>>> >>>> >>>> Appreciate any help :) >>>> >>>> >>>> Best Regards, >>>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >> >> >> -- >> Hasintha Indrajee >> WSO2, Inc. >> Mobile:+94 771892453 >> >> _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- *Ruwan Abeykoon* *Associate Director/Architect**,* *WSO2, Inc. http://wso2.com <https://wso2.com/signature> * *lean.enterprise.middleware.*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
