Hi Malithi,
> BTW, for both local user and federated user this will work once you > de-select the Enable TOTP claim from the dashboard. Because for the > federated scenario, based on the use-cases have to create the user in the > local user store. If you are not setting any use case, then default (local) > use-case will get involved in the federation scenario. Please refer the > documentation [1] for more info. > So you mean, the federated user always needs to be some how associated with a local user ? If so, if such a local user is not found should it proceed further ? I was using 'userAttribute' usecase to associate with the local account. It worked for SMS OTP but not for TOTP. Will have a check on this again, because as per the code same utilities seems to be used in both cases. Yes, the federated user some how associated with local user to handle with these use-cases and I checked the case such as ,if such user is not found in user store then process gets fails. This should be fixed and I raised a JIRA [1] to track this issue. [1] https://wso2.org/jira/browse/ISCONNECT-91 > > [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+ > Authenticator > > Thanks > > > Kanapriya Kuleswararajan > Software Engineer | WSO2 > Mobile : - 0774894438 > Mail : - kanapr...@wso2.com > LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ > > On Mon, Oct 23, 2017 at 11:51 PM, Malithi Edirisinghe <malit...@wso2.com> > wrote: > >> Hi Team, >> >> I configured two step authentication with google federated authentication >> and TOTP for a service provider; i.e, first step is configured to use >> google as federated IdP, second step is TOTP. >> Both 'authenticationMandatory' and 'enrolUserInAuthenticationFlow' is >> set to true in TOTP authenticator configuration in >> application-authentication.xml file, such that TOTP is enforced and can >> enrol user while login. >> >> Now, when trying to access the SP, Google login page popped up for which >> user credentials were provided and authenticated. Then, in the next step, >> TOTP propose to enrol the user by scanning the QR code which was done. The >> federated user logged in successfully. >> >> Now, suppose I want to refresh the secret key of this account or clear >> it, such that the user needs to scan the QR code again. This could be done >> for a local user as the secret key was stored under ' >> http://wso2.org/claims/identity/secretkey' claim. But, for the user >> federated over google this could not be done. And I'm not sure where do we >> store the secret key for this account. >> >> Appreciate your input. >> >> Thanks, >> Malithi. >> >> -- >> >> *Malithi Edirisinghe* >> Associate Technical Lead >> WSO2 Inc. >> >> Mobile : +94 (0) 718176807 >> malit...@wso2.com >> > > > > > -- > > *Malithi Edirisinghe* > Associate Technical Lead > WSO2 Inc. > > Mobile : +94 (0) 718176807 > malit...@wso2.com >
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
