Configuring one-time password delivery methods

Edit online

Passwords can be delivered to the user through Short Message Service (SMS) or email.

Procedure

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Policy, click Authentication.
  4. Click Mechanisms.
  5. Click the delivery type.
    • SMS One-time Password
    • Email One-time Password
  6. Click Modify.
  7. Click the Properties tab.
    1. Select a property that you want to configure.
    2. Click Modify.
    3. Enter the value for that property.
    4. Click OK.
  8. Take note of the properties for the delivery method.
    SMS
    Basic Authentication User Name
    The username that is used in HTTP Basic authentication.

    SMS Delivery does not perform the HTTP basic authentication if this configuration is not specified.

    Required: False
    Multi-value: No
    Example: username
    Basic Authentication Password
    The password that is used in HTTP basic authentication.

    SMS Delivery does not perform HTTP Basic authentication if this configuration is not specified.

    Required: False
    Multi-value: No
    Example: password
    Connection URL
    The URL of the SMS Gateway where the phone number of the user and the one-time password is sent.
    Required: True
    Multi-value: No
    Example: https://smsgateway.tfim.example.com/
    HTTP Request Parameters
    The list of name and value pairs that is included in the body of the HTTP POST request to the SMS Gateway. In each pair, the name and the value must be separated by equal sign.

    Two macros, $DEST_NO$ and $MSG$, are replaced by the phone number of the user and the content of the SMS. These two macros can be used only as value in the name and value pair.

    Required: True
    Multi-value: Yes
    Example:
    • From=+0123456789
    • To= $DEST_NO$
    • Body= $MSG$
    Success HTTP Response Body Regex Pattern
    This parameter defines the Java™ regular-expression pattern that matches the HTTP response body that is returned by the SMS Gateway. When the match is successful, the SMS delivery is successful.

    The default value is empty.

    The default behavior is that the HTTP response body is not going to be matched against any Java regular-expression and the success or failure decision is going to be based on the SuccessHTTPReturnCode value only.

    Note: If the HTTP response from the SMS Gateway does not contain a body, this matching is not performed.
    Required: False
    Multi-value: No
    Example:
    • When the body of all responses by the SMS Gateway contains either Success or Failure followed by no newline character, the sample SuccessHTTPResponseBodyRegexPattern value is 
      Success
    • When the body of all responses by the SMS Gateway contains the following text: 
      MGDID=TTTTTTTTTTTTT
RESPONSECODE=NNN
SMS=TTTTTTTTTTTTTTTTTTTTTT
DATE=NNNNNNNN
      where each line ends with the \n character without any preceding \r character, and the RESPONSECODE is defined such that a three-digit number from 0 to 199 indicates success, the sample SuccessHTTPResponseBodyRegexPattern value is 
      (?s).*
RESPONSECODE=(\d{1,2}|[0-1]{1}\d{2})\n.*
    Success HTTP Return Code
    The response code from the SMS Gateway that is an acknowledgement from the SMS Gateway that the request is successfully processed.

    The default SuccessHTTPReturnCode, which is 200, is used when this configuration is not specified.

    Note: The SuccessHTTPReturnCode match must be successful before this matching is done.
    Required: False
    Multi-value: No
    Example: 200
    HTTPS Trust Store
    The keystore that validates the SMS Gateway SSL certificate.

    This configuration must be specified only when SMS Delivery communicates with the SMS Gateway by using HTTPS.

    Required: False
    Multi-value: No
    Example: rt_profile_keys
    Client Authentication Key

    The keystore and certificate that are used as client certificate in SSL Client authentication in the format:

    keystore_alias

    Where keystore is the name of the keystore to use and alias is the label of the certificate in the keystore.

    SMS Delivery does not perform SSL Client authentication if this configuration is not specified.

    Required: False
    Multi-value: No
    Example: rt_profile_keys_smscert
    Email
    Sender Email
    The email address that is used as the sender of the email that is sent to the user.
    Required: True
    Multi-value: No
    Example: otp_emailer@example.com
    SMTP Host Name
    The host name of the SMTP Server.
    Required: True
    Multi-value: No
    Example: smtpserver.tfim.example.com
    SMTP User Name
    The username that is used in SMTP authentication.
    Required: False
    Multi-value: No
    Example: username
    SMTP Password
    The password that is used in SMTP authentication.
    Required: False
    Multi-value: No
    Example: password
    Use SSL
    Use SSL for the connection to the SMTP server.
    Required: True
    Multi-value: No
    Example: false
    Enable STARTTLS
    Defines whether STARTTLS will be used to negotiate TLS to the SMTP server.
    Required: True
    Default: false
    Type: Boolean
    TLS protocol
    TLS protocol to be used when connecting to the SMTP server.
    Required: True
    Default: TLS
    Type: String
  9. Click Save.

What to do next

When you configure the mechanism, a message indicates that changes are not deployed. Deploy changes when you are finished. For more information, see Deploying pending changes.