Authentication mechanisms

Edit online

These files support the authentication mechanisms.

Authentication mechanisms

These files support the authentication mechanisms. For more information, see Authentication.

Table 1. Default template files in the otp/ directory
Page name File name and macros Description and link to file contents
Change PIN required otp/change_pin.html
Macros
  • @ERROR_MESSAGE@
  • @MAPPING_RULE_DATA@
  • @DISPLAY_RESELECT_BUTTON@
 Enables the user to enter a new PIN.
OTP Email Delivery Message otp/delivery/email_message.xml Used by EmailOTPDelivery as the content of the email that it sends to the user.

The template file must be a compliant XML file.

The content can be plain text or HTML. Following is an example that uses HTML in the email template:

<?xml version="1.0" encoding="UTF-8"?>
<root>
<Subject>
  <Value>One-time Password</Value>
</Subject>
<Message>
  <Value><![CDATA[<html>
<body>
<img src="https://www.example.com/images/logo.gif" />
<br />This is your HTML email one-time password @OTP_STRING@.<br />
    <p>Thank you,<br />
    The Example Co.</p>
</body>
    </html>]]>
  </Value>
</Message>
</root>

For more information about HTML formatting of email messages, see HTML format for OTP email messages.
OTP SMS Delivery Message otp/delivery/sms_message.xml Used by SMSOTPDelivery as the content of the SMS that it sends to the user.

The template file must be a compliant XML file.
One-Time Password Delivery Selection otp/delivery_selection.html
Macros
  • @OTP_METHOD_CHECKED@
  • @OTP_METHOD_LABEL@
 Displays the list of methods for generating, delivering, and verifying the one-time password.
OTP General Error otp/errors/allerror.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays general errors that happen during the one-time password flow.
OTP Validation Error otp/errors/error_could_not_validate_otp.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays errors during the validation of the one-time password that the user submits.
OTP Generation Error otp/errors/error_generating_otp.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays errors during the generation of a one-time password.
OTP Methods Retrieval Error otp/errors/error_get_delivery_options.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays errors during the retrieval of the list of methods for delivering one-time password to the user.
OTP Delivery Error otp/errors/error_otp_delivery.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays errors during the delivery of a one-time password to the user.
OTP STS Invocation Error otp/errors/error_sts_invoke_failed.html
Macros
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @DETAIL@
  • @EXCEPTION_STACK@
 Displays errors during the invocation of the Security Token Service.
One-Time Password Login otp/login.html
Macros
  • @ERROR_MESSAGE@
  • @MAPPING_RULE_DATA@
  • @DISPLAY_RESELECT_BUTTON@
 Displays the form where the user can enter the one-time password.
Enter Next OTP Form otp/next_otp.html
Macros
  • @ERROR_MESSAGE@
  • @MAPPING_RULE_DATA@
  • @DISPLAY_RESELECT_BUTTON@
 Enables the user to enter the next one time password.
Table 2. Default template files in the authsvc/authenticator directory
Page name File name and macros Description
Authenticator Error Page authsvc/authenticator/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 A generic authenticator error page.
Authenticator Login Page authsvc/authenticator/login.html
Macros
  • @USERNAME@
  • @JUNCTION@
  • @ACTION@
 A generic authenticator username and password login page.
Table 3. Default template files in the authsvc/authenticator/basicldapuser directory
Page name File name and macros Description
Change Password authsvc/authenticator/basicldapuser/change_password.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @USERNAME@
  • @ACTION@
  • @OLDPASSWORD@
  • @POLICYMESSAGE@
 Enables the user to change their LDAP password.
Username and Password Login authsvc/authenticator/bascildapuser/login.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the user can enter their username and password to log in.
Table 4. Default template files in the authsvc/authenticator/branching directory
Page name File name and macros Description
Generic Decision authsvc/authenticator/branching/generic_decision.html
Macros
  • @BRANCHES@
  • @JUNCTION@
  • @ACTION@
 Displays a form that allows the user to select an authentication branch to use from a list of available branches.
Second Factor Decision authsvc/authenticator/branching/second_factor_decision.html
  • @MECHANISMS@
  • @ERROR_MESSAGE@
  • @METHODS@
  • @JUNCTION@
  • @MOBILE_NUM@
  • @EMAIL_ADDR@
  • @ACTION@
 Displays a form that allows the user to select a second factor authentication method to use from a list of available methods.
Identifier First Authentication Page authsvc/authenticator/branching/identifier_first.html
Macros:
  • @FIDO_RP_ID@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_USER_VERIFICATION@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @STATE@
  • @ACTION@
 Displays a form that allows the user to submit their username or perform autofill FIDO authentication.
IFA Authentication Method Choice Page authsvc/authenticator/branching/ifa_choice.html
  • @ERROR_MESSAGE@
  • @IS_FIDO@
  • @IS_MMFA@
  • @FINGERPRINT_PREFERRED@
  • @STATE@
  • @ACTION@
  • @USERNAME@
 If enrolled, the user is prompted to choose between FIDO2/WebAuthn authentication, MMFA authentication, or standard username/password authentication.
IFA FIDO2 PAIR Registration Page authsvc/authenticator/branching/ifa_fido2pair_reg.html
Macros:
  • @FIDO_ERROR_MESSAGE@
  • @STATE@
  • @FIDO_USER_NAME@
  • @ACTION@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @CANCEL_ACTION@
 Displays a page that allows a user to register a FIDO2 device for authentication.
IFA Redirect Page authsvc/authenticator/branching/ifa_redirect.html
  • @ERROR_MESSAGE@
  • @IFA_REDIRECT_URL@
  • @USERNAME@
 Redirects the user to the configured Redirect URL, if the username matched a set regular expression.
Table 5. Default template files in the authsvc/authenticator/ci directory
Page name File name and macros Description
Username and Password Login authsvc/authenticator/ci/login.html
Macros
  • @USERNAME@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the user can enter their username and password to log in.
Authenticate Page authsvc/authenticator/ci/authenticate_dialog.html
Macros
  • @HIDE_TRANSIENT_IF_ENROLL@
  • @EXPAND_VERIFY_METHODS@
  • @JIT_ENROLLMENT@
  • @AUTH_METHODS@
  • @SIGNATURE_METHODS@
  • @TRANSIENT_METHODS@
  • @JUNCTION@
  • @ACTION@
 Displays a form that allows the user to select a method to use for two-step verification.
Choose Method Page authsvc/authenticator/ci/choose_method.html
Macros
  • @AUTH_METHODS@
  • @SIGNATURE_METHODS@
  • @TRANSIENT_METHODS@
  • @ACTION@
 Displays a form that allows the user to select a method to use for two-step verification.
Verify Page authsvc/authenticator/ci/verify.html
Macros
  • @TYPE@
  • @ERROR_MESSAGE@
  • @CORRELATION@
  • @JUNCTION@
  • @ACTION@
  • @ID@
 Displays a form that allows the user to enter the access code that is used to authenticate the two-step verification.
Device Connected Page authsvc/authenticator/ci/device_connected.html
Macros
  • @TYPE@
  • @DEVICE_NAME@
  • @JUNCTION@
  • @ACTION@
 Displays a confirmation page that a device was successfully connected and can now be selected as a method for two-step verification.
Enrollment Page authsvc/authenticator/ci/enrollment.html
Macros
  • @TYPE@
  • @CORRELATION@
  • @JUNCTION@
  • @ACTION@
 Displays a form that is used to validate an OTP during an enrollment flow.
Error Page authsvc/authenticator/ci/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Displays errors during the CI authentication.
JIT Enroll Page authsvc/authenticator/ci/jit_enroll.html

Macros

  • @ERROR_MESSAGE@
  • @JIT_TYPE@
  • @JUNCTION@
  • @ACTION@
 Displays a form that allows a user with no existing device registrations to enroll a device during a CI authentication.
TOTP Enrollment Page authsvc/authenticator/ci/totp_enrollment.html
Macros
  • @ERROR_MESSAGE@
  • @QRCODE@
  • @JUNCTION@
  • @ACTION@
 Displays a page that allows a user to enroll a device for TOTP authentication.
Push Notification Page authsvc/authenticator/ci/try_push.html
Macros
  • @DEVICE_NAME@
  • @JUNCTION@
  • @ACTION@
 Displays a page that allows a device to be configured and tested to receive push notifications to authenticate the two-step verification.
User Self-Care Page authsvc/authenticator/ci/usc.html
Macros
  • @ENABLED_METHODS@
  • @NAME@
  • @AUTH_METHODS@
  • @AUTHENTICATORS@
  • @EMAIL@
  • @USERNAME@
  • @DEVICE_COUNT@
  • @METHOD_COUNT@
  • @JUNCTION@
  • @ACTION@
 Displays a page that allows a user to manage their registered authentication devices.
Username Login Page authsvc/authenticator/ci/username.html
Macros
  • @USERNAME@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the user can enter their username to log in without a password.
Verify Registration Page authsvc/authenticator/ci/verify_registration.html
Macros
  • @QRCODE@
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION
 Displays a page that allows a user to enroll a device to use IBM Verify for authentication.
Wait Page authsvc/authenticator/ci/wait.html
Macros
  • @ACTION
 Displays a page while it waits between polls during an IBM Verify authentication.
Table 6. Default template files in the authsvc/authenticator/email_message directory
Page name File name and macros Description
Email Delivery Message authsvc/authenticator/email_message/email_message.xml
Macros
  • @ATTRIBUTE@
 The email content that is sent to the SMTP server.
Error Page authsvc/authenticator/email_message/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 The email content that is sent to the SMTP server.
Table 7. Default template files in the authsvc/authenticator/fido directory
Page name File name and macros Description
Assertion Page authsvc/authenticator/fido/assertion.html
Macros
  • @FIDO_RP_ID@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_USER_VERIFICATION@
  • @FIDO_USER_ID@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @STATE@
  • @ACTION@
  • @FIDO_ALLOW_CREDENTIALS@
  • @FIDO_EXTENSIONS@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @CANCEL_ACTION@
 Displays a form that allows a user to perform a FIDO authentication.
Attestation Page authsvc/authenticator/fido/attestation.html
Macros
  • @FIDO_RP_ID@
  • @FIDO_RP_NAME@
  • @FIDO_USER_ID@
  • @FIDO_USER_NAME@
  • @FIDO_DISPLAY_NAME@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_REQUIRE_RESIDENT_KEY@
  • @FIDO_RESIDENT_KEY@
  • @FIDO_USER_VERIFICATION@
  • @FIDO_AUTHENTICATOR_ATTACHMENT@
  • @FIDO_ATTESTATION@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @ACTION@
  • @FIDO_ALLOW_CREDENTIALS@
  • @FIDO_EXTENSIONS@
  • @FIDO_PUBKEY_CRED_PARAMS@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @STATE@
  • @CANCEL_ACTION@
 Displays a form that allows a user to register a FIDO device for authentication.
Error Page authsvc/authenticator/fido/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
 Displays errors during the FIDO authentication.
Table 8. Default template files in the authsvc/authenticator/fido2pair directory
Page name File name and macros Description
FIDO2 PAIR Authentication Decision Page authsvc/authenticator/fido2pair/fido2pair_authn_decision.html
Macros
  • @FIDO_RP_ID@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_USER_VERIFICATION@
  • @FIDO_USER_ID@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @STATE@
  • @ACTION@
  • @PERSISTENT_USERNAME@
  • @FIDO_ALLOW_CREDENTIALS@
  • @FIDO_EXTENSIONS@
  • @JUNCTION@
 Displays a page that allows a user to either login by using a username and password or by using an already registered FIDO device.
FIDO2 PAIR Login Success Page authsvc/authenticator/fido2pair/fido2pair_login_success.html Displays a page that indicates that the login was successful. The page is imported into the reverse proxy management root when FIDO2 PAIR is configured and the administrator chooses to overwrite the default login success page. It saves the persistent token from the reverse proxy into the browser for subsequent FIDO2 authentication.
FIDO2 PAIR Device Registration Complete Page authsvc/authenticator/fido2pair/fido2pair_reg_complete.html
Macros
  • @JUNCTION@
  • @ACTION@
 Displays a page that indicates that a FIDO2 device was registered successfully and can now be used for subsequent authentications.
FIDO2 PAIR Device Registration Decision Page authsvc/authenticator/fido2pair/fido2pair_reg_decision.html
Macros
  • @USERNAME@
  • @JUNCTION@
  • @ACTION@
 Displays a page that allows a user to decide whether they would like to register a FIDO2 device for authentication after the initial username and password login.
FIDO2 PAIR Device Registration Page authsvc/authenticator/fido2pair/fido2pair_reg_mechanism.html
Macros
  • @FIDO_ERROR_MESSAGE@
  • @STATE@
  • @FIDO_USER_NAME@
  • @ACTION@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @CANCEL_ACTION@
 Displays a page that allows a user to register a FIDO2 device for authentication.
Table 9. Default template files in the authsvc/authenticator/infomap directory
Page name File name and macros Description
Error Page authsvc/authenticator/infomap/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays a page that shows the details of an error that was encountered.
FIDO Assertion Page authsvc/authenticator/infomap/fido_assertion.html
Macros
  • @FIDO_RP_ID@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_USER_VERIFICATION@
  • @FIDO_USER_ID@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @ACTION@
  • @FIDO_ALLOW_CREDENTIALS@
  • @FIDO_EXTENSIONS@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @STATE@
  • @CANCEL_ACTION@
 Displays a form that allows a user to perform a FIDO authentication.
FIDO Attestation Page authsvc/authenticator/infomap/fido_attestation.html
Macros
  • @FIDO_RP_ID@
  • @FIDO_RP_NAME@
  • @FIDO_TIMEOUT@
  • @FIDO_CHALLENGE@
  • @FIDO_USER_ID@
  • @FIDO_USER_NAME@
  • @FIDO_USER_DISPLAY_NAME@
  • @FIDO_STATUS@
  • @FIDO_ERROR_MESSAGE@
  • @ACTION@
  • @FIDO_EXCLUDED_CREDENTIALS@
  • @FIDO_PUBKEY_CRED_PARAMS@
  • @FIDO_AUTHENTICATOR_SELECTION@
  • @FIDO_EXTENSIONS@
  • @ERROR_MESSAGE@
  • @FIDO_INFOMAP_PARAM@
  • @STATE@
  • @CANCEL_ACTION@
  • @FIDO_ATTESTATION@
 Displays a form that allows a user to register a FIDO device for authentication.
Username Login Page authsvc/authenticator/infomap/login.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the user can enter their username to log in.
Table 10. Default template files in the authsvc/authenticator/mmfa directory
Page name File name and macros Description
Mobile Multi-Factor Authentication Device Selection Page authsvc/authenticator/mfa/device_selection.html
Macros
  • @JUNCTION@
  • @ACTION@
  • @MMFA_DEVICE_CHECKED@
  • @MMFA_DEVICE_ID@
  • @MMFA_DEVICE_LABEL@
 Displays a form that allows a user to select which registered device to send a mobile multi factor authentication notification.
Mobile Multi-Factor Authentication Error Page authsvc/authenticator/mmfa/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
 Displays a page that shows the details of an error that was encountered.
Mobile Multi-Factor Authentication Login Wait Page authsvc/authenticator/mmfa/login_wait.html
  • @ACTION@
  • @MMFA_TRANSACTION_STATUS@
  • @ERROR_MESSAGE@
  • @MMFA_TRANSACTION_ID@
  • @MMFA_CONTEXT_MESSAGE@
  • @RETURN_ENABLED@
  • @TOTP_ENROLLED@
  • @MMFA_DEVICE_NAME@
  • @JUNCTION@
 Displays a page that shows that a notification was sent to the selected device and waits for a response.
Table 11. Default template files in the authsvc/authenticator/mobileuserapproval directory
Page name File name and macros Description
Mobile User Approval Challenge Page authsvc/authenticator/mobileuserapproval/challenge.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
  • @SERVER_CHALLENGE@
  • @HANDLE@
 Displays a form that allows a user to sign the challenge data with the key that is associated with a given key handle.
Mobile User Approval Error Page authsvc/authenticator/mobileuserapproval/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays a page that shows the details of an error that was encountered.
Table 12. Default template files in the authsvc/authenticator/qrlogin directory
Page name File name and macros Description
QR Login Error Page authsvc/authenticator/qrlogin/error.html
Macros
  • @JUNCTION@
  • @ERROR@
 Displays errors during the QR code authentication.
QR Login Page authsvc/authenticator/qrlogin/qrlogin.html
Macros
  • @DSI@
  • @IN_BRANCH@
  • @ACTION@
  • @LSI@
  • @JUNCTION@
 Displays a page that allows a user to authenticate by scanning a QR code with a registered device.
QR Login Response Page authsvc/authenticator/qrlogin/qrresponse.html
Macros
  • @USERNAME@
  • @ACTION@
 Sends a response to the device to indicate that the QR code authentication was successful.
Table 13. Default template files in the authsvc/authenticator/recaptcha directory
Page name File name and macros Description
ReCAPTCHA Challenge Page authsvc/authenticator/recaptcha/standalone.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
  • @SITE_KEY@
 Displays a form that prompts a user to fulfill a specific re-CAPTCHA challenge.
Table 14. Default template files in the authsvc/authenticator/rsa_securid directory
Page name File name and macros Description
RSA SecurID One-Time Password Error authsvc/authenticator/rsa_securid/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the RSA SecurID one-time password authentication.
RSA SecurID One-Time Password Login authsvc/authenticator/rsa_securid/code.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Displays a form where the user can enter the RSA SecurID one-time password to log in.
RSA SecurID One-Time Password Login (New PIN) authsvc/authenticator/rsa_securid/new_pin.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Enables a user to enter a new RSA SecurID pin.
RSA SecurID One-Time Password Login (Next OTP) authsvc/authenticator/rsa_securid/next_code.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Enables a user to enter the next RSA SecurID one-time password.
Table 15. Default template files in the authsvc/authenticator/u2f directory
Page name File name and macros Description
U2F Token Error Page authsvc/authenticator/u2f/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
 Displays errors during the U2F token authentication.
U2F Token Registration Page authsvc/authenticator/u2f/register.html
Macros
  • @U2F_APP_ID@
  • @U2F_CHALLENGE@
  • @U2F_VERSION@
  • @ACTION@
  • @CANCEL_ACTION@
  • @U2F_TOKENS@
  • @JUNCTION@
  • @UNREGISTER_ACTION
  • @UPDATE_ACTION@
 Displays a form to allow a user to register a U2F token for authentication.
Table 16. Default template files in the authsvc/authenticator/verify_gateway directory
Page name File name and macros Description
IBM Verify Gateway Response Page authsvc/authenticator/verify_gateway/response.html This file is not currently used.
Table 17. Default template files in the authsvc/authenticator/password/ directory
Page name File name and macros Description
Change Password authsvc/authenticator/password/change_password.html
Macros
  • @USERNAME@
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Enables the users to change their registry password.
Username and Password Error authsvc/authenticator/password/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the username and password authentication or when the users modify their password.
Username and Password Login authsvc/authenticator/password/login.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the users can enter their username and password to log in.
Table 18. Default template files in the authsvc/authenticator/http_redirect/ directory
Page name File name and macros Description
HTTP Redirect Authentication Error authsvc/authenticator/http_redirect/allerror.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays general errors during for HTTP redirect authentication mechanism.
HTTP Redirect Authentication Failed authsvc/authenticator/http_redirect/error_authenticate.html
Macros
  • MAC
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the HTTP redirect authentication flow.
Table 19. Default template files in the authsvc/authenticator/macotp/ directory
Page name File name and macros Description
MAC One-Time Password Delivery Selection authsvc/authenticator/macotp/delivery_selection.html
Macros
  • @JUNCTION@
  • @ACTION@
  • @OTP_METHOD_ID@
  • @OTP_METHOD_CHECKED@
  • @OTP_METHOD_LABEL@
 Displays the list of methods for generating, delivering, and verifying the one-time password.
MAC OTP One-Time Password Error authsvc/authenticator/macotp/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the MAC one-time password authentication.
MAC One-Time Password Login authsvc/authenticator/macotp/login.html
Macros
  • @MAPPING_RULE_DATA@
  • @DISPLAY_RESELECT_BUTTON@
  • @OTP_DELIVERY_ATTR@
  • @ERROR_MESSAGE@
  • @ACTION@
  • @JUNCTION@
  • @OTP_HINT@
  • @OTP_LOGIN_DISABLED@
  • @OTP_REGENERATE_DISABLED@
 Displays the form where the user can enter the MAC one-time password.
Table 20. Default template files in the authsvc/authenticator/rsa/ directory
Page name File name and macros Description
RSA One-Time Password Error authsvc/authenticator/rsa/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the RSA one-time password authentication.
RSA One-Time Password Login authsvc/authenticator/rsa/code.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Displays the form where the users can enter the RSA one-time password to log in.
RSA One-Time Password Login (New PIN) authsvc/authenticator/rsa/new_pin.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Enables users to enter a new RSA pin.
RSA One-Time Password Login (Next OTP) authsvc/authenticator/rsa/next_code.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
 Enables users to enter the next RSA one-time password.
Table 21. Default template files in the authsvc/authenticator/totp/ directory
Page name File name and macros Description
TOTP One-Time Password Error authsvc/authenticator/totp/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the TOTP one-time password authentication.
TOTP One-Time Password Login authsvc/authenticator/totp/login.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Displays the form where the users can enter the TOTP password to log in.
Table 22. Default template files in the authsvc/authenticator/hotp/ directory
Page name File name and macros Description
HOTP One-Time Password Error authsvc/authenticator/hotp/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the HOTP one-time password authentication.
HOTP One-Time Password Login authsvc/authenticator/hotp/login.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Displays the form where the users can enter the HOTP password to log in.
Table 23. Default template files in the authsvc/authenticator/consent_register_device/ directory
Page name File name and macros Description
Consent page authsvc/authenticator/consent_register_device/consent-form.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @ACTION@
 Prompts the user to provide consent for registering a device.
Consent to Device Registration Error authsvc/authenticator/consent_register_device/error.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during the consent to device registration flow.
Table 24. Default template files in the authsvc/authenticator/eula/ directory
Page name File name and macros Description
End-User License Agreement license file display authsvc/authenticator/eula/license.txt Contains the license agreement to display to the user.
The template does not use replacement macros.
Note: You can add more license files to the template tree.
Specify the metadata in the End-User License Agreement for the following purposes:
  • Auditing
  • Forensic
The End-User License Agreement authentication mechanism removes the metadata before it displays the license agreement to the user. The metadata must be on the first line of the license agreement. For example, 
Metadata:   Version: 1.0          Identifier:  135223434343
When the user accepts the license agreement or declines the license agreement, the mechanism audits:
  • The user action.
  • The license file name.
  • The corresponding metadata.
End-User License Agreement license agreement display authsvc/authenticator/eula/eula.html
Macros
  • @USERNAME@
  • @LICENSE@
  • @JUNCTION@
  • @ACTION@
 Displays the page where the user views the license and accepts the license agreement.
End-User License Agreement license agreement decline authsvc/authenticator/eula/error_license_declined.html
Macros
  • @USERNAME@
  • @ERROR_MESSAGE@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @ERROR_MESSAGE@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
  • @LICENSE_FILE@
  • @LICENSE_METADATA@
  • @JUNCTION@
 Displays the page where the user declines the license agreement.
Table 25. Default template files in the authsvc/authenticator/knowledge_questions/ directory
Page name File name and macros Description
Knowledge Questions authentication mechanism knowledge login form authsvc/authenticator/knowledge_questions/login.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
  • @QUESTION_INDEX@
  • @QUESTION_TEXT@
  • @QUESTION_UNIQUE_ID@
  • @QUESTION_COUNT@
 Displays the form where the user enters the answers to the required knowledge questions.
Knowledge Questions authentication mechanism knowledge question authentication errors authsvc/authenticator/knowledge_questions/error.html
Macros
  • @JUNCTION@
  • @REQ_ADDR@
  • @TIMESTAMP@
  • @ERROR_MESSAGE@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during knowledge-question authentication.
Knowledge Questions authentication mechanism missing knowledge questions with grace period authsvc/authenticator/knowledge_questions/ not_enough_questions_found_continue.html
Macros
  • @JUNCTION@
  • @USERNAME@
  • @NUM_REQUIRED_ANSWERS@
  • @NUM_REGISTERED_QUESTIONS@
  • @GRACE_PERIOD_AUTH_COUNT@
  • @MAX_GRACE_PERIOD_AUTH_COUNT@
  • @ACTION@
 Displayed when the user did not register the required number of knowledge questions and answers that are required for successful authentication. The following conditions must also be true:
  • The administrator configured the environment to allow grace-period authentication.
  • The user did not reach the limit of grace-period logins.
Knowledge Questions authentication mechanism missing knowledge questions without grace period authsvc/authenticator/knowledge_questions/ not_enough_questions_found_error.html
Macros
  • @JUNCTION@
  • @USERNAME@
  • @NUM_REQUIRED_ANSWERS@
  • @NUM_REGISTERED_QUESTIONS@
  • @REQ_ADDR@
  • @TIMESTAMP@
 Displayed when the user did not register the required number of knowledge questions and answers that are required for successful authentication. One of the following conditions must also be true:
  • The administrator did not configure the environment to allow grace-period authentication.
  • The user reached the limit of grace-period logins.
Table 26. Default template files in the authsvc/authenticator/otp/ directory
Page name File name and macros Description
OTP Enrollment main page authsvc/authenticator/otp/enroll.html
Macros
  • @ERROR_MESSAGE@
  • @JUNCTION@
  • @ACTION@
  • @STATE@
  • @SECRET_KEY@
  • @QR_CODE@
  • @VALIDATE@
  • @SUCCESS@
 Prompts a user to enroll TOTP or HOTP by displaying a QR code for the user to scan, or a manual code for them to type into their OTP application.
OTP Enrollment errors authsvc/authenticator/otp/error.html
Macros
  • @JUNCTION@
  • @ERROR_MESSAGE@
  • @EXCEPTION_MSG@
  • @EXCEPTION_STACK@
 Displays errors during OTP enrollment.