I have wso2 version 5.8.0 and want to make adaptive authentication using email or sms. What needs to be prepared to make adaptive authentication using email or sms to confirm from the client / user.
You can follow this documentation for configuring SMS otp authenticator https://docs.wso2.com/display/IS580/Configuring+SMS+OTP and refer this for configuring email otp authenticator https://docs.wso2.com/display/IS580/Configuring+Email+OTP.
You can configure smsotp and email otp authenticator as second step authenticators. Bydefault these connectors are shipped with IS5.8.0
Step1: basic
Step2: multi option- sms/email otp
Authentication with sms and email otp can be done without adaptive script. If you want to do some manipulation, you can use an adaptive authentication script. Please follow these documents for further reference.
https://medium.com/#gayanmadusanka_80721/introduction-to-adoptive-authentication-with-wso2-identity-server-5-7-0-release-c3dec5aff895
https://madurangasblogs.blogspot.com/2018/12/adaptive-authentication-with-wso2.html
Related
i have issue with enabling SMS OTP Step then Email OTP step after username and password step.
first i configured SMS OTP and Email OTP identity providers.
then i change local and outbound authentication configuration in service provider configuration. as per attached image
[service provider configuration] (https://i.stack.imgur.com/WREK3.png)
after that try to login in service
first system displays username and password form then SMS OTP form then blank page appear with https://localhost:9443/commonauth URL although i received email with OTP, as per attached images.
[Step 1] (https://i.stack.imgur.com/G6g21.png)
[step 2] (https://i.stack.imgur.com/0A8ZN.png)
[Step 3] (https://i.stack.imgur.com/wLZWX.png)
i try to change order of steps to be username and password step then email OTP then SMS OTP, the result is system ask user about username and password then email OTP then user log in successfully without SMS OTP step!!!
please advise how to login user after three mentioned steps (basic > SMS OTP > Email OTP)
The initial issue mentioned in the question, hanging on commonauth endpoint if basic > SMS OTP > Email OTP steps configured scenario is already reported in https://github.com/wso2/product-is/issues/15364.
That issue is fixed by https://github.com/wso2-extensions/identity-outbound-auth-email-otp/pull/151.
You can patch this change to your WSO2 IS server and try out the flow.
Refer to this:https://tharika.medium.com/how-to-apply-java-code-changes-to-wso2-server-on-the-go-caba252370 for more information on applying a patch.
We are trying to use WSO2 IS Rest Api for users's authentication. Is there any way to enable email otp with Rest API authentication?
WSO2 does not support REST API based MFA (Email, SMS) as of now, but it's on the roadmap.
https://github.com/wso2/product-is/issues/11549
https://github.com/wso2/product-is/issues/11548
As a community user, you may use https://github.com/wso2-extensions/identity-otp-integration-endpoints. However it is not covered under WSO2 commercial support.
Most of the new mobile Apps use Mobile number with SMS OTP to authenticate the user without username/password how can we do the same to generate Access Token using WSO2 Identity Server, considering the following points:
User have to enter his/her mobile number in the App
User have to enter the SMS OTP in the App
WSO2IS to send the SMS OTP
In the last step to generate Access Token from WSO2 for the user
Following is the expected flow
Mobile-SMS Flow
You can create a custom authenticator for this and manage SMS-OTPs from the custom authenticator you can follow this link and integrate the below two functionalities for your application.
SMSOtpService.generateSMSOTP(userId);
This will generate a SMS-OTP for the input of userID (scim-id) and the output will be a transactionId alongside with smsOtp and through the WSO2IS SMS event handler, you can send OTP too.
SMSOtpService.validateSMSOTP(transactionId, userID, smsOTP);
This method will validate the SMS-OTP with the input fields of transactionID, userId(scim-id) and smsOtp.
You need to do few customizations but basically, you can use these two functions to generate and validate SMS-OTP
I want to use Google Authenticator for 2-factor authentication with WSO2 identity server 5.7.0. The Google Authenticator should provide a One-Time Password which is valid only for a very short duration. Using the email id, password and OTP (generated from Google Authenticator) a user should be allowed to sign in into an application.
I cannot find how to implement google authenticator in the link mentioned below WSO2 Identity Server Authenticators and Connectors Documentation
Can anyone provide some steps in the direction to implement Google Authenticator with WSO2?
Note: I am not referring to using Google as a federated authenticator.
As for me for your use case you don't need google authenticator you need email otp[1]. You can configure your email otp to generate from google. You can enable it as a second factor in authentication. So the first user will login using user name and password then user will be asked for the otp that generated from google. That will be sent to the user email account.
If you want to use the google authenticator to get the otp not the email then you should use wso2 totp. [2]
[1]. https://docs.wso2.com/display/IS570/Configuring+Email+OTP
[2].https://docs.wso2.com/display/ISCONNECTORS/Configuring+TOTP+Authenticator
How to custom the default authentication method-username/password in WSO2 Identity Server 5.7.0? i.e. use password plus any of mobile/email/username to authentication an end user and provide the user an JWT token as response.
Please refer to the following[1][2] as per your requirement you can use basic(username/password) as authentication step 1 and SMS OTP or email OTP as step 2. Following examples are based on SAML but as you need to get JWT token as a responce you need to register an OIDC application as a service provider.[3][4]
[1].https://docs.wso2.com/display/IS570/Configuring+Email+OTP#ConfiguringEmailOTP-ConfigureWSO2ISastheemailOTPprovider
[2].https://docs.wso2.com/display/ISCONNECTORS/Configuring+Multi-factor+Authentication+using+SMSOTP
[3].https://docs.wso2.com/display/IS570/Configuring+OAuth2-OpenID+Connect+Single-Sign-On
[4].https://docs.wso2.com/display/IS570/Try+Authorization+Code+Grant