Use Case :
Authenticate user with username and PIN (or any other user attribute other than the password).
PRE-requisite :
A user selected PIN is stored in the user store in any of the existing user attribute. For e.g say the PIN is stored in an attribute “businesCategory” in an LDAP.
Instruction :
- Duplicate the default login.fcc and save the file as pinlogin.fcc.
- Change the label for the password field from “Password” to “PIN”
[xml]</p>
<p style="padding-left: 30px;"><tr>
<td WIDTH=20 > </td>
<td >
<b><font size=-1 face="arial,helvetica" > PIN: </font></b>
</td>
<td ALIGN="left" >
<input type="password" name="PASSWORD" size="30" style="margin-left: 1px">
</td>
<td WIDTH=20 > </td>
</tr></p>
<p style="padding-left: 30px;">[/xml]
- (Optional ) Modify the attached custom authentication code as required ( to lookup an alternate user attribute other than businessCategory )
[java]</p>
<p style="padding-left: 30px;">String PIN = theUserCredentialsContext.getPassword();
//REJECT Login if no PIN supplied.
if (PIN.length() <= 0) {
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
SmAuthenticationResult.REASON_NONE);
}</p>
<p style="padding-left: 30px;">…</p>
<p style="padding-left: 30px;">…</p>
<p style="padding-left: 30px;">// Check and Compare PIN. For this test, we are store user PIN in attribute ‘businessCategory’
if (!theUserContext.getProp("businessCategory").equals(PIN))
{
logInPSTrace(context, "User Authentication failed. Invalid PIN");
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
SmAuthenticationResult.REASON_NONE);
}</p>
<p style="padding-left: 30px;">[/java]
- Compile and deploy the attached custom authentication class to <PS_Installation_Directory>\config\properties. This directory is by default in the classpath so you don’t need to make any change in the JVMOptions.txt. If you choose to deploy in other direcotry modify the classpath in the JVMOptions accordingly.
- Create a new authentication scheme based on “Custom Template” as below :
TESTING:
- Valid UserName and PIN
Logs :
(policy server trace log : smtracedefault.log)
[text]
[05/10/2018][15:18:52.962][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘Authenticating User :shruj01’]][PINAuthentication: PINAuthentication:: [‘Authenticating User :shruj01’]]
[05/10/2018][15:18:52.972][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘User Successfully Authenticated :shruj01’]][PINAuthentication: PINAuthentication:: [‘User Successfully Authenticated :shruj01’]]
[/text]
2. Invalid PIN
Log :
[text]
[05/10/2018][15:20:32.348][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘Authenticating User :shruj01’]][PINAuthentication: PINAuthentication:: [‘Authenticating User :shruj01’]]
[05/10/2018][15:20:32.377][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘User Authentication failed. Invalid PIN’]][PINAuthentication: PINAuthentication:: [‘User Authentication failed. Invalid PIN’]]
[/text]
Attachment
pinlogin.fcc & Custom Authentication class : pinlogin
RELATED BLOG :
http://box5324.temp.domains/~iamtecht/how-to-collect-additional-attribute-using-custom-authentication/
2 Responses
Hi Ujwol,
Do we need to make any change into userDirectory or sm.registry file to accept PIN instead of password?
Hi Naresh, No you don’t have to.