Tech Tip : How to authenticate user with username and non password attribute (e.g PIN)

prefill username
Use Case :

Authenticate user with username and PIN (or any other user attribute other than the password).

PRE-requisite :

A user selected PIN is stored in the user store in any of the existing user attribute. For e.g say the PIN is stored in an attribute “businesCategory” in an LDAP.

Instruction :
  • Duplicate the default login.fcc  and save the file as pinlogin.fcc.
  • Change the label for the password field from “Password” to “PIN”

<p style="padding-left: 30px;"><tr>
<td WIDTH=20 >&nbsp;</td>
<td >
<b><font size=-1 face="arial,helvetica" > PIN: </font></b>
<td ALIGN="left" >
&nbsp; <input type="password" name="PASSWORD" size="30" style="margin-left: 1px">
<td WIDTH=20 >&nbsp;</td>
<p style="padding-left: 30px;">[/xml]

  • (Optional ) Modify the attached custom authentication code as required ( to lookup an alternate user attribute other than businessCategory )

<p style="padding-left: 30px;">String PIN = theUserCredentialsContext.getPassword();

//REJECT Login if no PIN supplied.
if (PIN.length() <= 0) {
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
<p style="padding-left: 30px;">…</p>
<p style="padding-left: 30px;">…</p>
<p style="padding-left: 30px;">// Check and Compare PIN. For this test, we are store user PIN in attribute ‘businessCategory’
if (!theUserContext.getProp("businessCategory").equals(PIN))
logInPSTrace(context, "User Authentication failed. Invalid PIN");
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
<p style="padding-left: 30px;">[/java]

  • Compile and deploy the attached custom authentication class to <PS_Installation_Directory>\config\properties. This directory is by default in the classpath so you don’t need to make any change in the JVMOptions.txt. If you choose to deploy in other direcotry modify the classpath in the JVMOptions accordingly.
  • Create a new authentication scheme based on “Custom Template” as below :

PIN Login


  1. Valid UserName and PIN


Logs :

(policy server trace log : smtracedefault.log)


[05/10/2018][15:18:52.962][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘Authenticating User :shruj01’]][PINAuthentication: PINAuthentication:: [‘Authenticating User :shruj01’]]
[05/10/2018][15:18:52.972][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘User Successfully Authenticated :shruj01’]][PINAuthentication: PINAuthentication:: [‘User Successfully Authenticated :shruj01’]]


2. Invalid PIN

Log :


[05/10/2018][15:20:32.348][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘Authenticating User :shruj01’]][PINAuthentication: PINAuthentication:: [‘Authenticating User :shruj01’]]
[05/10/2018][15:20:32.377][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: [‘User Authentication failed. Invalid PIN’]][PINAuthentication: PINAuthentication:: [‘User Authentication failed. Invalid PIN’]]



pinlogin.fcc & Custom Authentication class : pinlogin




Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest

2 Responses

  1. Hi Ujwol,
    Do we need to make any change into userDirectory or sm.registry file to accept PIN instead of password?

Leave a Reply

Your email address will not be published.