Tech Tip : How to authenticate user with username and non password attribute (e.g PIN)

prefill username iamtechtips.com
Use Case :

Authenticate user with username and PIN (or any other user attribute other than the password).

PRE-requisite :

A user selected PIN is stored in the user store in any of the existing user attribute. For e.g say the PIN is stored in an attribute “businesCategory” in an LDAP.

Instruction :
  • Duplicate the default login.fcc  and save the file as pinlogin.fcc.
  • Change the label for the password field from “Password” to “PIN”
</p>
<p style="padding-left: 30px;"><tr>
<td WIDTH=20 >&nbsp;</td>
<td >
<b><font size=-1 face="arial,helvetica" > PIN: </font></b>
</td>
<td ALIGN="left" >
&nbsp; <input type="password" name="PASSWORD" size="30" style="margin-left: 1px">
</td>
<td WIDTH=20 >&nbsp;</td>
</tr></p>
<p style="padding-left: 30px;">
  • (Optional ) Modify the attached custom authentication code as required ( to lookup an alternate user attribute other than businessCategory )
</p>
<p style="padding-left: 30px;">String PIN = theUserCredentialsContext.getPassword();

//REJECT Login if no PIN supplied.
if (PIN.length() <= 0) {
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
SmAuthenticationResult.REASON_NONE);
}</p>
<p style="padding-left: 30px;">...</p>
<p style="padding-left: 30px;">...</p>
<p style="padding-left: 30px;">// Check and Compare PIN. For this test, we are store user PIN in attribute 'businessCategory'
if (!theUserContext.getProp("businessCategory").equals(PIN))
{
logInPSTrace(context, "User Authentication failed. Invalid PIN");
return new SmAuthenticationResult(SmAuthStatus.SMAUTH_REJECT,
SmAuthenticationResult.REASON_NONE);
}</p>
<p style="padding-left: 30px;">
  • Compile and deploy the attached custom authentication class to <PS_Installation_Directory>\config\properties. This directory is by default in the classpath so you don’t need to make any change in the JVMOptions.txt. If you choose to deploy in other direcotry modify the classpath in the JVMOptions accordingly.
  • Create a new authentication scheme based on “Custom Template” as below :

PIN Login

 

TESTING:
  1. Valid UserName and PIN

PINLoginFORM

Logs :

(policy server trace log : smtracedefault.log)


[05/10/2018][15:18:52.962][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: ['Authenticating User :shruj01']][PINAuthentication: PINAuthentication:: ['Authenticating User :shruj01']]
[05/10/2018][15:18:52.972][15:18:52][5924][4784][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: ['User Successfully Authenticated :shruj01']][PINAuthentication: PINAuthentication:: ['User Successfully Authenticated :shruj01']]

2. Invalid PIN

Log :


[05/10/2018][15:20:32.348][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: ['Authenticating User :shruj01']][PINAuthentication: PINAuthentication:: ['Authenticating User :shruj01']]
[05/10/2018][15:20:32.377][15:20:32][5924][4060][SmAuthUser.cpp:775][ServerTrace][][][][][][][][][][][][][][][][][][][][PINAuthentication:: ['User Authentication failed. Invalid PIN']][PINAuthentication: PINAuthentication:: ['User Authentication failed. Invalid PIN']]

Attachment

pinlogin.fcc & Custom Authentication class : pinlogin

RELATED BLOG :

Tech Tip : How to collect additional attribute using custom authentication

 

 

2 thoughts on “Tech Tip : How to authenticate user with username and non password attribute (e.g PIN)

  1. Naresh Garg Reply

    Hi Ujwol,
    Do we need to make any change into userDirectory or sm.registry file to accept PIN instead of password?

Leave a Reply