PhenixID DocumentationPhenixID Authentication ServicesVersion 2.7 SolutionsHow to use parallel delivery methods in PhenixID Server

How to use parallel delivery methods in PhenixID Server

This article describes how to use parallel delivery methods in PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

System requirements

  • PhenixID Server installed.
  • Multiple delivery methods available

Overview

The instructions in this document will help you configure parallel delivery methods in PhenixID Server.

In the example we will use both PhenixID Message Gateways SMS and SMTP as methods to deliver the OTP.

Change the configuration

Please make sure that you have a recent copy of <PhenixID Server installationdirectory>/config/phenix-store.json before proceeding.

In the example below we have started with a login scenario that uses sms for otp delivery. And we then add SMTP as the second method.

Login to the administration configuration interface via a web browser at https://<hostname_or_ip>:8443/config/ and then choose the tab Advanced.

Go to the section Pipes and find your uid_pwd_pipe. This pipe can be found on your RADIUS_AUTHENTICATOR under Authentication - Radius.

This pipe will start with LDAPSearchValve. So in this valve please add the attribute containing the SMTP address in the parameter attributes. In our example the pipe already had mobile since we started with sms, so we add mail as the second attribute (comma as seperator).

    "name" : "LDAPSearchValve",
      "config" : {
        "connection_ref" : "yourconnectionrefid",
        "base_dn" : "DC=ORG,DC=LOCAL",
        "scope" : "SUB",
        "size_limit" : "0",
        "filter_template" : "cn={{request.User-Name}}",
        "attributes" : "mobile,mail"

We will make that we only send the otp using the respective methods if the account actually has a value set for mobile and mail.

This is done using expressions.

So for the OTPBySMSValve add the following line:

    "exec_if_expr" : "flow.items().get(0).containsProperty('mobile')"

Remember to set the comma on the line before, so it should now look like this:

"name" : "OTPBySMSValve",
      "config" : {
        "gw_username" : "yourgwusername",
        "gw_password" : "yourgwpassswordencrypted",
        "recipient_param_name" : "mobile",
        "generated_otp_name" : "generated_otp",
        "use_flash" : "true",
          "exec_if_expr" : "flow.items().get(0).containsProperty('mobile')"

The next step is to add the SMTP configuration to the login scenario:

{
      "name" : "OTPBySMTPValve",
      "config" : {
        "smtp_host" : "192.168.0.24",
        "smtp_port" : "25",
        "smtp_from_address" : "otp@org.local",
        "start_tls_enabled" : "true",
        "userid_param_name" : "User-Name",
        "smtp_username" : "",
        "smtp_password" : "yoursmtppasswordencrypted",
        "mail_param_name" : "mail",
        "generated_otp_name" : "generated_otp",
        "exec_if_expr" : "flow.items().get(0).containsProperty('mail')"
      }
    } 

Here as well we have added an expression to only send SMTP if we have a value in mail.

The configuration should now look like this:

{
      "name" : "OTPBySMSValve",
      "config" : {
        "gw_username" : "yourgwusername",
        "gw_password" : "yourgwpassswordencrypted",
        "recipient_param_name" : "mobile",
        "generated_otp_name" : "generated_otp",
        "use_flash" : "true",
          "exec_if_expr" : "flow.items().get(0).containsProperty('mobile')"
      }
    }, {
      "name" : "OTPBySMTPValve",
      "config" : {
        "smtp_host" : "192.168.0.24",
        "smtp_port" : "25",
        "smtp_from_address" : "otp@org.local",
        "start_tls_enabled" : "true",
        "userid_param_name" : "User-Name",
        "smtp_username" : "",
        "smtp_password" : "yoursmtppasswordencrypted",
        "mail_param_name" : "mail",
        "generated_otp_name" : "generated_otp",
        "exec_if_expr" : "flow.items().get(0).containsProperty('mail')"
      }
    }