Class JBossTimeBasedOTPLoginModule

  • All Implemented Interfaces:
    LoginModule

    public class JBossTimeBasedOTPLoginModule
    extends Object
    implements LoginModule

    Login Module that can be configured to validate a Time based OTP.

    Usage: This login module needs to be configured along with one of the other JBoss login modules such as org.jboss.security.auth.spi.DatabaseServerLoginModule or org.jboss.security.auth.spi.LdapLoginModule

    Example configuration:

     
     <application-policy name="otp">
        <authentication>
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag="required">
            <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
            <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
          </login-module>
          <login-module code="org.jboss.security.auth.spi.otp.JBossTimeBasedOTPLoginModule" />
        </authentication>
      </application-policy>
     
     

    Configurable Options:

    • algorithm: either "HmacSHA1", "HmacSHA256" or "HmacSHA512" [Default: "HmacSHA1"]
    • numOfDigits: Number of digits in the TOTP. Default is 6.
    • additionalRoles: any additional roles that you want to add into the authenticated subject (on success). For multiple roles, separate with a comma

    This login module requires the presence of "otp-users.properties" on the class path with the format: username=key

    An example of otp-users.properties is:

        admin=35cae61d6d51a7b3af
       

    Since:
    Sep 21, 2010
    Author:
    Anil.Saldhana@redhat.com