Repeat current authentication step

By: Sakit Atakishiyev user 15 May 2017 at 4:06 a.m. CDT

17 Responses
Sakit Atakishiyev gravatar
Hi, I want to know that is there any way to repeat current step depend on user's response during authenticate user with custom script. Just for example. When you sign in on google, it send notification to you phone about login and wait to response. If you press to yes button google authenticate you otherwise not. I want to do like this. First get user info then send a message to user's phone and wait his/her response. For now i just call `prepareAuthenticateStep` method and after get user's response I call 'authenticate' method. Is it correct way? Or has Gluu Server this kind of feature?
U1404
closed

Answers

By Mohib Zico Account Admin 15 May 2017 at 4:18 a.m. CDT

Copy
Mohib Zico gravatar
We have bunch of authentication scripts available. Please check [doc](https://gluu.org/docs/ce/3.0.1/authn-guide/intro/).

By Sakit Atakishiyev user 15 May 2017 at 6:31 a.m. CDT

Copy
Sakit Atakishiyev gravatar
hi mohib, I know all these and checked. Problem is none of them does not repeat current step. Just define step count at the begining. My question is I want to repeat the same thing at the specific step. is it possible?. And my other question is for example I have 10 step(max) but depend on the process this step can be less than 10. For example User can authenticate itself at 7th step. In this case how can I stop remain steps and redirect user?

By William Lowe user 15 May 2017 at 10:16 a.m. CDT

Copy
William Lowe gravatar
Hi Sakit, Basically any business logic you can define in code can be scripted into the authentication process. So yes, it's possible to repeat a specific step. Then regarding your second question... this also seems like something that can be coded into your authentication script. It's not totally clear to me how it will work, but it seems like using if/else statements, you should be able to code the logic that meets your requirements. Thanks, Will

By Sakit Atakishiyev user 15 May 2017 at 11:46 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi William, as I wrote currently I can reapeat current step with script I want to know that that way is correct or not. For the second part I want to know that how can stop authenticate process before reach my last step. For example I have 10 steps for authenticate each time when I return `True` in authenticate method system continue to execute script and finish if reach the final step. How can I stop it?

By William Lowe user 15 May 2017 at 11:51 a.m. CDT

Copy
William Lowe gravatar
> I can reapeat current step with script I want to know that that way is correct or not. Yes, correct. Second part is not totally clear to me. You can script in the exact logic that you want the authentication process to follow.

By Sakit Atakishiyev user 16 May 2017 at 12:50 a.m. CDT

Copy
Sakit Atakishiyev gravatar
OK I explain second part. Suppose that we have 10 step(max) for authentication. Each time `authenticate` method return `true` this step value is increased. At 10th step OP try to authenticate my user. Now suppose that I get user info at 6th step and authenticate the user with this info. But because of I am at 6th step system continue process and through 7th step. My question is how do I stop this process before last step?

By William Lowe user 16 May 2017 at 3:23 p.m. CDT

Copy
William Lowe gravatar
It sounds like the script should check whether to send the person for authentication at the end of each step. For example: - Step 1 complete. Send user for authentication? If yes, send to step 10. Else, send to step 2. - Step 2 complete. Send user for authentication? If yes, send to step 10. Else, send to step 3. etc. Does that satisfy the requirement?

By Sakit Atakishiyev user 17 May 2017 at 1:07 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Yes William. That is what I want.

By Sakit Atakishiyev user 20 May 2017 at 12:09 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi William, I want to just clarify, with custom script can we through from `step 1` to `step 3`?

By Mohib Zico Account Admin 20 May 2017 at 4:55 a.m. CDT

Copy
Mohib Zico gravatar
We can, [here](https://github.com/GluuFederation/oxAuth/tree/master/Server/integrations) are our various mutifactor authN codes. I think you might wanna check SuperGluu, Duo, Otp; they all are depending on end users input from mobile.

By Sakit Atakishiyev user 22 May 2017 at 1:11 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Hi mohib, I already read all these examples. But none of them repeat current step. Yes all of these depend on en users input but my case is different. In these examples, after user authenticate system send message to end user and then ask confirmation code. But in my case I did not ask any confirmation code. Like Goole authentication. For example when I logged in to my Google profile, after Google check my email and password, it sends a notification to my phone but does not ask any confirmation code just wait my response. After I press `Yes` on my phone then Google redirect me to my inbox or etc. Is it clear now what we want?

By Mohib Zico Account Admin 22 May 2017 at 2:03 a.m. CDT

Copy
Mohib Zico gravatar
>> For example when I logged in to my Google profile, after Google check my email and password, 1st step of authentication, Username/password. Ok. >> it sends a notification to my phone but does not ask any confirmation code What kind of notification? >> After I press Yes on my phone then Google redirect me to my inbox or etc. Is it clear now what we want? So, here is the 'input from user' step.

By Sakit Atakishiyev user 22 May 2017 at 2:21 a.m. CDT

Copy
Sakit Atakishiyev gravatar
Just inform me that some one try login to my profile. If it is you press yes, otherwise no. You are right my response is input. But this response is from other source. I mean I did not enter anything on web, Google try to detect at the background that I pressed Yes or no. Please chek this [link](http://www.imore.com/how-set-two-step-authentication-google-and-gmail)

By Mohib Zico Account Admin 24 May 2017 at 2:30 a.m. CDT

Copy
Mohib Zico gravatar
I think I am not getting what you are actually asking about. The link you shared is 'how to configure Google authenticator' for 2FA, which is what we are doing with SuperGluu. It's better if you can provide a diagram of your design/plan. Please share the source of your diagram as well ( we will draw another lines to present how SuperGluu is working there ).

By Sakit Atakishiyev user 24 May 2017 at 6:16 a.m. CDT

Copy
Sakit Atakishiyev gravatar
OK let me explain. - User enters his/her `phone number` and `user id` and press the `login` button. - GluuServer execute custom script(`step 1:authorization method`): in this step we call `third party web service` with the user's inputs. This third party web service send `message` to the given phone number and return back a `code`(this code also send user's phone via message) if there is no any error(such as wrong phone number or user id, timeout or not registered phone number and etc). When GluuServer get response, takes the `code` from response and set this code to `session` and return `true`. - After above process gluu server `prepare second step` and show the code to the user which got from `step 1`. now when user get the message, he/she check the code from message, he/she enters their `private pin` from his/her phone and response to back. In this meantime GluuServer again call that third party web service to check that user get message and entered his/her pin. GluuServer should repeat this step while user get message and enter his/her pin or wait the timeout(if user did not get a message in 3 minutes, authorization will be failed) Is it more clearly now or not?

By Mohib Zico Account Admin 24 May 2017 at 7:35 a.m. CDT

Copy
Mohib Zico gravatar
>> User enters his/her phone number and user id and press the login button. No password? >> third party web service Which third party service? >> After above process gluu server prepare second step and show the code to the user which got from step 1. Show code where? In Gluu Server page? Somewhere in oxAuth message which is in his web browser? >> He/she check the code from message, he/she enters their private pin from his/her phone and response to back. What is the difference between 'code in message' and 'private pin' ? >> Is it more clearly now or not? Unfortunately, no. Please share a sequence diagram like [this](https://gluu.org/docs/ce/3.0.1/img/user-authn/otp/gluu_otp_integration_authentication_workflow.png).

By Sakit Atakishiyev user 24 May 2017 at 9:35 a.m. CDT

Copy
Sakit Atakishiyev gravatar
ok let me prepare some simple one.

Post an answer