IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

MAC OTP - Control generate OTP in case of page reload or invalid OTP

Faizan AhmedThu June 25, 2020 05:22 AM

Hello, We are working on ISAM version 9.0.7. We have implemented second factor authentication using ...

Jon HarryMon June 29, 2020 04:22 AM

Faizan, Usually the system wouldn't generate a new OTP on failure. It would usually present the challenge ...

1. MAC OTP - Control generate OTP in case of page reload or invalid OTP

Like
Faizan Ahmed
Posted Thu June 25, 2020 05:22 AM

Reply
Hello,

We are working on ISAM version 9.0.7. We have implemented second factor authentication using mac-otp / sms.

The default behavior for OTP page we see in our environment is:

1. If the OTP submitted by user is invalid, system sends a new OTP to user and page is reloaded with failure message.
2. If user switches the language (in our case from english to arabic or visa-versa), page is reloaded with new language. Again the system generates a new OTP.

For the above mentioned cases, we don't want to generate a new OTP. We checked the properties for mac otp mechanism but did not find anything useful there.

So not sure if this is possible and if then how. Any advise is highly appreciated.

Regards.

------------------------------
Faizan Ahmed
------------------------------
2. RE: MAC OTP - Control generate OTP in case of page reload or invalid OTP

Like
Jon Harry
Posted Mon June 29, 2020 04:22 AM

Reply
Faizan,

Usually the system wouldn't generate a new OTP on failure. It would usually present the challenge page again informing number of attempts remaining. I don't know about changing language but I wouldn't expect it to send a new OTP.

What is the error message you see when the page reloads?

Perhaps state is being lost somewhere. Are you load-balancing across multiple AAC backends from you /mga junction? If so, is it sticky?
Which mechanism are you using for the OTP?

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message

IBM Verify

IBM Verify

MAC OTP - Control generate OTP in case of page reload or invalid OTP

Faizan AhmedThu June 25, 2020 05:22 AM

Jon HarryMon June 29, 2020 04:22 AM

1. MAC OTP - Control generate OTP in case of page reload or invalid OTP

2. RE: MAC OTP - Control generate OTP in case of page reload or invalid OTP

Additional
Resources

Office

Quick Links

IBM Verify

IBM Verify

MAC OTP - Control generate OTP in case of page reload or invalid OTP

Faizan AhmedThu June 25, 2020 05:22 AM

Jon HarryMon June 29, 2020 04:22 AM

1. MAC OTP - Control generate OTP in case of page reload or invalid OTP

2. RE: MAC OTP - Control generate OTP in case of page reload or invalid OTP

Related Content

Policy parameters for OTP mechanisms

MAC OTP Validation - REST API - issue with Enforcing invalid pin attempts - 9.0.7

Custom login pages for MAC OTP in Verify Access

ISAM create new OTP Mechanism and Invoke through API

ISAM: Getting Started with FIDO2 in ISAM 9.0.7

Additional Resources

Office

Quick Links

Additional
Resources