IBM Security Verify

 View Only
  • 1.  customize otp email

    Posted Fri January 29, 2021 02:32 AM
    I want to customize the /authsvc/otp/delivery/email_message.xml this OTP email template? i want to include other macro (otp hint) here but not able to access, my requirement is to split @OTP_STRING@ or include otp hint in the otp email.

    Also i want to understand how this email template is called , in USC Password Reset  , here can i write my own email mechanism to include my own email template and also can i use different email templates for different policies ?


    krish krishna

  • 2.  RE: customize otp email

    Posted Mon February 01, 2021 02:08 AM

    Hi Krish,

    The OTP hint and OTP have already been broken out into the separate macros @OTP_HINT@ and @OTP@ in Verify Access v10. To achieve the same functionality in earlier releases, you'll need to use a combination of InfoMap + template scripting to split the macros.

    In USC Password Reset, if you inspect the policy steps, you'll be able to see that the OTP is handled via the MAC One-time Password mechanism. The MAC OTP mechanism branches based on the deliveryType, and its templates can be found under:


  • 3.  RE: customize otp email

    Posted Sun May 30, 2021 07:42 AM
    Edited by Joao Goncalves Sun May 30, 2021 08:15 AM
    Related to this issue, I need to send an html message as the mail content, that is supposed to be rendered as html by the email client (e.g. outlook). I don't want to change the default email_message.xml.

    • Create a new file, and have OTP use the custom file, instead of email_message.xml. This is easy
    • Where do i specify that OTP filename, so that MAC Onetime Password mechanism uses the new custom_email_message.xml?

    Joao Goncalves
    Pyxis, Lda.
    +351 91 721 4994

  • 4.  RE: customize otp email

    Posted Wed June 02, 2021 10:06 AM

    I've got a feeling you need to put the HTML within a CDATA element.... like this:

      <body style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; color: #121212; padding: 12px;">
      <h1 style="color: #4178BE;">Your one-time password (OTP) is: </h1>
      <h2 style="color: #666666;">@CORRELATION@-@OTP@</h2>
      <p>Use this OTP to complete your request. It will expire after @OTP_LIFETIME@ minutes.</p>
      <p>Do not reply to this email.</p>


    Jon Harry
    Consulting IT Security Specialist

  • 5.  RE: customize otp email

    Posted Thu June 03, 2021 06:29 AM
    This is an interesting question you are asking. In fact, it is MAC One-time Password that will orchestrate the whole process.
    It will use the Email One-time Password mechanism, as well as other Mapping Rules.
    If you need to send different emails messages, depending on your context, I believe you cannot change the email_messsage_xml, but you can change this file, with an HTML document in <Message><Value>[![CDATA[ <html_document ]]> </Value></Message>

    In this <html_document> you can configure it to select based on an MACRO what the user will see, using a known technique Singe Page Website (or One Page Website), by hidding all messages you don't want the user to see. This way you can embed in the same email message, multiple different messages, and select which is the one the user will see (all others will be hidden!)

    I never tried this, but I believe it will work!

    Joao Goncalves
    Pyxis, Lda.
    +351 91 721 4994

  • 6.  RE: customize otp email

    IBM Champion
    Posted Wed July 21, 2021 05:31 PM
    Edited by Sylvain Gilbert Wed July 21, 2021 05:31 PM
    Hi all

    I intended as well to use the Email One-time Password mechanism but now you make me realize I can have at any time only a single mail template active in the system. (Moreover, just a simple email template file update requires a Liberty Runtime Restart). Should I want to use different Email templates based on different user communities or brands, how do I achieve that without template/html hacking skills required and/or without instantiating a new Liberty Runtime Appliance for segmenting the email templates ?

    I understand that Authentication Policies CAN be copied and refined but not authentication mechanism which kind of puts me in a dead end.

    I wish I could use as much as possible the OOTB authentication mechanism and not write my own one.

    Any sound advise appreciated.

    Sylvain Gilbert