IBM Security Verify

Expand all | Collapse all

ISAM - How to add custom message in SMS OTP(mac) delivery.

  • 1.  ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Mon January 11, 2021 07:32 AM
    Hello Team,

    I want to add a custom message to sms_message.xml(OTP delivery) from infoMap.

    I have tried with macros and attributes set in session context but it's not working.

    Any pointers would be helpful.

    ------------------------------
    Mukesh
    ------------------------------


  • 2.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Mon January 11, 2021 08:11 AM
    Hi Mukesh,

    Try the following:

    //In InfoMap:
    context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "variableName", "custom_message");

    //In sms_message.xml
    Access it using @variableName@

    Hope it helps.

    Regards,
    Jahanzaib

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------



  • 3.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Mon January 11, 2021 08:40 AM
    Hi Jahanzaib,

    Thanks for your response!

    I have already configured this way even tried with macros also.




    ------------------------------
    Mukesh
    ------------------------------



  • 4.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Tue January 12, 2021 03:21 PM
    Hi Mukesh,

    Are you ending your InfoMap with success.setValue(true);?

    Also, is your MAC OTP mechanism defined after the InfoMap mechanism in the authentication policy steps sequence?

    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------



  • 5.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Wed January 13, 2021 08:37 AM
    Hi Jahanzaib,


    Yes, infoMap is ending with success.setValue(true) but policy is ending with success.endPolicyWithoutCredential(); which is last step.


    So, we have 4-5 different flows like unlock me, forgot password, etc. so we want to send custom message with OTP base on the operation(flow).

    In step 2, I'm trying to set a custom message through macro or context attributes. 






    ------------------------------
    Mukesh
    ------------------------------



  • 6.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Thu January 14, 2021 12:21 AM
    Hi Mukesh,

    Have you tried setting the macro within the decision mapping rule?

    Macros are generally scoped to within a single mechanism, not the whole policy, except within Decisions (macros set in the decision mapping rule will be available to any mechanisms within a branch).


    ------------------------------
    Jasmine
    ------------------------------



  • 7.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Mon January 18, 2021 05:18 AM
    Edited by Mukesh Bhati Mon January 18, 2021 05:18 AM
    Hi Jasmine,

    Tried setting a custom message in MACRO from the decision mapping rule.

    But still same, nothing is populating in the SMS template.



    SMS OTP Response for Reference:
    This is your one-time password 123-456789.
    @MSG_1@

    regards,
    TEST


    ------------------------------
    Mukesh
    ------------------------------



  • 8.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Wed January 20, 2021 06:26 PM
    Hi Mukesh,

    After investigating a bit further, it looks like at the moment we don't support custom macros in Email OTP or SMS OTP XML payloads (I was confusing the OTP pages with the XML template that is sent to the user's device).

    But it does look like we support template scripting in those XML pages. If you'd prefer the simpler custom macros, I'd suggest opening an RFE.



    ------------------------------
    Jasmine
    ------------------------------



  • 9.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Fri January 22, 2021 01:15 AM
    Edited by Mukesh Bhati Fri January 22, 2021 01:16 AM
    Hi Jasmine and​ Jahanzaib,


    Thanks for the help!

    We are able to send the custom message for OTP by modifying some inbuilt scripts.

    From infoMap we set one attribute - IDMappingExtUtils.setSPSSessionData("MSG","some custom message");

    Then we extracted the MSG attribute in the OTPDeliver mapping rule.

    var customMessage = IDMappingExtUtils.getSPSSessionData("MSG");

    var ctxOTPFormatted = new Attribute("otp.sts.otp-formatted", "otp.sts.type", customMessage+otpFormatted );
    stsuuCtxAttrs.setAttribute(ctxOTPFormatted);

    as ctxOTPFormatted attribute is replaced by @OTP_STRING@ in sms_message.xml/email_message.xml template file.

    In this way, we are able to send a custom message for SMS/Email OTP.

    we referred to the below blog.
    https://www.ibm.com/blogs/sweeden/branching-authentication-policy-isam-advanced-access-control/


    ------------------------------
    Mukesh
    ------------------------------



  • 10.  RE: ISAM - How to add custom message in SMS OTP(mac) delivery.

    Posted Thu January 14, 2021 02:19 PM
    Hi Mukesh,

    Looking at the provided information, it seems that a session is not being established, as you are only taking the user Id as input if I am not wrong and which is why you are not able to use

    context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "variableName", "custom_message");

    because this stores the macro/variable in the session which can be retrieved later. In your case there is no session.

    As the macros are scoped within a single mechanism, that approach would not work either.

    Perhaps, you could try any of following approaches which I am thinking of currently:

    1. Use a dummy session for executing the policy steps, to be able to use context.set(Scope.SESSION, "urn:ibm:security:asf:response:token:attributes", "variableName", "custom_message");
    2. Include the custom message as a hidden form input parameter on the page where you take user id from user (Unlock Me Collect UserID), then catch it in decision mapping rule and further utilize it by setting it as a macro (hoping the macros persist among branches). I have not tried this, perhaps anyone who has tried or can confirm about the persistence of macros among branches can help.
    Regards,

    ------------------------------
    Jahanzaib Sarwar
    ------------------------------