Hi Romuald,
Now I understand, you want to limit the number of times that a user can click the [Regenerate] button to avoid the extra associated costs.
There is no setting for this.
To implement this it will definitely need some coding by knowledgable people at several places in AAC. You would have to keep track of the number of retries in a counter and insert that counter in the session. Then when the max limit is reached, you would have to tell the user and block this method for further use until reset by an administrator (otherwise the user will keep retrying and sms messages keep on being send).
This needs updates to some of the OTP infomap scripts, and to one or more template pages etc.
You could raise a PMR/feature request (or submit a case) to IBM where you request this very useful setting for inclusion in the product.
Peter
------------------------------
Peter Gierveld
Security Architect
SecurIT
Amsterdam
------------------------------
Original Message:
Sent: Thu May 02, 2019 08:01 AM
From: Romuald Blondel
Subject: How to limit OTP SMS generation ?
Hi,
This is the screen we use.
By default , it's possible to regenerate indefinitely sms OTP
How to limit tries to regenerate sms OTP ?
Thanks for your help
------------------------------
Romuald Blondel
Original Message:
Sent: Tue April 30, 2019 07:42 AM
From: Peter Gierveld
Subject: How to limit OTP SMS generation ?
Hi Romuald,
I am not quite sure if mean to limit the number of characters used in OTP code generation or limit the numbers where to text (SMS) the OTP codes to.
The latter you will need to do some extra coding, i.e. in the sending part. There is no information given by you on how you currently send the text messages, through an SMS gateway or an email system perhaps, this will determine where you have to code.
For the OTP code generator depends what mechanism you use. For example the TOTP One-time Password mechanism has a property that controls how long the generated One time Password should be (default length is 6) . The MAC One-time Password has the same length property, but also you can tell from what characters set it can be composed of (not limited to digits).
Hope this helps.
------------------------------
Peter Gierveld
Security Architect
SecurIT
Amsterdam
Original Message:
Sent: Mon April 29, 2019 04:43 AM
From: Romuald Blondel
Subject: How to limit OTP SMS generation ?
Hi all,
We would like to limit the numbers of SMS OTP generations.
Is there a parameter to manage it or Is it necessary to modify OTPDeliver mapping rule to achieve this goal ?
Thanks for your help
------------------------------
Romuald Blondel
------------------------------