We have configured Authentication policy with MAC OTP mechanism. We are calling policy from the application to generate and validating OTP as mentioned below
OTP Generation Curl eg;
curl -k -v -X POST -H "Content-Type:application/json" -H "Accept: application/json" --data "{'myuid' : 'aacuser' , 'media' : 'Email' , 'deliveryAttribute' : '
local@admin.com'}" "https://isamhost/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:newmacotp"
OTP Validation Curl Eg:
curl -k -v -X PUT -H "Content-Type:application/json" -H "Accept: application/json" --data "{'otp.user.otp-hint':'3608','otp.user.otp':'555999'}" "https://isamhost/mga/sps/apiauthsvc?StateId=dWbRQpE8KqLYnJmbDFBmvOYJCwvhvhgAJ7bALjEK2orSd6UOUtPya2t9eXTvuha0DWhenNKhhDEFqjKYtHMC9hXbrQ0crEhOcq6MsIg6BTKP1huiP4wAcU428qzKGE5M"
We are able to validate when we enter valid pin and no issues identified but w
hen we try with invalid pin, it is not enforcing retry limit value from OTPVerify mapping rule.
We have noticed IDMappingExtUtils.getSPSSessionData(retryCounterID) value as null during OTPVerify mapping rule execution.
We have configured authentication and access module for cookieless operation to function in like an API as mentioned below.
https://www.ibm.com/docs/en/sva/9.0.7?topic=authentication-configuring-access-module-cookieless-operation
Are we missing anything in our config?
------------------------------
Anji Babu
------------------------------