Question

support for security tokens on login

5

For a large project handling personal (private) data we need to add support for physical security tokens generating one-time-passwords (OTP). On login we need to provide an extra text field where the user can type in the generated OTP. Using the entered OTP we must use both the standard username/password and the java API of the token provider to evaluate the login based on the OTP. How can we implement this in the Mx login procedure?

asked 2010-01-29

Jim van Dam

1 answers

Michel Weststrate · Answer 1 · 2010-02-02

This would require to build a small application or servlet in front of the mendix login page, (this approach is used by both the MxID application and the Windows Authentication (SSO) module).

This would take four steps:

reroute the login procedure to your custom Servlet (by adjusting index.html).
Validate the OTP with same java code
Provide the credentials to the mendix core.
The resulting session needs to be stored in a cookie and the response can redirect back to the real application.