OTP Callback Callout Plug-ins

About the OTP Callback Callout Handler

The OTP Callback Callout provides an extension point to the OTP Callback authentication method. The DirX Access native login module takes care about generating the one-time password and its subsequent verification, while the callout enables to employ any channel (SMS, e-mail, etc.) for the OTP transfer.

Comparing to the legacy ValidationCallout interface, the OTP Callback is single-purpose (in a way that it only applies on the OTP Callback authentication method), provides extensive context information to its implementation, and is based on the general Callback interface enabling access to the internal DXA server services (e.g., authentication service, application repository (configuration, policy, and user credentials) service, etc.).

Developing an OTP Callback Callout Handler

This section describes the tasks necessary for developing a custom OTP Callback callout handler.

Externalizing OTP Callback flow from the DirX Access Server

The DirX Access Server allows externalizing OTP Callback flow through a plug-in interface. This method requires creating an OTP Callback callout handler that implements the OtpCallbackCallout interface (net.atos.dirx.access.authn.api.callout.OtpCallbackCallout). The implementing class must be contained within an exported package of an OSGi bundle.

Employing an OTP Callback Callout Handler

The steps needed to employ the custom callout handler are outlined in the section Employing External Plug-in Modules.

Using an OTP Callback Callout Handler

This section describes the tasks that need to be performed to use an OTP Callback callout handler. Before starting to configure the DirX Access Server, make sure to run through all the steps in the section Employing External Plug-in Modules.

Prerequisites

To successfully employ the custom OTP Callback callout handler, the OSGi bundle exporting the package containing the callout implementation must be installed on the DirX Access Server. To accomplish this task, make sure you have performed all of the steps described in the section Employing External Plug-in Modules.

Configuring the Custom OTP Callback Callout Handler at the DirX Access Server

To configure the custom OTP Callback callout handler at the DirX Access Server:

  • In DirX Access Manager, go to Configuration | Extension modules.

  • Create the callout handler <CalloutIdentifier>:

    • Go to Callout handlers and click the “add” icon to create a new callout handler.

    • Identifier: <CalloutIdentifier>.

    • Description: arbitrary.

    • Type: select OtpCallbackEvents.

    • Class name: enter the fully-qualified Java class name of the callout implementation.

    • Click Save.

  • In DirX Access Manager, go to Authentication | Methods | OTP Callback:

    • Select an Authentication method to which the custom handler should be assigned.

    • In the OTP Callback Targets define as many entries as necessary and assign the predefined callout handlers via the Validation callout handler identifier drop-down box.

    • Click Save.