The following beans exist or may be defined to customize the flow. They may be placed in conf/global.xml or another imported location. Name / Type | Default | Description |
|---|
shibboleth.authn.TOTP.SeedSource Consumer<ProfileRequestContext> | Use of Attribute Resolver | Overrides the component that populates seeds for a user into the context tree for validation of codes | shibboleth.authn.TOTP.Authenticator net.shibboleth.idp.plugin.authn.totp.impl.TOTPAuthenticator | Google library-based implementation | Overrides the component that does validation of token codes | shibboleth.authn.TOTP.AccountLockoutManager AccountLockoutManager |
| A lockout manager that, if defined, will enable account lockout feature | shibboleth.authn.TOTP.ClassifiedMessageMap Map<String,List<String>> | Built-in component | A map between defined error/warning conditions and events and implementation-specific message fragments to map to them. | shibboleth.authn.TOTP.Validator CredentialValidator | Built-in component | Override of the core component that validates token codes | shibboleth.authn.DuoTOTP.UsernameLookupStrategy Function<ProfileRequestContext,String> | CanonicalUsernameLookupStrategy | Optional bean to supply username | shibboleth.authn.TOTP.resultCachingPredicate Predicate<ProfileRequestContext> |
| An optional bean that can be defined to control whether to preserve the authentication result in an IdP session |
|