6.1.1.2.1.13. linotp.controllers.validate module

validate controller - to check the authentication request

class linotp.controllers.validate.ValidateController(*args, **kw)

Bases: linotp.lib.base.BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The ValidateController is used to validate the username with its given OTP value. An Authentication module like pam_linotp2 or rlm_linotp2 uses this ValidateController. The functions of the ValidateController are invoked like this

https://server/validate/<functionname>

The functions are described below in more detail.

check()

This function is used to validate the username and the otp value/password.

method:

validate/check

arguments:

• user: The username or loginname
• pass: The password that consist of a possible fixed password component and the OTP value
• realm (optional): An optional realm to match the user to a useridresolver
• challenge (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
• data (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
• state (optional): The optional id to respond to a previous challenge.
• transactionid (optional): The optional id to respond to a previous challenge.

returns:

JSON response:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false
    },
    "id": 0
}

If status is true the request was handled successfully.

If value is true the user was authenticated successfully.

check_s()

This function is used to validate the serial and the otp value/password.

method:

validate/check_s

arguments:

• serial: the serial number of the token

• pass: the password that consists of a possible fixes password component

  and the OTP value

returns:

JSON response

check_t()

check_url()

This function works with pam_url.

check_yubikey()

This function is used to validate the output of a yubikey

method:

validate/check_yubikey

Parameters:pass (string) – The password that consist of the static yubikey prefix and the otp Returns:JSON Object

returns:

JSON response:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false
    },
    "detail" : {
        "username": username,
        "realm": realm
    },
    "id": 0
}

fail()

ok()

samlcheck()

This function is used to validate the username and the otp value/password in a SAML environment. If linotp.allowSamlAttributes = True then the attributes of the authenticated users are also contained in the response.

method:

validate/samlcheck

arguments:

• user: username / loginname
• pass: the password that consists of a possible fixes password component and the OTP value
• realm: optional realm to match the user to a useridresolver

returns:

JSON response

simplecheck()

This function is used to validate the username and the otp value/password.

method:

validate/simplecheck

arguments:

• user: username / loginname

• pass: the password that consists of a possible fixes password component

  and the OTP value

• realm: additional realm to match the user to a useridresolver

returns:

Simple ascii response:

:-)

in case of success

:-(

in case of failed authentication

:-/

in case of any error

smspin()

This function is used in conjunction with an SMS token: the user authenticates with user and pin (pass) and will receive on his mobile an OTP as message

method:

validate/smspin

arguments:

• user: username / loginname
• pass: the password that consists of a possible fixed password
• realm: additional realm to match the user to a useridresolver

returns:

JSON response