6.1.1.2.1.13. linotp.controllers.validate module¶
validate controller - to check the authentication request
- class linotp.controllers.validate.ValidateController(*args, **kw)[source]¶
Bases: linotp.lib.base.BaseController
The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The ValidateController is used to validate the username with its given OTP value. An Authentication module like pam_linotp2 or rlm_linotp2 uses this ValidateController. The functions of the ValidateController are invoked like this
https://server/validate/<functionname>The functions are described below in more detail.
- check()[source]¶
This function is used to validate the username and the otp value/password.
- method:
- validate/check
arguments:
- user: The username or loginname
- pass: The password that consist of a possible fixed password component and the OTP value
- realm (optional): An optional realm to match the user to a useridresolver
- challenge (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
- data (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
- state (optional): The optional id to respond to a previous challenge.
- transactionid (optional): The optional id to respond to a previous challenge.
- returns:
JSON response:
{ "version": "LinOTP 2.4", "jsonrpc": "2.0", "result": { "status": true, "value": false }, "id": 0 }
If status is true the request was handled successfully.
If value is true the user was authenticated successfully.
- check_s()[source]¶
This function is used to validate the serial and the otp value/password.
- method:
- validate/check_s
- arguments:
serial: the serial number of the token
- pass: the password that consists of a possible fixes password component
and the OTP value
- returns:
- JSON response
- check_yubikey()[source]¶
This function is used to validate the output of a yubikey
- method:
- validate/check_yubikey
Parameters: pass (string) – The password that consist of the static yubikey prefix and the otp Returns: JSON Object - returns:
JSON response:
{ "version": "LinOTP 2.4", "jsonrpc": "2.0", "result": { "status": true, "value": false }, "detail" : { "username": username, "realm": realm }, "id": 0 }
- samlcheck()[source]¶
This function is used to validate the username and the otp value/password in a SAML environment. If linotp.allowSamlAttributes = True then the attributes of the authenticated users are also contained in the response.
- method:
- validate/samlcheck
- arguments:
- user: username / loginname
- pass: the password that consists of a possible fixes password component and the OTP value
- realm: optional realm to match the user to a useridresolver
- returns:
- JSON response
- simplecheck()[source]¶
This function is used to validate the username and the otp value/password.
- method:
- validate/simplecheck
- arguments:
user: username / loginname
- pass: the password that consists of a possible fixes password component
and the OTP value
realm: additional realm to match the user to a useridresolver
- returns:
Simple ascii response:
- :-)
- in case of success
- :-(
- in case of failed authentication
- :-/
- in case of any error
- smspin()[source]¶
This function is used in conjunction with an SMS token: the user authenticates with user and pin (pass) and will receive on his mobile an OTP as message
- method:
- validate/smspin
- arguments:
- user: username / loginname
- pass: the password that consists of a possible fixed password
- realm: additional realm to match the user to a useridresolver
- returns:
- JSON response