linotp.controllers.validate module

validate controller - to check the authentication request

class linotp.controllers.validate.ValidateController(*args, **kw)[source]

Bases: linotp.lib.base.BaseController

The linotp.controllers are the implementation of the web-API to talk to the LinOTP server. The ValidateController is used to validate the username with its given OTP value. An Authentication module like pam_linotp2 or rlm_linotp2 uses this ValidateController. The functions of the ValidateController are invoked like this

The functions are described below in more detail.

check()[source]

This function is used to validate the username and the otp value/password.

method:
validate/check

arguments:

  • user: The username or loginname
  • pass: The password that consist of a possible fixed password component and the OTP value
  • realm (optional): An optional realm to match the user to a useridresolver
  • challenge (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
  • data (optional): optional challenge + otp verification for challenge response token. This indicates, that tis request is a challenge request.
  • state (optional): The optional id to respond to a previous challenge.
  • transactionid (optional): The optional id to respond to a previous challenge.
returns:

JSON response:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false
    },
    "id": 0
}

If status is true the request was handled successfully.

If value is true the user was authenticated successfully.

check_s()[source]

This function is used to validate the serial and the otp value/password.

method:
validate/check_s
arguments:
  • serial: the serial number of the token

  • pass: the password that consists of a possible fixes password component

    and the OTP value

returns:
JSON response
check_status()[source]

check the status of a transaction - for polling support

check_t()[source]
check_url()[source]

This function works with pam_url.

check_yubikey()[source]

This function is used to validate the output of a yubikey

method:
validate/check_yubikey
Parameters:pass (string) – The password that consist of the static yubikey prefix and the otp
Returns:JSON Object
returns:

JSON response:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false
    },
    "detail" : {
        "username": username,
        "realm": realm
    },
    "id": 0
}
fail()[source]
ok()[source]
pair()[source]
samlcheck()[source]

This function is used to validate the username and the otp value/password in a SAML environment. If linotp.allowSamlAttributes = True then the attributes of the authenticated users are also contained in the response.

method:
validate/samlcheck
arguments:
  • user: username / loginname
  • pass: the password that consists of a possible fixes password component and the OTP value
  • realm: optional realm to match the user to a useridresolver
returns:
JSON response
simplecheck()[source]

This function is used to validate the username and the otp value/password.

method:
validate/simplecheck
arguments:
  • user: username / loginname

  • pass: the password that consists of a possible fixes password component

    and the OTP value

  • realm: additional realm to match the user to a useridresolver

returns:

Simple ascii response:

:-)
in case of success
:-(
in case of failed authentication
:-/
in case of any error
smspin()[source]

This function is used in conjunction with an SMS token: the user authenticates with user and pin (pass) and will receive on his mobile an OTP as message

method:
validate/smspin
arguments:
  • user: username / loginname
  • pass: the password that consists of a possible fixed password
  • realm: additional realm to match the user to a useridresolver
returns:
JSON response