Setup password+token one field verification

Assuming the EasyAccess server has been deployed properly, it is time to setup a authentication valve.

With this config you can add EasyAccess to most standard RADIUS portals, you will have to login using something like this:
Username: secure-online
Password: VerySectet!!654321   (last 6 digits is the generated OTP)

Adding a RADIUS Scenario is pretty straight forward. Go to: “Scenarios -> RADIUS -> Username and Password” And add a new one by clicking on the + sign. Give it a name, user database, user search base and specify a RADIUS connection.

When added the execution flow looks like this:

In order to use both the password and the OTP from the password field we need to take them apart. Let’s add two additional Valve’s:

  1. PropertySplitByIndexValve
  2. TokenValidationValve

The cofiguration for these two valves is as follows:

Source: {{request.User-Password}}
Destination Attribute One: password
Destination Attribute Two: otp
Position: -6   (If you use a different amout of digits in the OTP use this!)
Destination Item: data_item

Username Parameter: User-Name
Provided OTP Parameter: {{attributes.otp}}
HOTP Lookahead Value: 20
TOTP Max Drift Count: 10

Next, we need to update the LDAPBindValve to use the new password attribute:

Connection: <current connection>
Password: {{attributes.password}}

As final task, we need to move the new valve’s to the right position. When done, it should look like this: