Type: Technical Documentation
Affects Version/s: None
Component/s: Application Security > Multi-Factor Authentication
Sprint:Iteration 30, Iteration 31, Iteration 32, Iteration 33, Iteration 34, Iteration 35, Iteration 36
Type of Documentation:Deployment
Having the ability to store and review auditing information of any MFA activities would help secure portal.
Display auditing information of any MFA activity.
1. Enable MFA Email OTP verifier.
2. Intentionally fail to login with a wrong Email OTP
4. Go to Configuration --> Audit
5. Verify there should be 3 entries of Email OTP verifier of that user:
- Unsuccessful attempt: user not login yet
- Unsuccessful attempt: wrong email otp
- Successful attempt
Technical Documentation Details
- Most important class(es) and module(s) that provide the implementation for this feature
- MFAEmailOTPAuditMessageBuilder.java and MFAEmailOTPChecker.java
- Any specific implementation details that helps understanding how it works, hints for debugging and fixing
- MFAEmailOTPAuditMessageBuilder is a helper class to build and send audit message, while MFAEmailOTPChecker does the actual EMail OTP verification and invokes MFAEmailOTPAuditMessageBuilder whenever a failure or success verfication happens