Skip to content

TOTP Configurations

This page lists out all the advanced configurations related to TOTP.

The following code snippet shows a sample TOTP configuration in the <IS_HOME>/repository/conf/deployment.toml file. 

[authentication.authenticator.totp.parameters]
encodingMethod="Base32"
timeStepSize="30"
windowSize="3"
authenticationMandatory=true
enrolUserInAuthenticationFlow=true
usecase="local"
secondaryUserstore="primary"
TOTPAuthenticationEndpointURL="authenticationendpoint/totp.do"
TOTPAuthenticationEndpointErrorPage="authenticationendpoint/totp_error.do"
TOTPAuthenticationEndpointEnableTOTPPage="authenticationendpoint/totp_enroll.do"
Issuer="WSO2"
UseCommonIssuer=true

The parameter values given above show the default configurations in WSO2 Identity Server.

If you wish to change a parameter value to something other than the default value, add the configuration to the deployment.toml file using the following format.

[authentication.authenticator.totp.parameters] 
<Property-name> = <Property-value>

encodingMethod

The encoding method used to generate the TOTP.

timeStepSize

The time step size used to validate the TOTP.

windowSize

The window size used to validate the TOTP.

authenticationMandatory

If this value is true, the TOTP authentication will be enforced as a second step.

enrolUserInAuthenticationFlow

If this value is true, it will ask the user to enable the TOTP authenticator in the authentication flow.

usecase

This field can take one of the following values: local, association, userAttribute, subjectUri. If you do not specify any usecase, the default value is local.

If you have chosen userAttribute as the usecase, add the following parameter to specify the user attribute.

userAttribute = "http://wso2.org/foursquare/claims/email"

secondaryUserstore

If you use the secondary user store, enter all the user store values for the particular tenant as comma separated values.

[authentication.authenticator.totp.parameters]
secondaryUserstore= "jdbc, abc, xyz"

TOTPAuthenticationEndpointURL

This is the endpoint of the UI which is used to gather the TOTP.

TOTPAuthenticationEndpointErrorPage

This is the endpoint of the error page.

TOTPAuthenticationEndpointEnableTOTPPage

This is the endpoint of the TOTPauthenticator enrollment page.

Issuer

This is the issuer name that will be shown on the mobile application. If this parameter is not configured, the tenant domain will be shown.

UseCommonIssuer

If set to true, the issuer name defined in the deployment.toml file will be used as the issuer for all the tenants.

Top