14.2.1.2.15. Remote Token¶
- class edumfa.lib.tokens.remotetoken.RemoteTokenClass(db_token)[source]¶
The Remote token forwards an authentication request to another eduMFA server. The request can be forwarded to a user on the other server or to a serial number on the other server. The PIN can be checked on the local eduMFA server or on the remote server.
Using the Remote token you can assign one physical token to many different users.
constructor - create a token class object with it’s db token binding
- Parameters:
aToken – the db bound token
- authenticate(passw, user=None, options=None)[source]¶
do the authentication on base of password / otp and user and options, the request parameters.
Here we contact the other eduMFA server to validate the OtpVal.
- Parameters:
passw – the password / otp
user – the requesting user
options – the additional request parameters
- Returns:
tuple of (success, otp_count - 0 or -1, reply)
- check_otp(otpval, counter=None, window=None, options=None)[source]¶
run the http request against the remote host
- Parameters:
otpval – the OTP value
counter (int) – The counter for counter based otp values
window – a counter window
options (dict) – additional token specific options
- Returns:
counter of the matching OTP value.
- Return type:
int
- property check_pin_local¶
lookup if pin should be checked locally or on remote host
- Returns:
bool
- static get_class_info(key=None, ret='all')[source]¶
- Parameters:
key (string) – subsection identifier
ret (user defined) – default return value, if nothing is found
- Returns:
subsection if key exists or user defined
- Return type:
dict or string
- is_challenge_request(passw, user=None, options=None)[source]¶
This method checks, if this is a request, that triggers a challenge. It depends on the way, the pin is checked - either locally or remote
- Parameters:
passw (string) – password, which might be pin or pin+otp
user (User object) – The user from the authentication request
options (dict) – dictionary of additional request parameters
- Returns:
true or false
- mode = ['authenticate', 'challenge']¶