14.2.1.2.15. Remote Token

class edumfa.lib.tokens.remotetoken.RemoteTokenClass(db_token)[source]

The Remote token forwards an authentication request to another eduMFA server. The request can be forwarded to a user on the other server or to a serial number on the other server. The PIN can be checked on the local eduMFA server or on the remote server.

Using the Remote token you can assign one physical token to many different users.

constructor - create a token class object with it’s db token binding

Parameters:

aToken – the db bound token

authenticate(passw, user=None, options=None)[source]

do the authentication on base of password / otp and user and options, the request parameters.

Here we contact the other eduMFA server to validate the OtpVal.

Parameters:
  • passw – the password / otp

  • user – the requesting user

  • options – the additional request parameters

Returns:

tuple of (success, otp_count - 0 or -1, reply)

check_otp(otpval, counter=None, window=None, options=None)[source]

run the http request against the remote host

Parameters:
  • otpval – the OTP value

  • counter (int) – The counter for counter based otp values

  • window – a counter window

  • options (dict) – additional token specific options

Returns:

counter of the matching OTP value.

Return type:

int

property check_pin_local

lookup if pin should be checked locally or on remote host

Returns:

bool

static get_class_info(key=None, ret='all')[source]
Parameters:
  • key (string) – subsection identifier

  • ret (user defined) – default return value, if nothing is found

Returns:

subsection if key exists or user defined

Return type:

dict or string

static get_class_prefix()[source]

return the token type prefix

static get_class_type()[source]

return the class type identifier

is_challenge_request(passw, user=None, options=None)[source]

This method checks, if this is a request, that triggers a challenge. It depends on the way, the pin is checked - either locally or remote

Parameters:
  • passw (string) – password, which might be pin or pin+otp

  • user (User object) – The user from the authentication request

  • options (dict) – dictionary of additional request parameters

Returns:

true or false

mode = ['authenticate', 'challenge']
update(param)[source]

second phase of the init process - updates parameters

Parameters:

param – the request parameters

Returns:

  • nothing -