6.3.1.17. Remote¶
The token type remote forwards the authentication request to another eduMFA Server.
When forwarding the authentication request, you can
change the username
change the resolver
change the realm
change the serial number
and mangle the password.
The serial number of the token, that was used on the other eduMFA server, is stored in the tokeninfo
of the remote token object in the key last_matching_remote_serial
. This serial number can then be used in
further workflows and e.g. be processed in event handlers.
Check the PIN locally
If checked, the PIN of the token will be checked on the local server. If the PIN matches only the remaining part of the issued password will be sent to the remote eduMFA server.
Remote Server ID
The other eduMFA server, to which the authentication request will be forwarded. You need to configure the eduMFA Server at eduMFA server configuration.
Note
You can define a remote server to be localhost. Thus you can assign one token to several users.
Using the direct URL in the remote token is deprecated.
Remote Serial
If the Remote Serial is specified the given password will be checked against the serial number on the remote eduMFA server. Usernames will be ignored.
Remote User
When forwarding the request to the remote server, the authentication request will be issued for this user.
Remote Realm
When forwarding the request to the remote server, the authentication request will be issued for this realm.
Remote Resolver
When forwarding the request to the remote server, the authentication request will be issued for this resolver.
Note
You can use Remote Serial to forward the request to a central eduMFA server, that only knows tokens but has no knowledge of users. Or you can use Remote Serial to forward the request to an existing to on localhost thus adding a second user to the same token.