Skip to content

Commit

Permalink
Merge pull request #603 from azure-ad-b2c/abdes/totpssoprofileupdate
Browse files Browse the repository at this point in the history
Add new SSO management profile for TOTP input screen
  • Loading branch information
yoelhor authored Feb 22, 2024
2 parents 5a35ae5 + 68eb700 commit d502e3e
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions policies/totp/policy/TrustFrameworkExtensions_TOTP.xml
Original file line number Diff line number Diff line change
Expand Up @@ -332,7 +332,7 @@
</OutputClaims>
</TechnicalProfile>

<!-- TOTP session manager-->
<!-- TOTP session manager for verification-->
<TechnicalProfile Id="SM-MFA-TOTP">
<DisplayName>Session Mananagement Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
Expand All @@ -342,6 +342,16 @@
</PersistedClaims>
</TechnicalProfile>

<!-- TOTP session manager for input-->
<TechnicalProfile Id="SM-MFA-Totp-Input">
<DisplayName>Session Mananagement Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="totpIdentifier" />
<PersistedClaim ClaimTypeReferenceId="issuer" />
</PersistedClaims>
</TechnicalProfile>

<!-- Self-asserted technical profile that asks the user to enroll to the TOTP MFA. The technical profile:
1) Creates the TOTP secret
2) Sets the issuer name and the URI
Expand Down Expand Up @@ -377,7 +387,7 @@
<OutputClaim ClaimTypeReferenceId="objectId" />
<OutputClaim ClaimTypeReferenceId="secretKey" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-MFA-TOTP" />
<UseTechnicalProfileForSessionManagement ReferenceId="SM-MFA-Totp-Input" />
</TechnicalProfile>

<!-- Self-asserted technical profile that verifies the TOTP-->
Expand Down

0 comments on commit d502e3e

Please sign in to comment.