Details
-
Enhancement
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
Description
This is a variation of FORM authentication and closely related to ELY-508.
The scenario would be prompt for a username, then prompt for a password and if the password is valid and the account supports OTP prompt for the OTP.
The mechanism may also be responsible for sending the OTP but that is probably a side topic.
I have raised this in terms of being a HTTP mechanism but the main point we need to ensure is covered is the requirements about identifying what checks are required for a specific user and tracking they are all complete.