The OTP Schema implements authentication based on One-Time-Password using OATH standard defined in HOTP and TOTP.
In the administration page, go to Parameters/Authentication schemes and add a new scheme by clicking on the + button. In the modal, enter a name and a display name (the name must be unique among all authentication scheme instances), and a scheme session expiration in seconds.
Select the type HOTP/TOTP in the Type drop-down button.
Below is the definition of all parameters.
Name (identifier) of the scheme, must be unique among all the scheme instances, even of a different type.
Name of the instance displayed to the user.
Number of seconds to expire a valid session.
Maximum number of times a valid authentication with this scheme is possible. This is an additional parameter used to enforce the security of the session and forbid to reuse this session for other authentications.
If this option is unchecked, only administrator can register this scheme for every user via the administration page.
Address of the issuer of the OTP settings, i.e. the address of the webservice hosting Glewlwyd.
Size of the secret shared between the user and the server to authenticate the user. Minimum 16 bytes.
Length of the code that must be sent by the user, must be between 6 and 10, 6 or 8 is recommended.
Allow users to register an HOTP code.
Window validity of the HOTP code.
Allow users to register an TOTP code.
Window validity of the TOTP code in seconds.
Start offset of the TOTP code related to Unix EPOCH time.