Caution
This module has been abandoned since June 13, 2024. It should still work, and I don't mind reviving it, but my personal use-case for this module no longer exists. Feel free to hit me up if you need this module and together we can work things out.
This module is implemented as an Authentication Processing Filter. That means it can be configured in the global config.php file or the SP remote or IdP hosted metadata.
To be able to use this module, you have to register at CM.com to get an API-key for their RESTful API.
First you need to enable the module; in config.php
, search for the
module.enable
key and add cmdotcom
with value true
:
'module.enable' => [
'cmdotcom' => true,
…
],
In order to process the passcode SMS in this module, you need set the
mandatory API-key
to interact with the CM.com RESTful API in the productToken
setting.
You can optionally set the mobilePhoneAttribute
to the name of the attribute
that contains the user's mobile phone number. The default attribute if this
setting is left out is mobile
.
If the attribute defined above is not available for a user, an error message will be shown, and the user will not be allowed through the filter. Please make sure that you select an attribute that is available to all users.
By default the SMS will originate from Example
, but this can be changed
using the optional originator
setting. The maximum length is 16 digits for
a phonenumber or 11 alphanumerical characters [a-zA-Z0-9].
Example: 'CMTelecom'.
Another default is that the OTP received by SMS can be entered within a
period of three minutes. This can be adjusted by configuring the optional
validFor
setting to the number of seconds the code should be valid.
Finally, it is possible for the OTP code to be automatically pushed to a
mobile app. To do this, set the optional allowPush
to true
and set the
appKey
to match your mobile app.
This module is using libphonenumber-for-php
to parse recipient phonenumbers and normalize them. If you experience
undeliverable SMS, you can try to set your defaultRegion
to the
CLDR two-letter region-code format for your region.
Add the filter to your Identity Provider hosted metadata authproc filters list, specifying the attribute you've selected.
90 => [
'class' => 'cmdotcom:OTP',
'productToken' => 'secret',
'mobilePhoneAttribute' => 'mobile',
'originator' => 'CM Telecom',
'validFor' => 600,
'defaultRegion' => 'NL',
],
This setup uses no persistent storage at all. This means that the user will always be asked to enter a passcode each time she logs in.