Confirmation by answering security question#

Blitz Identity Provider allows you to request the user to enter the answer to the security question to confirm the login. This can be useful in confirmation scenarios when recovering a forgotten password. To use this authentication method, follow the steps described below.

Step 1. Add method to blitz.conf#

In order for the authentication method Confirmation by the answer to the security question to appear in authentication methods on the tab Second factor, follow these steps:

  1. Open the /usr/share/identityblitz/blitz-config/blitz.conf file.

    sudo vim /usr/share/identityblitz/blitz-config/blitz.conf
    
  2. In the settings section blitz.prod.local.idp.login.factors in the second list, add a block of settings using the secQsn method:

    "login" : {
        "factors" : [
            [
                …
            ],
            [
                {
                    "enabled" : false,
                    "method" : "secQsn"
                },
                …
            ]
        ],
        …
    }
    
  3. Restart the services.

    sudo systemctl restart blitz-idp blitz-console blitz-recovery
    

Step 2. Create directory of security questions#

To create a directory of security questions, follow these steps:

  1. Create the directory /etc/blitz-config/custom_messages/dics on the server.

  2. Create a file /etc/blitz-config/custom_messages/dics/securityQuestions with the contents of the checklist. Example of a securityQuestions file with a directory of security questions:

    01=What is your mother's maiden name?
    02=What is your grandmother's maiden name?
    03=What was the first movie you saw in the cinema?
    04=What is your favorite literary work?
    05=What was the name of your third grade teacher
    06=The first dish you learned to cook
    07=What was the name of your first pet
    08=What did you want to become as a child?
    09=What was the name of the first school you went to?
    10=What was the name of the first street where you lived as a child?
    

    Attention

    The number in the checklist is used for sorting when displaying a list of security questions to the user.

  3. Check the owner of the dics directory and the directory files in it. The owner must be blitz:blitz.

    chown -R blitz:blitz /etc/blitz-config/custom_messages/dics
    
  4. In the configuration file /usr/share/identityblitz/blitz-config/blitz.conf, add the``dics`` block to the blitz.prod.local.idp.messages block. In the names setting, specify the name of the securityQuestions directory. For example:

    "dics" : {
        "dir" : "custom_messages/dics",
        "names" : [
            "securityQuestions"
        ]
    }
    

Step 3. Configure method in console#

The following settings must be set in the Admin console:

  • Total number of attempts – the number of attempts to enter the answer to the security question, after which this confirmation method will be blocked.

  • Blocking time when attempts are exceeded (in minutes).

The list configured of security questions is also displayed in the admin console.

../_images/SecQsn_en.png