...
Basic flow
Flow | Specification | ||
---|---|---|---|
Use case ID | ATH-UC-07-BF | ||
Use case name | Authentication via TOTP | ||
Actors |
| ||
Short Description | This use case denotes the authentication of a user via TOTP. | ||
1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |||
Pre-Conditions |
| ||
Post-Conditions |
| ||
Steps (basic flow) | 0 | The user access to the WebSSO application interface to authenticate him/herself and choose the option eIDto connect via a security code via mobile app (TOTP) | |
1 | The user connects using The user enters his/her username and his/her credentials (eID card + PIN) and the wireless card readerpassword | ||
2 | The application sends an access request The user connects to the SPTOTP based mobile application | ||
3 | The user chooses the digital key of CSAM and enters it in the authentication interface | ||
4 | The user sends his/her credentials | ||
5 | 3 | The SP sends a request message to the authorization server (AS) to access to the IDentity Provide (IDP) | |
46 | The AS sends a message to the IDP to identify the non authenticated user5 | ||
7 | The IDP checks the identity of the user with the AA | ||
68 | The IDP sends a response message to the AA AS to inform it that the user is identified | ||
9 | The AS sends a message with the identify of the user to the SP8 | ||
10 | The SP returns a response message to the application to enable the authentication | ||
11 | The user is authenticated | and can use the the services of the mobile application||
Exceptions (exception flows) |
| ||
Frequency |
|
Alternative flow 1
Specification | ||
---|---|---|
Use case ID | ATH-UC-07-AF-01 | |
Use case name | First authentication TOTP | |
Actors |
| |
Short Description | Depending on the profile of the actor, this alternative flow will be instantiated by one of the four use cases dedicated to the creation of a new account (refer to the basic flows): ATH-UC-01, ATH-UC-02, ATH-UC-03, ATH-UC-04. To implement this flow, the user should authenticate him/herself in the mobile application using the eID card. | |
Priority | 1 (High) Must have: The system must implement this goal/ assumption to be accepted. | |
Pre-Conditions |
| |
Post-Conditions |
| |
Steps | For more details and depending on the type of the actor, see: | |
Exceptions (exception flows) |
| |
Frequency |
|
...