based on: http://www.redhat.com/archives/freeipa-devel/2014-June/msg00689.html
The "clock interval" field in the Add OTP Token dialog could be disabled for HOTP.
The "clock interval" and "counter" fields (and probably some other fields too) in the OTP Token details page could be hidden depending on the token type.
The Add OTP Token dialog could provide more descriptive token types: time-based or counter-based token instead of just TOTP or HOTP.
The OTP Token details page could show the token type (I suppose the model may not be descriptive enough).
It would be nice to have a link/button to add OTP Token from the user details page with the owner already set to the user.
The "clock interval" should have a unit of measurements (i.e. seconds).
When logging in with an expired password, the user will be asked to reset a password and enter an OTP. Although OTP means one-time password, some users could be confusing it with the OTP he/she just entered in the previous page. It would be nicer to say "New OTP" or add an explanation "Wait for a new OTP" to make sure the user enters a new OTP.
In the "User authentication types" field it might be better to say "password + OTP" instead of just "otp". The checkbox value can remain "otp".
The "User authentication types" is a bit confusing because if none are selected it doesn't mean that no authentication is allowed, but it means it's unset and it will use the global setting. The UI probably should provide a separate radio button to select "Use global setting" or show the effective setting next to it.
The "Default user authentication types" in the global setting is a bit confusing because by default nothing is selected but the actual default is supposedly not empty.
Ideally the password reset page/dialog should indicate whether the old password and the OTP are required based on the actual authentication type available to the user.
Ideally there should be a way to display the QR code of an existing OTP token.
The UI could also provide a link to download the OTP app or a list of supported apps.
Items 8,9,11,12,13 might be implemented separately.
The link to Sync OTP Token is not very visible and probably rarely used, so probably it can be moved together with the other messages ("To login with...") and be given a longer description.
The Sync OTP page should explain that for the second OTP the user should generate or wait for a new one.
In the password reset page the "Reset Password and Login" button is not quite accurate for OTP case since the user will not be logged in automatically.
This ticket covers too many things.
Item 13 was moved to separate ticket #4469.
Items 8, 9, 10 into ticket #4471
Items 7, 11, 14, 15, 16 into ticket #4470.
This leaves items: 1, 2, 3, 4, 5, 6, 12 - all related to OTP pages.
4 and 12 were not implement. 12 is not possible atm, requires server support.
master:
ipa-4-1:
The only remaining things is #4 - display a token type.
We should create a virtual param and display it in CLI as well.
http://www.redhat.com/archives/freeipa-devel/2014-September/msg00213.html
New ticket #4563 for the last issue was created.
Metadata Update from @pvoborni: - Issue assigned to pvoborni - Issue set to the milestone: FreeIPA 4.1
Login to comment on this ticket.