1. User log on with username and password 2. The system sends one time password in SMS to the users mobile 3. User log on with one time password
So how could this be implemented to the JBossPortal? Could you give me some hints if it is possible or not without huge amount of work?
Could this work:
1. First login.jsp is changed to redirect to the page, where user "log on with username and password". Real authentication does not take place yet, but I could check if the password correlate with the username.
2. System sends SMS to user's mobile
3. Send SMS - button redirect to the real login.jsp, where there is one time password - field.
Now that user login with one time password, the system authenticate the user with username, password and one time password.
I'm really looking forward to hear your comments..