We need to integrate Phone factor for dual factor authentication for our login.
The passwords and the phone numbers have to be retrieved from LDAP.
One approach we were thinking to do is to write our own custom login module. The custom login module should be able to take the username/ password entered from the login.jsp, and pass to the login module. THis login module will do both the authentication, and let the user in or not.
Does this design on a high level looks fine?
Also what is the name of the login module that is used by default?
Is the module called: org.jboss.security.auth.spi.UsersRolesLoginModule?
thanks
manvinder