def validateSessionState(self, session_attributes):
        session_state = SessionStateService.instance().getSessionStateFromCookie()
        if StringHelper.isEmpty(session_state):
            print "OTP. Validate session state. Failed to determine session_state"
            return False

        otp_auth_method = session_attributes.get("otp_auth_method")
        if not otp_auth_method in ['enroll', 'authenticate']:
            print "OTP. Validate session state. Failed to authenticate user. otp_auth_method: '%s'" % otp_auth_method
            return False

        return True
    def validateSessionState(self, session_attributes):
        session_state = SessionStateService.instance(
        ).getSessionStateFromCookie()
        if StringHelper.isEmpty(session_state):
            print "OTP. Validate session state. Failed to determine session_state"
            return False

        otp_auth_method = session_attributes.get("otp_auth_method")
        if not otp_auth_method in ['enroll', 'authenticate']:
            print "OTP. Validate session state. Failed to authenticate user. otp_auth_method: '%s'" % otp_auth_method
            return False

        return True
Exemplo n.º 3
0
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        context = Contexts.getEventContext()

        if (step == 1):
            return True
        elif (step == 2):
            print "U2F. Prepare for step 2"

            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "U2F. Prepare for step 2. Failed to determine session_state"
                return False

            credentials = Identity.instance().getCredentials()
            user = credentials.getUser()

            if (user == None):
                print "U2F. Prepare for step 2. Failed to determine user name"
                return False

            u2f_application_id = configurationAttributes.get("u2f_application_id").getValue2()

            # Check if user have registered devices
            deviceRegistrationService = DeviceRegistrationService.instance()

            userInum = user.getAttribute("inum")

            registrationRequest = None
            authenticationRequest = None

            deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id)
            if (deviceRegistrations.size() > 0):
                print "U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow"

                try:
                    authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
                    authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session_state)
                except ClientResponseFailure, ex:
                    if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND):
                        print "U2F. Prepare for step 2. Failed to start authentication workflow. Exception:", sys.exc_info()[1]
                        return False
            else:
                print "U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow"
                registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
                registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session_state)

            context.set("fido_u2f_authentication_request", ServerUtil.asJson(authenticationRequest))
            context.set("fido_u2f_registration_request", ServerUtil.asJson(registrationRequest))

            return True
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        context = Contexts.getEventContext()

        if (step == 1):
            return True
        elif (step == 2):
            print "U2F. Prepare for step 2"

            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "U2F. Prepare for step 2. Failed to determine session_state"
                return False

            credentials = Identity.instance().getCredentials()
            user = credentials.getUser()

            if (user == None):
                print "U2F. Prepare for step 2. Failed to determine user name"
                return False

            u2f_application_id = configurationAttributes.get("u2f_application_id").getValue2()

            # Check if user have registered devices
            deviceRegistrationService = DeviceRegistrationService.instance()

            userInum = user.getAttribute("inum")

            authenticationRequest = None

            deviceRegistrations = deviceRegistrationService.findUserDeviceRegistrations(userInum, u2f_application_id)
            if (deviceRegistrations.size() > 0):
                print "U2F. Prepare for step 2. Call FIDO U2F in order to start authentication workflow"

                try:
                    authenticationRequestService = FidoU2fClientFactory.instance().createAuthenticationRequestService(self.metaDataConfiguration)
                    authenticationRequest = authenticationRequestService.startAuthentication(user.getUserId(), None, u2f_application_id, session_state)
                except ClientResponseFailure, ex:
                    if (ex.getResponse().getResponseStatus() != Response.Status.NOT_FOUND):
                        print "U2F. Prepare for step 2. Failed to start authentication workflow. Exception:", sys.exc_info()[1]
                        return False

            print "U2F. Prepare for step 2. Call FIDO U2F in order to start registration workflow"
            registrationRequestService = FidoU2fClientFactory.instance().createRegistrationRequestService(self.metaDataConfiguration)
            registrationRequest = registrationRequestService.startRegistration(user.getUserId(), u2f_application_id, session_state)

            context.set("fido_u2f_authentication_request", ServerUtil.asJson(authenticationRequest))
            context.set("fido_u2f_registration_request", ServerUtil.asJson(registrationRequest))

            return True
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        context = Contexts.getEventContext()

        if (step == 1):
            context.set("display_register_action", True)
            return True
        elif (step == 2):
            print "oxPush2. Prepare for step 2"

            credentials = Identity.instance().getCredentials()
            user = credentials.getUser()
            if (user == None):
                print "oxPush2. Prepare for step 2. Failed to determine user name"
                return False

            session_attributes = context.get("sessionAttributes")
            if session_attributes.containsKey("oxpush2_request"):
                print "oxPush2. Prepare for step 2. Request was generated already"
                return True
            
            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "oxPush2. Prepare for step 2. Failed to determine session_state"
                return False

            auth_method = session_attributes.get("oxpush2_auth_method")
            if StringHelper.isEmpty(auth_method):
                print "oxPush2. Prepare for step 2. Failed to determine auth_method"
                return False

            print "oxPush2. Prepare for step 2. auth_method: '%s'" % auth_method
            
            issuer = ConfigurationFactory.instance().getConfiguration().getIssuer()
            oxpush2_request = json.dumps({'username': user.getUserId(),
                               'app': self.u2f_application_id,
                               'issuer': issuer,
                               'method': auth_method,
                               'state': session_state}, separators=(',',':'))
            print "oxPush2. Prepare for step 2. Prepared oxpush2_request:", oxpush2_request

            context.set("oxpush2_request", oxpush2_request)

            return True
        else:
            return False
Exemplo n.º 6
0
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        credentials = Identity.instance().getCredentials()
        context = Contexts.getEventContext()
        session_attributes = context.get("sessionAttributes")

        self.setEventContextParameters(context)

        if (step == 1):
            return True
        elif (step == 2):
            print "UAF. Prepare for step 2"

            session_state = SessionStateService.instance(
            ).getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "UAF. Prepare for step 2. Failed to determine session_state"
                return False

            user = credentials.getUser()
            if (user == None):
                print "UAF. Prepare for step 2. Failed to determine user name"
                return False

            uaf_auth_method = session_attributes.get("uaf_auth_method")
            if StringHelper.isEmpty(uaf_auth_method):
                print "UAF. Prepare for step 2. Failed to determine auth_method"
                return False

            print "UAF. Prepare for step 2. uaf_auth_method: '%s'" % uaf_auth_method

            uaf_obb_auth_method = "OOB_REG"
            uaf_obb_server_uri = self.uaf_server_uri + "/nnl/v2/reg"
            if StringHelper.equalsIgnoreCase(uaf_auth_method, "authenticate"):
                uaf_obb_auth_method = "OOB_AUTH"
                uaf_obb_server_uri = self.uaf_server_uri + "/nnl/v2/auth"

            # Prepare START_OBB
            uaf_obb_start_request_dictionary = {
                "operation": "START_%s" % uaf_obb_auth_method,
                "userName": user.getUserId(),
                "policyName": "default",
                "oobMode": {
                    "qr": "true",
                    "rawData": "false",
                    "push": "false"
                }
            }

            uaf_obb_start_request = json.dumps(
                uaf_obb_start_request_dictionary, separators=(',', ':'))
            print "UAF. Prepare for step 2. Prepared START request: '%s' to send to '%s'" % (
                uaf_obb_start_request, uaf_obb_server_uri)

            # Request START_OBB
            uaf_obb_start_response = self.executePost(uaf_obb_server_uri,
                                                      uaf_obb_start_request)
            if uaf_obb_start_response == None:
                return False

            print "UAF. Prepare for step 2. Get START response: '%s'" % uaf_obb_start_response
            uaf_obb_start_response_json = json.loads(uaf_obb_start_response)

            # Prepare STATUS_OBB
            #TODO: Remove needDetails parameter
            uaf_obb_status_request_dictionary = {
                "operation": "STATUS_%s" % uaf_obb_auth_method,
                "userName": user.getUserId(),
                "needDetails": 1,
                "oobStatusHandle":
                uaf_obb_start_response_json["oobStatusHandle"],
            }

            uaf_obb_status_request = json.dumps(
                uaf_obb_status_request_dictionary, separators=(',', ':'))
            print "UAF. Prepare for step 2. Prepared STATUS request: '%s' to send to '%s'" % (
                uaf_obb_status_request, uaf_obb_server_uri)

            context.set("uaf_obb_auth_method", uaf_obb_auth_method)
            context.set("uaf_obb_server_uri", uaf_obb_server_uri)
            context.set("uaf_obb_start_response", uaf_obb_start_response)
            context.set(
                "qr_image",
                uaf_obb_start_response_json["modeResult"]["qrCode"]["qrImage"])
            context.set("uaf_obb_status_request", uaf_obb_status_request)

            return True
        else:
            return False
Exemplo n.º 7
0
    def authenticate(self, configurationAttributes, requestParameters, step):
        credentials = Identity.instance().getCredentials()
        user_name = credentials.getUsername()

        context = Contexts.getEventContext()
        session_attributes = context.get("sessionAttributes")

        self.setEventContextParameters(context)

        if (step == 1):
            print "UAF. Authenticate for step 1"

            authenticated_user = self.processBasicAuthentication(credentials)
            if authenticated_user == None:
                return False

            uaf_auth_method = "authenticate"
            # Uncomment this block if you need to allow user second device registration
            #enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
            #if StringHelper.isNotEmpty(enrollment_mode):
            #    uaf_auth_method = "enroll"

            if uaf_auth_method == "authenticate":
                user_enrollments = self.findEnrollments(credentials)
                if len(user_enrollments) == 0:
                    uaf_auth_method = "enroll"
                    print "UAF. Authenticate for step 1. There is no UAF enrollment for user '%s'. Changing uaf_auth_method to '%s'" % (
                        user_name, uaf_auth_method)

            print "UAF. Authenticate for step 1. uaf_auth_method: '%s'" % uaf_auth_method

            context.set("uaf_auth_method", uaf_auth_method)

            return True
        elif (step == 2):
            print "UAF. Authenticate for step 2"

            session_state = SessionStateService.instance(
            ).getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "UAF. Prepare for step 2. Failed to determine session_state"
                return False

            if user_name == None:
                print "UAF. Authenticate for step 2. Failed to determine user name"
                return False

            uaf_auth_result = ServerUtil.getFirstValue(requestParameters,
                                                       "auth_result")
            if uaf_auth_result != "success":
                print "UAF. Authenticate for step 2. auth_result is '%s'" % uaf_auth_result
                return False

            # Restore state from session
            uaf_auth_method = session_attributes.get("uaf_auth_method")

            if not uaf_auth_method in ['enroll', 'authenticate']:
                print "UAF. Authenticate for step 2. Failed to authenticate user. uaf_auth_method: '%s'" % uaf_auth_method
                return False

            # Request STATUS_OBB
            if True:
                #TODO: Remove this condition
                # It's workaround becuase it's not possible to call STATUS_OBB 2 times. First time on browser and second ime on server
                uaf_user_device_handle = ServerUtil.getFirstValue(
                    requestParameters, "auth_handle")
            else:
                uaf_obb_auth_method = session_attributes.get(
                    "uaf_obb_auth_method")
                uaf_obb_server_uri = session_attributes.get(
                    "uaf_obb_server_uri")
                uaf_obb_start_response = session_attributes.get(
                    "uaf_obb_start_response")

                # Prepare STATUS_OBB
                uaf_obb_start_response_json = json.loads(
                    uaf_obb_start_response)
                uaf_obb_status_request_dictionary = {
                    "operation":
                    "STATUS_%s" % uaf_obb_auth_method,
                    "userName":
                    user_name,
                    "needDetails":
                    1,
                    "oobStatusHandle":
                    uaf_obb_start_response_json["oobStatusHandle"],
                }

                uaf_obb_status_request = json.dumps(
                    uaf_obb_status_request_dictionary, separators=(',', ':'))
                print "UAF. Authenticate for step 2. Prepared STATUS request: '%s' to send to '%s'" % (
                    uaf_obb_status_request, uaf_obb_server_uri)

                uaf_status_obb_response = self.executePost(
                    uaf_obb_server_uri, uaf_obb_status_request)
                if uaf_status_obb_response == None:
                    return False

                print "UAF. Authenticate for step 2. Get STATUS response: '%s'" % uaf_status_obb_response
                uaf_status_obb_response_json = json.loads(
                    uaf_status_obb_response)

                if uaf_status_obb_response_json["statusCode"] != 4000:
                    print "UAF. Authenticate for step 2. UAF operation status is invalid. statusCode: '%s'" % uaf_status_obb_response_json[
                        "statusCode"]
                    return False

                uaf_user_device_handle = uaf_status_obb_response_json[
                    "additionalInfo"]["authenticatorsResult"]["handle"]

            if StringHelper.isEmpty(uaf_user_device_handle):
                print "UAF. Prepare for step 2. Failed to get UAF handle"
                return False

            uaf_user_external_uid = "uaf: %s" % uaf_user_device_handle
            print "UAF. Authenticate for step 2. UAF handle: '%s'" % uaf_user_external_uid

            if uaf_auth_method == "authenticate":
                # Validate if user used device with same keYHandle
                user_enrollments = self.findEnrollments(credentials)
                if len(user_enrollments) == 0:
                    uaf_auth_method = "enroll"
                    print "UAF. Authenticate for step 2. There is no UAF enrollment for user '%s'." % user_name
                    return False

                for user_enrollment in user_enrollments:
                    if StringHelper.equalsIgnoreCase(user_enrollment,
                                                     uaf_user_device_handle):
                        print "UAF. Authenticate for step 2. There is UAF enrollment for user '%s'. User authenticated successfully" % user_name
                        return True
            else:
                userService = UserService.instance()

                # Double check just to make sure. We did checking in previous step
                # Check if there is user which has uaf_user_external_uid
                # Avoid mapping user cert to more than one IDP account
                find_user_by_external_uid = userService.getUserByAttribute(
                    "oxExternalUid", uaf_user_external_uid)
                if find_user_by_external_uid == None:
                    # Add uaf_user_external_uid to user's external GUID list
                    find_user_by_external_uid = userService.addUserAttribute(
                        user_name, "oxExternalUid", uaf_user_external_uid)
                    if find_user_by_external_uid == None:
                        print "UAF. Authenticate for step 2. Failed to update current user"
                        return False

                    return True

            return False
        else:
            return False
Exemplo n.º 8
0
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        context = Contexts.getEventContext()
        session_attributes = context.get("sessionAttributes")

        client_redirect_uri = self.getClientRedirecUri(session_attributes)
        if client_redirect_uri == None:
            print "Super-Gluu. Prepare for step. redirect_uri is not set"
            return False

        self.setEventContextParameters(context)

        if step == 1:
            print "Super-Gluu. Prepare for step 1"
            if self.oneStep:
                session_state = SessionStateService.instance().getSessionStateFromCookie()
                if StringHelper.isEmpty(session_state):
                    print "Super-Gluu. Prepare for step 2. Failed to determine session_state"
                    return False
            
                issuer = ConfigurationFactory.instance().getConfiguration().getIssuer()
                super_gluu_request_dictionary = {'app': client_redirect_uri,
                                   'issuer': issuer,
                                   'state': session_state,
                                   'created': datetime.datetime.now().isoformat()}

                self.addGeolocationData(session_attributes, super_gluu_request_dictionary)

                super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))
                print "Super-Gluu. Prepare for step 1. Prepared super_gluu_request:", super_gluu_request
    
                context.set("super_gluu_request", super_gluu_request)
#            elif self.twoStep:
#                context.set("display_register_action", True)

            return True
        elif step == 2:
            print "Super-Gluu. Prepare for step 2"
            if self.oneStep:
                return True

            authenticationService = AuthenticationService.instance()
            user = authenticationService.getAuthenticatedUser()
            if user == None:
                print "Super-Gluu. Prepare for step 2. Failed to determine user name"
                return False

            if session_attributes.containsKey("super_gluu_request"):
                print "Super-Gluu. Prepare for step 2. Request was generated already"
                return True
            
            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "Super-Gluu. Prepare for step 2. Failed to determine session_state"
                return False

            auth_method = session_attributes.get("super_gluu_auth_method")
            if StringHelper.isEmpty(auth_method):
                print "Super-Gluu. Prepare for step 2. Failed to determine auth_method"
                return False

            print "Super-Gluu. Prepare for step 2. auth_method: '%s'" % auth_method
            
            issuer = ConfigurationFactory.instance().getConfiguration().getIssuer()
            super_gluu_request_dictionary = {'username': user.getUserId(),
                               'app': client_redirect_uri,
                               'issuer': issuer,
                               'method': auth_method,
                               'state': session_state,
                               'created': datetime.datetime.now().isoformat()}

            self.addGeolocationData(session_attributes, super_gluu_request_dictionary)

            super_gluu_request = json.dumps(super_gluu_request_dictionary, separators=(',',':'))
            print "Super-Gluu. Prepare for step 2. Prepared super_gluu_request:", super_gluu_request

            context.set("super_gluu_request", super_gluu_request)

            if auth_method in ['authenticate']:
                self.sendPushNotification(client_redirect_uri, user, super_gluu_request)

            return True
        else:
            return False
    def authenticate(self, configurationAttributes, requestParameters, step):
        credentials = Identity.instance().getCredentials()
        user_name = credentials.getUsername()

        context = Contexts.getEventContext()
        session_attributes = context.get("sessionAttributes")

        self.setEventContextParameters(context)

        if (step == 1):
            print "UAF. Authenticate for step 1"
            
            authenticated_user = self.processBasicAuthentication(credentials)
            if authenticated_user == None:
                return False

            uaf_auth_method = "authenticate"
            # Uncomment this block if you need to allow user second device registration
            #enrollment_mode = ServerUtil.getFirstValue(requestParameters, "loginForm:registerButton")
            #if StringHelper.isNotEmpty(enrollment_mode):
            #    uaf_auth_method = "enroll"
            
            if uaf_auth_method == "authenticate":
                user_enrollments = self.findEnrollments(credentials)
                if len(user_enrollments) == 0:
                    uaf_auth_method = "enroll"
                    print "UAF. Authenticate for step 1. There is no UAF enrollment for user '%s'. Changing uaf_auth_method to '%s'" % (user_name, uaf_auth_method)

            print "UAF. Authenticate for step 1. uaf_auth_method: '%s'" % uaf_auth_method
            
            context.set("uaf_auth_method", uaf_auth_method)

            return True
        elif (step == 2):
            print "UAF. Authenticate for step 2"

            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "UAF. Prepare for step 2. Failed to determine session_state"
                return False

            if user_name == None:
                print "UAF. Authenticate for step 2. Failed to determine user name"
                return False

            uaf_auth_result = ServerUtil.getFirstValue(requestParameters, "auth_result")
            if uaf_auth_result != "success":
                print "UAF. Authenticate for step 2. auth_result is '%s'" % uaf_auth_result
                return False

            # Restore state from session
            uaf_auth_method = session_attributes.get("uaf_auth_method")

            if not uaf_auth_method in ['enroll', 'authenticate']:
                print "UAF. Authenticate for step 2. Failed to authenticate user. uaf_auth_method: '%s'" % uaf_auth_method
                return False

            # Request STATUS_OBB
            if True:
                #TODO: Remove this condition
                # It's workaround becuase it's not possible to call STATUS_OBB 2 times. First time on browser and second ime on server
                uaf_user_device_handle = ServerUtil.getFirstValue(requestParameters, "auth_handle")
            else:
                uaf_obb_auth_method = session_attributes.get("uaf_obb_auth_method")
                uaf_obb_server_uri = session_attributes.get("uaf_obb_server_uri")
                uaf_obb_start_response = session_attributes.get("uaf_obb_start_response")

                # Prepare STATUS_OBB
                uaf_obb_start_response_json = json.loads(uaf_obb_start_response)
                uaf_obb_status_request_dictionary = { "operation": "STATUS_%s" % uaf_obb_auth_method,
                                                      "userName": user_name,
                                                      "needDetails": 1,
                                                      "oobStatusHandle": uaf_obb_start_response_json["oobStatusHandle"],
                                                    }
    
                uaf_obb_status_request = json.dumps(uaf_obb_status_request_dictionary, separators=(',',':'))
                print "UAF. Authenticate for step 2. Prepared STATUS request: '%s' to send to '%s'" % (uaf_obb_status_request, uaf_obb_server_uri)

                uaf_status_obb_response = self.executePost(uaf_obb_server_uri, uaf_obb_status_request)
                if uaf_status_obb_response == None:
                    return False

                print "UAF. Authenticate for step 2. Get STATUS response: '%s'" % uaf_status_obb_response
                uaf_status_obb_response_json = json.loads(uaf_status_obb_response)
                
                if uaf_status_obb_response_json["statusCode"] != 4000:
                    print "UAF. Authenticate for step 2. UAF operation status is invalid. statusCode: '%s'" % uaf_status_obb_response_json["statusCode"]
                    return False

                uaf_user_device_handle = uaf_status_obb_response_json["additionalInfo"]["authenticatorsResult"]["handle"]

            if StringHelper.isEmpty(uaf_user_device_handle):
                print "UAF. Prepare for step 2. Failed to get UAF handle"
                return False

            uaf_user_external_uid = "uaf:%s" % uaf_user_device_handle
            print "UAF. Authenticate for step 2. UAF handle: '%s'" % uaf_user_external_uid

            if uaf_auth_method == "authenticate":
                # Validate if user used device with same keYHandle
                user_enrollments = self.findEnrollments(credentials)
                if len(user_enrollments) == 0:
                    uaf_auth_method = "enroll"
                    print "UAF. Authenticate for step 2. There is no UAF enrollment for user '%s'." % user_name
                    return False
                
                for user_enrollment in user_enrollments:
                    if StringHelper.equalsIgnoreCase(user_enrollment, uaf_user_device_handle):
                        print "UAF. Authenticate for step 2. There is UAF enrollment for user '%s'. User authenticated successfully" % user_name
                        return True
            else:
                userService = UserService.instance()

                # Double check just to make sure. We did checking in previous step
                # Check if there is user which has uaf_user_external_uid
                # Avoid mapping user cert to more than one IDP account
                find_user_by_external_uid = userService.getUserByAttribute("oxExternalUid", uaf_user_external_uid)
                if find_user_by_external_uid == None:
                    # Add uaf_user_external_uid to user's external GUID list
                    find_user_by_external_uid = userService.addUserAttribute(user_name, "oxExternalUid", uaf_user_external_uid)
                    if find_user_by_external_uid == None:
                        print "UAF. Authenticate for step 2. Failed to update current user"
                        return False
    
                    return True

            return False
        else:
            return False
    def prepareForStep(self, configurationAttributes, requestParameters, step):
        credentials = Identity.instance().getCredentials()
        context = Contexts.getEventContext()
        session_attributes = context.get("sessionAttributes")

        self.setEventContextParameters(context)

        if (step == 1):
            return True
        elif (step == 2):
            print "UAF. Prepare for step 2"

            session_state = SessionStateService.instance().getSessionStateFromCookie()
            if StringHelper.isEmpty(session_state):
                print "UAF. Prepare for step 2. Failed to determine session_state"
                return False

            authenticationService = AuthenticationService.instance()
            user = authenticationService.getAuthenticatedUser()
            if (user == None):
                print "UAF. Prepare for step 2. Failed to determine user name"
                return False

            uaf_auth_method = session_attributes.get("uaf_auth_method")
            if StringHelper.isEmpty(uaf_auth_method):
                print "UAF. Prepare for step 2. Failed to determine auth_method"
                return False

            print "UAF. Prepare for step 2. uaf_auth_method: '%s'" % uaf_auth_method

            uaf_obb_auth_method = "OOB_REG"
            uaf_obb_server_uri = self.uaf_server_uri + "/nnl/v2/reg" 
            if StringHelper.equalsIgnoreCase(uaf_auth_method, "authenticate"):
                uaf_obb_auth_method = "OOB_AUTH"
                uaf_obb_server_uri = self.uaf_server_uri + "/nnl/v2/auth" 

            # Prepare START_OBB
            uaf_obb_start_request_dictionary = { "operation": "START_%s" % uaf_obb_auth_method,
                                                 "userName": user.getUserId(),
                                                 "policyName": "default",
                                                 "oobMode":
                                                    { "qr": "true", "rawData": "false", "push": "false" } 
                                               }

            uaf_obb_start_request = json.dumps(uaf_obb_start_request_dictionary, separators=(',',':'))
            print "UAF. Prepare for step 2. Prepared START request: '%s' to send to '%s'" % (uaf_obb_start_request, uaf_obb_server_uri)

            # Request START_OBB
            uaf_obb_start_response = self.executePost(uaf_obb_server_uri, uaf_obb_start_request)
            if uaf_obb_start_response == None:
                return False

            print "UAF. Prepare for step 2. Get START response: '%s'" % uaf_obb_start_response
            uaf_obb_start_response_json = json.loads(uaf_obb_start_response)

            # Prepare STATUS_OBB
            #TODO: Remove needDetails parameter
            uaf_obb_status_request_dictionary = { "operation": "STATUS_%s" % uaf_obb_auth_method,
                                                  "userName": user.getUserId(),
                                                  "needDetails": 1,
                                                  "oobStatusHandle": uaf_obb_start_response_json["oobStatusHandle"],
                                                }

            uaf_obb_status_request = json.dumps(uaf_obb_status_request_dictionary, separators=(',',':'))
            print "UAF. Prepare for step 2. Prepared STATUS request: '%s' to send to '%s'" % (uaf_obb_status_request, uaf_obb_server_uri)

            context.set("uaf_obb_auth_method", uaf_obb_auth_method)
            context.set("uaf_obb_server_uri", uaf_obb_server_uri)
            context.set("uaf_obb_start_response", uaf_obb_start_response)
            context.set("qr_image", uaf_obb_start_response_json["modeResult"]["qrCode"]["qrImage"])
            context.set("uaf_obb_status_request", uaf_obb_status_request)

            return True
        else:
            return False