- 23 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
Integrate response validation
- Updated on 23 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
Each action configured in the Mobile Authenticator Studio app can call a web service to validate a response. If an action uses a URL in its OutputData element with the internalValidation attribute set to true, the URL will be called by Mobile Authenticator Studio internally. If the internalValidation attribute is not used as described, Mobile Authenticator Studio will close. If this occurs, a web browser will then open the configured URL after the mask parameters in the URL have been replaced.
Internal response validation (overview)
External response validation (overview)
If a score-based authentication mechanism is used to generate the OTP, the score evaluated by Mobile Authenticator Studio will be returned by OneSpan Authentication Server Framework. This is done through the return code of the OTP verification API.
Score-based authentication requires OneSpan Authentication Server Framework 3.14 or later.
For more information about retrieving the client score from Authentication Server Framework, refer to the OneSpan Authentication Server Framework Programmer's Guide.
Response Validation Request
The request sent by Mobile Authenticator Studio is configured in the OutputData section of the configuration file:
<!-- Out of Band login -->
<Action id="oob"cryptoAppIndex="2">
<InputData inputType="image"imageFormat="all" displayImageContent="false"/>
<OutputData displayed="false"internalValidation="true">
<URL method="POST"value="http://MY_DOMAIN_NAME/MY_WEB_SERVICE?serialNumber=%_SerialNumber_%&sequenceNumber=%_SequenceNumber_%&otp=%_OTP_%" />
</OutputData>
...
</Action>
The URL can use the HTTP POST or GET methods. For more information about URL customization, refer to the Mobile Authenticator Studio Customization Guide.
Parameter name | Description |
---|---|
RegistrationIdentifier | The identifier used during activation. Format: Alphanumeric string, limited to 40 characters |
OTP | The response generated by the cryptographic application defined by the cryptoAppIndex attribute of the Action element. Format: Hexadecimal string, limited to 16 characters |
Challenge | The challenge used for Challenge/Response-based cryptographic applications. Format: Decimal string, limited to 16 characters |
SerialNumber | The authenticator serial number. Format: Alphanumeric string, 10 characters |
SequenceNumber | The sequence number of the authenticator instance/account. Format: Numeric string of 2 characters |
UserIdentifier | The extra user identifier that has been set during activation. Format: Alphanumeric string, limited to 40 characters |
DTF1 | This is the first data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF2 | This is the second data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF3 | This is the third data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF4 | This is the fourth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF5 | This is the fifth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF6 | This is the sixth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF7 | This is the seventh data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF8 | This is the eighth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
Version | The version of the application binary as defined when configuring the app. |
DeviceIdentifier | The device-unique identifier. Format: String of 64 hexadecimal characters |
RootingStatus | The status indicating whether the device is rooted, either true or false according to the device state. |
Response Validation Response
The response expected by Mobile Authenticator Studio must be formatted as described in the DTD:
<!ELEMENT DP4Mobile>
<!ATTLIST DP4Mobile retCode CDATA #REQUIRED>
<!ATTLIST DP4Mobile message CDATA #REQUIRED>
<!ATTLIST DP4Mobile serverTime CDATA #IMPLIED>
Example
<?xmlversion="1.0"encoding="UTF-8"?>
<DP4MobileretCode="0"message="Operation Successful" />
Attribute name | Description |
---|---|
//DP4Mobile/@retCode | Required. The return code associated with the response validation request. 0 means success, any other value will cause the message attribute value to be displayed. |
//DP4Mobile/@message | Required. The return message associated with the response validation request. This value will be displayed by the app if not empty. |
//DP4Mobile/@serverTime | Optional. This is the current server GMT time. This value will be used by the app to silently set the drift between device and server time to keep the app synchronized. |