Login
    Contents x
    Setting up 1-step challenge/response
    • 17 Jan 2025
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Contents

    Setting up 1-step challenge/response

    • Updated on 17 Jan 2025
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Article summary

    1-step challenge/response is available for web authentication, where challenge/response is supported. In this mode, the user sees only one logon step. This mode is suitable for time-based challenge/response, but is less secure for non-time based challenge/response. If attackers manage to capture some valid responses, they can repeatedly request new challenges until one they know comes up again.

    A random challenge is requested automatically by the web application and presented to the user on the logon page. A general-purpose challenge is generated, without reference to any particular authenticator programming. The user logs on with the response to the challenge as OTP.

    Before you begin

    The procedure assumes that a client component has already been defined and assigned a policy. 1-step challenge/response is enabled in the policy associated with the client component.

    Setting up 1-step challenge/response

    To set up 1-step challenge/response

    1. Log on to the OneSpan Authentication Server Administration Web Interface (see Accessing OneSpan Authentication Server Appliance Configuration Tool and OneSpan Authentication Server Administration Web Interface).
    2. Locate the client component via CLIENTS > List.
    3. Click the policy of the client component to view it.
    4. Click Edit to edit the policy.

    5. Update the challenge settings:

      1. Switch to the Challenge tab.
      2. Click Edit.

      3. To enable 1-step challenge/response, set Permitted to one of the following:

        • Yes - Any Challenge. Use this if you want the client application to generate the challenge.
        • Yes - Server Challenge. Use this if you want OneSpan Authentication Server to generate the challenge. The OneSpan Authentication Server instance that generated the challenge needs to verify the response.

      4. Set Challenge Length excluding the check digit.

        This will be the length of the challenge generated by OneSpan Authentication Server if server challenge is selected.

      5. Set Check Digit.

        A check digit may be added to the generated challenge if server challenge is set. This allows the authenticator to identify invalid challenges more quickly.

      6. Click Save.

    6. Update the check mode settings:

      1. Switch to the DP Control Parameters tab.
      2. Click Edit.
      3. Set Challenge Check Mode to 0 - No Challenge Check.
      4. Click Save.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant