SOAP Authentication (Overview)

Mis à jour le 16 Dec 2024
3 Minutes à lire

Partager
Sombre
Lumière
PDF

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

The SOAP authentication interface exposes various authentication commands (see Table: SOAP authentication commands (Overview)).

Table: SOAP authentication commands (Overview)
Command	Description
authUser	Error codesPerforms a user authentication operation on OneSpan Authentication Server (see authUser (Command)).
cancelAuthUser	Cancels a pending user authentication based on Push Notification (see cancelAuthUser (Command)).
changeBackendPassword	The user can change the static Active Directory password with a configured back end for OneSpan Authentication Server via a user self-management website (see changeBackendPassword (Command)).
changeEncStatPwd	Deprecated. Changes the PIN and static password for a Digipass 110 authenticator (see changeEncStatPwd (Command)).
getChallenge	Requests the OneSpan Authentication Server to generate an authentication challenge, i.e. 1-step challenge (see getChallenge (Command)).
getPreparedSecureChallenge	Used during the Push Notification authentication workflow by the mobile application to fetch the secure challenge for the authentication process (see getPreparedSecureChallenge (Command)).
getSecureChallenge	Requests OneSpan Authentication Server to generate a request message that can be used to initiate an authentication process (see getSecureChallenge (Command)). Applies if Secure Channel is supported.
updatePassword	Performs a static password update operation on OneSpan Authentication Server (see updatePassword (Command)).

The SOAP authentication commands support different credential field attributes (see Table: SOAP authentication credential field attributes).

Table: SOAP authentication credential field attributes
Attribute name	Data type	Description
CREDFLD_ADMIN_PRIVILEGES	String	The administration privileges of the user. Up to 255 characters.
CREDFLD_AUTH_TYPE	String	Determines the authentication type. This is used to force a specific authentication workflow. If omitted, the authentication command uses its default behavior to determine the authentication type. Possible values: PUSH_NOTIFICATION. Triggers an authentication via push notifications. A keyword is not required in this case.
CREDFLD_AUXILIARY_MESSAGE	String	The serialized error stack. Only specified if authuser request is not successful.
CREDFLD_CESPR	String	Deprecated. This is the change encrypted static password request generated by the Digipass 110 applet required for the changeEncStatPwd command.
CREDFLD_CHALLENGE	String	The challenge used to generate a response for challenge/response authentication.
CREDFLD_CHALLENGE_KEY	String	The challenge key used to refer to a challenge generated by OneSpan Authentication Server.
CREDFLD_CHALLENGE_MESSAGE	String	The message to be displayed to the end users asking them to use the returned challenge.
CREDFLD_COMPONENT_TYPE	String	SOAP client application identifier.
CREDFLD_CONFIRM_NEW_PIN	String	The confirmation of the new server PIN to be set.
CREDFLD_CONFIRM_STATIC_PASSWORD	String	The confirmation of the new static password to be set. Up to 255 characters.
CREDFLD_CONTROLLER_TYPE	String	SSM/HSM-Safenet
CREDFLD_CRYPTO_APP_INDEX	Unsigned Integer	The index of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can determine the application index with the DIGIPASSAPPLCMD_GETINFO command. Possible values: 1–n
CREDFLD_CRYPTO_APP_NAME	String	The name of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can retrieve the application names of an authenticator with the digipassapplQuery (Command) command. Up to 12 characters.
CREDFLD_CURRENT_PIN	String	The current server PIN to be changed.
CREDFLD_DIGIPASS		Input of authenticator credentials.
CREDFLD_DOMAIN	String	As output, the user's resolved domain will be specified. Up to 255 characters.
CREDFLD_DP_RESPONSE	String	The one-time password (OTP) generated by the authenticator (only used if CREDFLD_PASSWORD_FORMAT is set to 4).
CREDFLD_HOST_CODE	String	The host code, only returned if the corresponding attribute field was specified in the authentication request and the authentication has been successful.
CREDFLD_LOGICAL_ADMIN_PRIVILEGES	String	A comma-separated list of the assigned administrative privileges. Each administrative privilege is specified as follows: privilege_name [true\|false] For a list of possible values, see Table: Logical administrative privileges.
CREDFLD_NEW_PIN	String	The new server PIN to be set.
CREDFLD_NEW_STATIC_PASSWORD	String	The new static password to be set. Up to 255 characters.
CREDFLD_NOTIFY_GRACE_EXPIRE_DATE	Date
CREDFLD_NOTIFY_GRACE_PERIOD_EXPIRED	Boolean
CREDFLD_NOTIFY_PASSWORD_EXPIRE_DATE	DateTime	The date and time when the static password expires. Format: YYYY-MM-DDThh:mm:ssZ
CREDFLD_NOTIFY_PASSWORD_RANDOMIZE	Boolean
CREDFLD_NOTIFY_REQUIRE_PIN_CHANGE	Boolean
CREDFLD_NOTIFY_TOKEN_IS_ASSIGNED	Boolean
CREDFLD_ORGANIZATIONAL_UNIT	String	Indicates the user's resolved organizational unit. Up to 255 characters.
CREDFLD_PASSWORD	String	The combined password string (only if CREDFLD_PASSWORD_FORMAT is set to 0).
CREDFLD_PASSWORD_FORMAT	Unsigned Integer	Possible values: 0. Cleartext combined password format. 4. Different authentication elements are provided into separate parameters in cleartext.
CREDFLD_PLATFORM	String	Linux/Windows
CREDFLD_PRODUCT_NAME	String	The product name of the OneSpan Authentication Server instance.
CREDFLD_PRODUCT_VERSION	String	The product version of the OneSpan Authentication Server instance including the build number. Format: major.minor.patch.build
CREDFLD_REQUEST_BODY	String	The clear request body used to generate the challenge request message for an authentication process using Secure Channel. Applies if Secure Channel is supported. Up to 512 characters.
CREDFLD_REQUEST_HOST_CODE	String	Possible values: 0. No. 1. Optional. 2. Required. Only the number should be used.
CREDFLD_REQUEST_MESSAGE	String	The secure challenge request message. Applies if Secure Channel is supported. Up to 1070 hexadecimal characters.
CREDFLD_RESTRICT_ADMIN_PRIVILEGE_ASSIGNMENT	String
CREDFLD_SERIAL_NO	String	As input, the serial number of the authenticator to be used for the respective command. As output, the serial number of the authenticator (instance) that was used to perform the respective operation. Up to 255 characters.
CREDFLD_SERVER_LOCAL_TZ	String	Server local timezone.
CREDFLD_SESSION_ID	String	The session ID for a wireless RADIUS session. May be used for fast reconnect. Up to 255 characters.
CREDFLD_STATIC_PASSWORD	String	Only used if CREDFLD_PASSWORD_FORMAT is 4. Up to 255 characters.
CREDFLD_STATUS_MESSAGE	String	The reason of failure. Only specified if an authuser request is not successful.
CREDFLD_STORAGE_TYPE	String	ODBC/LDAP
CREDFLD_USER_ATTRIBUTE_GROUP	String	The user attribute group name for the attributes you want to be returned after a successful authentication. Up to 255 characters.
CREDFLD_USERID	String	The user ID as provided by the calling application (no specific format is required). As output, the resolved user ID will be specified. Up to 255 characters.
CREDLFD_SVR_PUBLIC_KEY	String	Server public key
CREDLFD_TRANSACTION_TITLE	String	The title of a secure challenge transaction. Applies if Secure Channel is supported. Up to 255 characters.

Table: Logical administrative privileges lists the available logical admin privileges.

Table: Logical administrative privileges
admin_logon	update_digipass	disable_server_pin	delete_orgunit	take_task_ownership
access_all_domains	delete_digipass	enable_server_pin	reset_offline_data	import_user
live_audit	assign_digipass	create_emvcap_application	replication_status	view_key
set_auth_policy_overrides	unassign_digipass	generate_dpappl_activation_data	replication_reconnect	create_key
axsguard_system_administration	move_digipass	import_digipass	view_report	update_key
view_audit_information	reset_activation	view_policy	create_report	delete_key
view_user	view_emv_pan	create_policy	update_report	rotate_key
create_user	set_digipass_expiration	update_policy	delete_report	view_reportfile
update_user	send_digipass_activation_data	delete_policy	change_report_owner	delete_reportfile
delete_user	bind_digipass	view_backend	run_report	download_reportfile
link_user	unbind_digipass	create_backend	access_domain	take_ownership_reportfile
unlink_user	generate_activation_message	update_backend	take_report_ownership	change_ownership_reportfile
move_user	add_device	delete_backend	view_server_configuration
view_privileges	deactivate_digipass	view_component	update_server_configuration
set_privileges	reset_dpappl	create_component	view_admin_session
unlock_user	set_dpappl_event	update_component	delete_admin_session
enable_user	reset_pin	delete_component	view_configuration
disable_user	force_pin_change	view_domain	update_configuration
set_password	set_pin	create_domain	view_task
reset_password	unlock_digipass	update_domain	update_task
set_user_expiration	reset_dpappl_lock	delete_domain	delete_task
reset_last_authentication_time	test_otp	view_orgunit	cancel_task
set_admin_domains	generate_virtual_otp	create_orgunit	resume_task
view_digipass	test_signature	update_orgunit	suspend_task

Cet article vous a-t-il été utile ?

What's Next

authUser (Command)