Login
    Contenu x
    digipassExecute (Command)
    • 18 Dec 2024
    • 12 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    digipassExecute (Command)

    • Mis à jour le 18 Dec 2024
    • 12 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The digipassExecute command supports authenticator–related administrative operations.

      Table: digipassExecute commands (SOAP Administration)
    CommandDescription
    DIGIPASSCMD_ADD_DEVICE

    Registers a new authenticator device or instance (see  DIGIPASSCMD_ADD_DEVICE). In a two-step activation scenario, this constitutes the second activation step.

    Applies to authenticators that are compliant with multi-device licensing (MDL).

    DIGIPASSCMD_ASSIGN

    Assigns an authenticator to a user (see  DIGIPASSCMD_ASSIGN).

    DIGIPASSCMD_BIND_DEVICEBinds a Mobile Authenticator Studio device (see  DIGIPASSCMD_BIND_DEVICE).
    DIGIPASSCMD_DEACTIVATE

    Generates a deactivation message for a specific authenticator instance (see  DIGIPASSCMD_DEACTIVATE).

    Applies to authenticators that are compliant with multi-device licensing (MDL).

    DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE

    Decrypts the body of an information message with an encrypted payload key created by a device compliant with multi-device licensing (MDL) (see  DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE).

    encryptRequestMessage

    Encrypts the body of an information message with an encrypted payload key created by a device compliant with multi-device licensing (MDL) (see  encryptRequestMessage).

    DIGIPASSCMD_DELETE

    Deletes the specified authenticator (see  DIGIPASSCMD_DELETE).

    DIGIPASSCMD_GENERATE_ACTIVATION_DATAGenerates activation data for Mobile Authenticator Studio (see  DIGIPASSCMD_GENERATE_ACTIVATION_DATA).
    DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE

    Generates the first activation message for a specific authenticator license (see  DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE). In a two-step activation scenario, this constitutes the first activation step.

    Applies to authenticators that are compliant with multi-device licensing (MDL).

    DIGIPASSCMD_MOVE

    Moves the specified authenticator to another domain and/or organizational unit in the organizational structure (see  DIGIPASSCMD_MOVE).

    DIGIPASSCMD_RESET_ACTIVATION

    Resets the activation information for the specified authenticator. For authenticators that are compliant with a standard activation, the activation account, location, and time are reset. For authenticators that are compliant with multi-device licensing (MDL), the activation count and challenge message are reset (see  DIGIPASSCMD_RESET_ACTIVATION).

    DIGIPASSCMD_SEND_ACTIVATION_DATASends activation data to Mobile Authenticator Studio (see  DIGIPASSCMD_SEND_ACTIVATION_DATA).
    DIGIPASSCMD_SET_EXPIRATIONSets the expiration and/or start date for the specified authenticator (see  DIGIPASSCMD_SET_EXPIRATION).

    DIGIPASSCMD_UNASSIGN

    Unassigns the specified authenticator (see  DIGIPASSCMD_UNASSIGN).

    DIGIPASSCMD_UNBIND_DEVICEUnbinds a bound Mobile Authenticator Studio device (see  DIGIPASSCMD_UNBIND_DEVICE).

    DIGIPASSCMD_UPDATE

    Updates the specified authenticator information (see  DIGIPASSCMD_UPDATE).

    DIGIPASSCMD_VIEW

    Displays the authenticator information for the specified authenticator (see  DIGIPASSCMD_VIEW).

    Parameters

      Table: digipassExecute input parameters
    Parameter nameData typeDescription

    sessionID

    String

    Required. The session identifier of the current administrative session. The logon command returns this identifier after a successful logon (see  logon (Command)).

    cmd

    String

    Required. The operation to be executed. See Table: digipassExecute commands (SOAP Administration).

    attributeSet

    DigipassAttributeSet

    Required. A set containing zero or more attribute fields.

      Table: digipassExecute output parameters
    Parameter nameData typeDescription

    results

    DigipassResults

    Required. Result structure containing return and status codes and a list of zero or more result attribute fields.

    The following field attributes are available for the operations of this command:

      Table: digipassExecute field attributes
    Attribute nameData typeDescription
    DIGIPASSFLD_ACTIVATION_CHALLENGE  
    DIGIPASSFLD_ACTIV_COUNTInteger0 or positive integer.
    DIGIPASSFLD_ACTIV_LOCATIONSStringUp to 1024 characters.
    DIGIPASSFLD_ACTIVE_APPL_NAMESStringUp to 255 characters.
    DIGIPASSFLD_ACTIVE_APPL_TYPESStringUp to 32 characters.
    DIGIPASSFLD_APPL_NAMEString

    The name of the authenticator application that can be used to validate the activation signature parameter.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_ASSIGN_STATUSString

    Supported values:

    • Assigned
    • Unassigned
    DIGIPASSFLD_ASSIGNED_DATEDateTime 
    DIGIPASSFLD_ASSIGNED_USER_LDAP_DNString 
    DIGIPASSFLD_ASSIGNED_USER_ORG_UNITStringUp to 255 characters.
    DIGIPASSFLD_ASSIGNED_USERIDStringUp to 255 characters.
    DIGIPASSFLD_AUTO_EXECUTEBoolean

    Specifies whether the respective pending operation should be automatically executed on behalf of the maker administrator upon approval by the checker administrator.

    Effective only if maker–checker authorization is enabled.

    Default value: False

    DIGIPASSFLD_BACKUP_VDP_ENABLEDString

    Up to 1024 characters

    Supported values:

    • Default
    • No
    • Yes – Permitted
    • Yes – Required
    DIGIPASSFLD_BACKUP_VDP_EXPIRESDate 
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTInteger0 or positive integer.
    DIGIPASSFLD_BIND_STATUSString 
    DIGIPASSFLD_CHECKER_DOMAINString

    The domain of the administrator to approve a pending operation via maker–checker authorization. Mandatory to create a pending operation of a maker–checker-enabled command (approve request), if maker–checker authorization is enabled.

    Up to 255 characters.

    DIGIPASSFLD_CHECKER_USERIDString

    The user ID of the administrator to approve a pending operation via maker–checker authorization. Mandatory to create a pending operation of a maker–checker-enabled command (approve request), if maker–checker authorization is enabled.

    Up to 255 characters.

    DIGIPASSFLD_CREATE_TIMEDateTime 
    DIGIPASSFLD_DELIVERY_METHODString 
    DIGIPASSFLD_DERIVATION_CODEString 
    DIGIPASSFLD_DESTINATIONString 
    DIGIPASSFLD_DEVICE_CODEString

    The device code generated by the authenticator when processing the first activation message.

    Applies to authenticators compliant with multi-device licensing (MDL)

    DIGIPASSFLD_DEVICE_IDString

    The identifier that refers to a specific authenticator.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_DEVICE_PNIDString

    The DIGIPASS Push Notification Identifier (PNID) is a OneSpan-specific identifier, which uniquely identifies any mobile device.

    Up to 2064 characters.

    DIGIPASSFLD_DEVICE_TYPEString

    The device type of the authenticator to be activated.

    Applies to authenticators compliant with multi-device licensing (MDL).

    Supported values:

    • 0. Hardware device
    • 1. Unknown software platform
    • 3. iOS
    • 5. Jailbroken iOS
    • 7. Android
    • 9. Rooted Android
    • 11. Windows Phone
    • 13. BlackBerry Native
    • 15. MIDP2 Platform or BlackBerry Java
    • 17. Windows
    • 19. Linux
    • 21. Mac
    • 23. RFU
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYBoolean 
    DIGIPASSFLD_DOMAINString

    The domain the relevant authenticator belongs to.

    Up to 255 characters.

    DIGIPASSFLD_DP_DESCRIPTIONStringA custom field used to identify authenticators.
    DIGIPASSFLD_DPSOFT_PARAMS_IDString

     

    DIGIPASSFLD_DPTYPEString

    The authenticator type identifier.

    Exactly 5 characters.

    DIGIPASSFLD_EMVCAP_PANStringEMV-CAP primary account number (PAN).
    DIGIPASSFLD_EVENT_REACTIVATION_COUNTERString 
    DIGIPASSFLD_EXPIRATION_TIMEDateTimeThe expiration date and time of the authenticator. An expired authenticator is ignored when processing authentication, administrative logon, signature validation, and provisioning requests.
    DIGIPASSFLD_EXPIREDBoolean

    Indicates whether the authenticator has expired.

    Only set if the authenticator is assigned to a user.

    DIGIPASSFLD_FULL_ACTIVATION_DATAString 
    DIGIPASSFLD_GRACE_PERIOD_DAYSInteger

    0 or positive integer.

    Defines the grace period expiration date of the authenticator during assignment.

    DIGIPASSFLD_GRACE_PERIOD_EXPIREDBoolean

    Indicates whether the grace period for the authenticator has ended.

    Only set if the authenticator is assigned to a user.

    DIGIPASSFLD_GRACE_PERIOD_EXPIRESDate

     

    DIGIPASSFLD_INFORMATION_BODYString

    In case of a successful operation, this parameter contains the clear information body extracted from the information message.

    Up to 1024 hexadecimal characters.

    DIGIPASSFLD_INFORMATION_MESSAGEStringContains the information message that has been generated by the authenticator. The string length must be a multiple of 2 with a maximum length of 1070 characters.
    DIGIPASSFLD_LAST_ACTIV_TIMEDateTime 
    DIGIPASSFLD_LDAP_DNString 
    DIGIPASSFLD_LICENSE_SERNOString

    The serial number or authenticator license for which an authenticator instance has been activated.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_MAX_ACTIVATIONSInteger

    The maximum number of authenticator activations that can be performed with an authenticator license.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_MDC_PROFILEString

    The specific MDC profile used to send activation data via Message Delivery Component (MDC). This takes precedence over the MDC profile specified in the user profile.

    Can be a null-value (via attributeOptions).

    DIGIPASSFLD_MODIFY_TIMEDateTime 
    DIGIPASSFLD_NEW_DOMAINStringUp to 255 characters.
    DIGIPASSFLD_NEW_ORGANIZATIONAL_UNITStringUp to 255 characters.
    DIGIPASSFLD_ORGANIZATIONAL_UNITString

    The organizational unit the authenticator belongs to.

    Up to 255 characters.

    DIGIPASSFLD_PAYLOAD_KEY_BLOB  
    DIGIPASSFLD_PENDING_OPERATION_IDString

    The ID of a pending operation awaiting approval via maker–checker authorization. This identifier is a case-sensitive alphanumeric 8-character string.

    It is automatically generated and returned. It is mandatory to execute a pending operation of a supported maker–checker-enabled command (approve request), if maker–checker authorization is enabled.

    Exactly 8 characters.

    DIGIPASSFLD_PROV_ACTIV_COUNTInteger

    The provisioning activation count, i.e. the total number of provisioning activations performed for an MDL license, allowing to limit provisioning to a certain threshold. Can be reset to 0 to allow additional provisioning attempts.

    Supported values: 0 and positive integer values

    Default value: 0

    DIGIPASSFLD_QR_CODEString 
    DIGIPASSFLD_REQUEST_KEYString

    The key that refers to the second activation message cached by OneSpan Authentication Server. In the response, DIGIPASSFLD_REQUEST_KEY must be used together with DIGIPASSFLD_APPL_NAME, i.e. both attributes are either present or missing.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_REQUEST_MESSAGEString

    The activation message.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_RESULT_CODEString 
    DIGIPASSFLD_RESULT_MESSAGEString 
    DIGIPASSFLD_SEARCH_DOWN_OU_PATHBooleanDetermines whether to search within child organizational units when performing a query or assigning an authenticator.
    DIGIPASSFLD_SEARCH_UP_OU_PATHBooleanDetermines whether to search upwards to the domain root and in the DIGIPASS pool for an available, unassigned authenticator.
    DIGIPASSFLD_SECURE_CHANNELBoolean

    If true, at least one authenticator application supports Secure Channel.

    Applies to authenticators compliant with multi-device licensing (MDL).

    DIGIPASSFLD_SERNOString

    The authenticator serial number.

    Exactly 10 characters.

    DIGIPASSFLD_START_TIMEDateTime

    The date and time the authenticator becomes active and can effectively be used (delayed activation).

    Format: YYYY-MM-DDThh:mm:ss.SSSZ

    DIGIPASSFLD_TO_EXPIRATION_TIMEDateTime

    Used when searching authenticators within a range from DIGIPASSFLD_EXPIRATION_TIME to DIGIPASSFLD_TO_EXPIRATION_TIME (using digipassQuery).

    Format: YYYY-MM-DDThh:mm:ss.SSSZ

    DIGIPASSFLD_TO_SERNOStringUsed as upper bound when searching authenticators within a range from DIGIPASSFLD_SERNO to DIGIPASSFLD_TO_SERNO (using digipassQuery or using DIGIPASSCMD_ASSIGN for auto-assignment).
    DIGIPASSFLD_TO_START_TIMEDateTime

    Used when searching authenticators within a range from DIGIPASSFLD_START_TIME to DIGIPASSFLD_TO_START_TIME (using digipassQuery).

    Format: YYYY-MM-DDThh:mm:ss.SSSZ

    DIGIPASSFLD_TOP_ORGANIZATIONAL_UNITString 

    DIGIPASSCMD_VIEW

    DIGIPASSCMD_VIEW displays the authenticator information for the specified authenticator.

    Parameters

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_VIEW (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command.

      Table: DIGIPASSCMD_VIEW (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_ACTIV_COUNTIf defined
    DIGIPASSFLD_ACTIV_LOCATIONSIf defined
    DIGIPASSFLD_ACTIVE_APPL_NAMESAlways
    DIGIPASSFLD_ACTIVE_APPL_TYPESAlways
    DIGIPASSFLD_ASSIGN_STATUSAlways
    DIGIPASSFLD_ASSIGNED_DATEIf defined
    DIGIPASSFLD_ASSIGNED_USERIDIf defined
    DIGIPASSFLD_BACKUP_VDP_ENABLEDIf defined
    DIGIPASSFLD_BACKUP_VDP_EXPIRESIf defined
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTIf defined
    DIGIPASSFLD_CREATE_TIMEAlways
    DIGIPASSFLD_DEVICE_IDIf defined
    DIGIPASSFLD_DEVICE_PNIDIf defined
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYIf defined
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_DPSOFT_PARAMS_IDIf defined
    DIGIPASSFLD_DPTYPEAlways
    DIGIPASSFLD_EXPIRATION_TIMEIf defined
    DIGIPASSFLD_EXPIREDAlways
    DIGIPASSFLD_GRACE_PERIOD_EXPIREDAlways
    DIGIPASSFLD_GRACE_PERIOD_EXPIRESIf defined
    DIGIPASSFLD_LAST_ACTIV_TIMEIf defined
    DIGIPASSFLD_LICENSE_SERNOIf defined
    DIGIPASSFLD_MAX_ACTIVATIONSIf defined
    DIGIPASSFLD_MODIFY_TIMEAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_PROV_ACTIV_COUNTIf defined
    DIGIPASSFLD_SERNOAlways
    DIGIPASSFLD_START_TIMEIf defined

    Requirements

    Required administrative privileges:

    • View DIGIPASS

    DIGIPASSCMD_UPDATE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_UPDATE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_BACKUP_VDP_ENABLEDOptional
    DIGIPASSFLD_BACKUP_VDP_EXPIRESOptional
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTOptional
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYOptional
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_DP_DESCRIPTIONOptional
    DIGIPASSFLD_GRACE_PERIOD_EXPIRESOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

     

      Table: DIGIPASSCMD_UPDATE (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_ACTIV_COUNTIf defined
    DIGIPASSFLD_ACTIV_LOCATIONSIf defined
    DIGIPASSFLD_ACTIVE_APPL_NAMESAlways
    DIGIPASSFLD_ACTIVE_APPL_TYPESAlways
    DIGIPASSFLD_ASSIGN_STATUSAlways
    DIGIPASSFLD_ASSIGNED_USERIDIf defined
    DIGIPASSFLD_ASSIGNED_DATEIf defined
    DIGIPASSFLD_BACKUP_VDP_ENABLEDIf defined
    DIGIPASSFLD_BACKUP_VDP_EXPIRESIf defined
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTIf defined
    DIGIPASSFLD_CREATE_TIMEAlways
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYIf defined
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_DP_DESCRIPTIONIf defined
    DIGIPASSFLD_DPSOFT_PARAMS_IDIf defined
    DIGIPASSFLD_DPTYPEAlways
    DIGIPASSFLD_GRACE_PERIOD_EXPIRESIf defined
    DIGIPASSFLD_LAST_ACTIV_TIMEIf defined
    DIGIPASSFLD_MODIFY_TIMEAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_SERNOAlways

    encryptRequestMessage

    encryptRequestMessage encrypts the body of a request message for the communication between the server side and a software authenticator in a mobile app with an encrypted payload key. This key is generated by a device compliant with multi-device licensing (MDL).

    Parameters

      Table: encryptRequestMessage input parameters (SOAP administration)
    Parameter nameData typeDescription
    serialNumberStringRequired. The serial number of the authenticator used to encrypt the request message.
    domainStringOptional. The domain of the user to be authenticated with the respective authenticator.
    orgUnitStringOptional. The organizational unit of the user to be authenticated with the respective authenticator.
    messageStringRequired. The body of the Secure Channel message used to communicate the relevant information to the mobile app.

      

      Table: encryptRequestMessage output parameters (SOAP administration)
    Parameter nameData typeDescription
    statusCommandStatusResponseRequired. The error stack, indicating that the command has not completed successfully, if applicable, and the result and status codes returned by the command.
    resultEncryptRequestMessageResultRequired. The output field for this command, returning information about the Secure Channel message.

    EncryptRequestMessageResult (Data type)

      Table: EncryptRequestMessageResult (Data type)
    Parameter nameData typeDescription
    serialNumberString

    Required. The serial number of the authenticator used for the authentication process.

    domainStringRequired. The domain of the user to be authenticated with the respective authenticator.
    orgUnitStringOptional. The organizational unit of the user to be authenticated with the respective authenticator.
    encryptedmessageString

    Required. The body of the encrypted Secure Channel message used to communicate the relevant information to the mobile app. It contains the encrypted payload key.

    Requirements

    Required administrative privileges:

    • Encrypt DIGIPASS Information Message

    DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE

    DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE decrypts the body of an information message with an encrypted payload key generated by a device compliant with multi-device licensing (MDL).

    Parameters

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_INFORMATION_MESSAGEMandatory
    DIGIPASSFLD_ORGANIZATIONAL_UNITOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_INFORMATION_BODYAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_SERNOAlways

    Requirements

    Required administrative privileges:

    • Decrypt DIGIPASS Information Message

    DIGIPASSCMD_DELETE

    Only the authenticator attribute DIGIPASSFLD_SERNO can be specified in the attributeSet input parameter of this command. This attribute is mandatory.

    This command returns no result attributes.

    DIGIPASSCMD_ASSIGN

    DIGIPASSCMD_ASSIGN assigns an authenticator (either a specific or automatically selected one) to a user.

    This command supports maker–checker authorization.

    Parameters

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_ASSIGN (Supported input attributes)
    Attribute nameOptionality
    (Regular)    		Optionality
    (Maker–Checker)
    Approve RequestExecute
    DIGIPASSFLD_ACTIV_COUNTOptionalOptionaln/a
    DIGIPASSFLD_ACTIVE_APPL_NAMESOptionalOptionaln/a
    DIGIPASSFLD_ASSIGNED_USER_ORG_UNITOptionalOptionaln/a
    DIGIPASSFLD_ASSIGNED_USERIDMandatoryMandatoryn/a
    DIGIPASSFLD_AUTO_EXECUTEn/aOptionaln/a
    DIGIPASSFLD_CHECKER_DOMAINn/aMandatoryn/a
    DIGIPASSFLD_CHECKER_USERIDn/aMandatoryn/a
    DIGIPASSFLD_DOMAINMandatoryMandatoryn/a
    DIGIPASSFLD_DPTYPEOptionalOptionaln/a
    DIGIPASSFLD_EXPIRATION_TIMEOptionalOptionaln/a
    DIGIPASSFLD_GRACE_PERIOD_DAYSOptionalOptionaln/a
    DIGIPASSFLD_PENDING_OPERATION_IDn/an/aMandatory
    DIGIPASSFLD_SEARCH_UP_OU_PATHOptionalOptionaln/a
    DIGIPASSFLD_SERNOOptionalOptionaln/a
    DIGIPASSFLD_START_TIMEOptionalOptionaln/a
    DIGIPASSFLD_TO_SERNOOptionalOptionaln/a

    If DIGIPASSFLD_SERNO is missing, the next unassigned and available authenticator is automatically assigned to the user. If this attribute is missing, you should set DIGIPASSFLD_SEARCH_UP_OU_PATH to make sure that an available authenticator can be found, in the case that users and authenticators are stored in different organizational entities.

    If DIGIPASSFLD_SERNO is missing but DIGIPASSFLD_DPTYPE is specified, only authenticators of that particular type are considered. If DIGIPASSFLD_SERNO and DIGIPASSFLD_DPTYPE are specified, DIGIPASSFLD_SERNO takes precedence and DIGIPASSFLD_DPTYPE is ignored.

    The DIGIPASSFLD_SERNO attribute takes precedence over DIGIPASSFLD_ACTIV_COUNT and DIGIPASSFLD_ACTIVE_APPL_NAMES, if DIGIPASSFLD_SERNO is specified, DIGIPASSFLD_ACTIV_COUNT and DIGIPASSFLD_ACTIV_COUNT have no effect.

    You can specify multiple serial numbers as a comma-separated list in the DIGIPASSFLD_SERNO attribute. The first available authenticator from that list is assigned. Alternatively, you can use DIGIPASSFLD_SERNO and DIGIPASSFLD_TO_SERNO to define a range of serial numbers and automatically pick an authenticator from that range to assign.

    The DIGIPASSFLD_SERNO attribute supports the use of asterisks (*) as wildcard characters. A single asterisk wildcard to specify any serial number is supported.

    The DIGIPASSFLD_TO_SERNO attribute does not support the use of asterisks (*) as wildcard characters.

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_ASSIGN (Supported output attributes)
    Attribute nameReturned
    (Regular)    		Returned
    (Maker–Checker)
    Approve RequestExecute
    DIGIPASSFLD_ACTIV_COUNTIf definedn/aIf defined
    DIGIPASSFLD_ACTIV_LOCATIONSIf definedn/aIf defined
    DIGIPASSFLD_ACTIVE_APPL_NAMESAlwaysn/aAlways
    DIGIPASSFLD_ACTIVE_APPL_TYPESAlwaysn/aAlways
    DIGIPASSFLD_ASSIGN_STATUSAlwaysn/aAlways
    DIGIPASSFLD_ASSIGNED_DATEAlwaysn/aAlways
    DIGIPASSFLD_ASSIGNED_USERIDAlwaysn/aAlways
    DIGIPASSFLD_AUTO_EXECUTEn/aAlwaysn/a
    DIGIPASSFLD_BACKUP_VDP_ENABLEDIf definedn/aIf defined
    DIGIPASSFLD_BACKUP_VDP_EXPIRESIf definedn/aIf defined
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTIf definedn/aIf defined
    DIGIPASSFLD_CREATE_TIMEAlwaysn/aAlways
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYIf definedn/aIf defined
    DIGIPASSFLD_DOMAINAlwaysn/aAlways
    DIGIPASSFLD_DPSOFT_PARAMS_IDIf definedn/aIf defined
    DIGIPASSFLD_DPTYPEAlwaysn/aAlways
    DIGIPASSFLD_EXPIRATION_TIMEIf definedn/aIf defined
    DIGIPASSFLD_GRACE_PERIOD_EXPIRESIf definedn/aIf defined
    DIGIPASSFLD_LAST_ACTIV_TIMEIf definedn/aIf defined
    DIGIPASSFLD_MODIFY_TIMEAlwaysn/aAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf definedn/aIf defined
    DIGIPASSFLD_PENDING_OPERATION_IDn/aAlwaysn/a
    DIGIPASSFLD_SERNOAlwaysn/aAlways
    DIGIPASSFLD_START_TIMEIf definedn/aIf defined
    DIGIPASSFLD_TO_SERNOIf definedn/aIf defined

    Requirements

    Required administrative privileges:

    • Assign DIGIPASS

    DIGIPASSCMD_UNASSIGN

    DIGIPASSCMD_UNASSIGN unassigns the specified authenticator. The start time (DIGIPASSFLD_START_TIME) is reset.

    This command supports maker–checker authorization.

    Parameters

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_UNASSIGN (Supported input attributes)
    Attribute nameOptionality
    (Regular)    		Optionality
    (Maker–Checker)
    Approve RequestExecute
    DIGIPASSFLD_AUTO_EXECUTEn/aOptionaln/a
    DIGIPASSFLD_CHECKER_DOMAINn/aMandatoryn/a
    DIGIPASSFLD_CHECKER_USERIDn/aMandatoryn/a
    DIGIPASSFLD_DOMAINOptionalOptionaln/a
    DIGIPASSFLD_PENDING_OPERATION_IDn/an/aMandatory
    DIGIPASSFLD_SERNOMandatoryMandatoryn/a

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_UNASSIGN (Supported output attributes)
    Attribute nameReturned
    (Regular)    		Returned
    (Maker–Checker)
    Approve RequestExecute
    DIGIPASSFLD_ACTIV_COUNTIf definedn/aIf defined
    DIGIPASSFLD_ACTIV_LOCATIONSIf definedn/aIf defined
    DIGIPASSFLD_ACTIVE_APPL_NAMESAlwaysn/aAlways
    DIGIPASSFLD_ACTIVE_APPL_TYPESAlwaysn/aAlways
    DIGIPASSFLD_ASSIGN_STATUSAlwaysn/aAlways
    DIGIPASSFLD_AUTO_EXECUTEn/aAlwaysn/a
    DIGIPASSFLD_BACKUP_VDP_ENABLEDIf definedn/aIf defined
    DIGIPASSFLD_CREATE_TIMEAlwaysn/aAlways
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYIf definedn/aIf defined
    DIGIPASSFLD_DOMAINAlwaysn/aAlways
    DIGIPASSFLD_DPSOFT_PARAMS_IDIf definedn/aIf defined
    DIGIPASSFLD_DPTYPEAlwaysn/aAlways
    DIGIPASSFLD_LAST_ACTIV_TIMEIf definedn/aIf defined
    DIGIPASSFLD_MODIFY_TIMEAlwaysn/aAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf definedn/aIf defined
    DIGIPASSFLD_PENDING_OPERATION_IDn/aAlwaysn/a
    DIGIPASSFLD_SERNOAlwaysn/aAlways

    Requirements

    Required administrative privileges:

    • Unassign DIGIPASS

    DIGIPASSCMD_MOVE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_MOVE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_NEW_DOMAINMandatory
    DIGIPASSFLD_NEW_ORGANIZATIONAL_UNITOptional
    DIGIPASSFLD_ORGANIZATIONAL_UNITOptional
    DIGIPASSFLD_SERNOMandatory

    This command returns no result attributes.

    DIGIPASSCMD_SET_EXPIRATION

    DIGIPASSCMD_SET_EXPIRATION sets the authenticator expiration and/or start date.

    Parameters

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_SET_EXPIRATION (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINMandatory
    DIGIPASSFLD_EXPIRATION_TIMEOptional
    DIGIPASSFLD_SERNOMandatory
    DIGIPASSFLD_START_TIMEOptional

    DIGIPASSFLD_EXPIRATION_TIME and DIGIPASSFLD_START_TIME are each optional, but either DIGIPASSFLD_EXPIRATION_TIME, DIGIPASSFLD_START_TIME, or both must be specified.

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_SET_EXPIRATION (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_EXPIRATION_TIMEIf defined
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_SERNOAlways
    DIGIPASSFLD_START_TIMEIf defined

    Requirements

    Required administrative privileges:

    • Set DIGIPASS Expiration

    DIGIPASSCMD_RESET_ACTIVATION

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_RESET_ACTIVATION (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_RESET_ACTIVATION (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_ACTIV_COUNTIf defined
    DIGIPASSFLD_ACTIV_LOCATIONSIf defined
    DIGIPASSFLD_ACTIVE_APPL_NAMESAlways
    DIGIPASSFLD_ACTIVE_APPL_TYPESAlways
    DIGIPASSFLD_ASSIGN_STATUSAlways
    DIGIPASSFLD_ASSIGNED_DATEIf defined
    DIGIPASSFLD_ASSIGNED_USERIDIf defined
    DIGIPASSFLD_BACKUP_VDP_ENABLEDIf defined
    DIGIPASSFLD_BACKUP_VDP_EXPIRESIf defined
    DIGIPASSFLD_BACKUP_VDP_USES_LEFTIf defined
    DIGIPASSFLD_CREATE_TIMEAlways
    DIGIPASSFLD_DIRECT_ASSIGN_ONLYIf defined
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_DPSOFT_PARAMS_IDIf defined
    DIGIPASSFLD_DPTYPEAlways
    DIGIPASSFLD_GRACE_PERIOD_EXPIRESIf defined
    DIGIPASSFLD_LAST_ACTIV_TIMEIf defined
    DIGIPASSFLD_MODIFY_TIMEAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_SERNOAlways

    DIGIPASSCMD_GENERATE_ACTIVATION_DATA

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_GENERATE_ACTIVATION_DATA (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_GENERATE_ACTIVATION_DATA (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_EVENT_REACTIVATION_COUNTERIf defined
    DIGIPASSFLD_FULL_ACTIVATION_DATAIf defined
    DIGIPASSFLD_QR_CODEIf defined
    DIGIPASSFLD_SERNOAlways

    DIGIPASSCMD_SEND_ACTIVATION_DATA

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_SEND_ACTIVATION_DATA (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DELIVERY_METHODMandatory (see below)
    DIGIPASSFLD_DESTINATIONMandatory (see below)
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_MDC_PROFILEOptional (see below)
    DIGIPASSFLD_SERNOMandatory

    DIGIPASSFLD_DELIVERY_METHOD and DIGIPASSFLD_DESTINATION are mandatory input fields unless you are using the Tcl Command-Line Administration tool. If you are using the Tcl Command-Line Administration tool, those fields can be left blank, and the settings will be derived from the default values specified in the user and policy configuration.

    If DIGIPASSFLD_MDC_PROFILE is not specified, DIGIPASSCMD_SEND_ACTIVATION_DATA uses the MDC profile specified in the user profile. If the user profile has no explicit MDC profile specified, the MDC profile specified in the effective policy is used (effective for the administrator currently logged on). If the effective policy has no explicit MDC profile specified, Message Delivery Component (MDC) uses the default MDC profile order as configured in the MDC configuration.

    If DIGIPASSFLD_MDC_PROFILE is specified as null-value using attributeOptions (see Table: DigipassAttribute (Data type)), the default MDC profile order as configured in the MDC configuration is used. In this case, any MDC profile settings specified in the user profile or the effective policy are ignored.

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_SEND_ACTIVATION_DATA (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINIf defined
    DIGIPASSFLD_RESULT_CODEIf defined
    DIGIPASSFLD_RESULT_MESSAGEIf defined
    DIGIPASSFLD_SERNOAlways

    DIGIPASSCMD_BIND_DEVICE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_BIND_DEVICE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DERIVATION_CODEMandatory
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    This command returns no result attributes.

    DIGIPASSCMD_UNBIND_DEVICE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_UNBIND_DEVICE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    This command returns no result attributes.

    DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE (Supported input parameters)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_REQUEST_MESSAGEAlways
    DIGIPASSFLD_SERNOAlways

    DIGIPASSCMD_ADD_DEVICE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_ADD_DEVICE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DEVICE_CODEMandatory
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_ADD_DEVICE (Supported output attributes)
    Attribute nameReturnedRemarks
    DIGIPASSFLD_APPL_NAMEIf definedDIGIPASSFLD_APPL_NAME must be used together with DIGIPASSFLD_REQUEST_KEY, i.e. both attributes are either present (Secure Channel support) or missing (no Secure Channel support).
    DIGIPASSFLD_DEVICE_TYPEAlways 
    DIGIPASSFLD_DOMAINAlways 
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined 
    DIGIPASSFLD_REQUEST_KEYIf definedDIGIPASSFLD_REQUEST_KEY must be used together with DIGIPASSFLD_APPL_NAME, i.e. both attributes are either present (Secure Channel support) or missing (no Secure Channel support).
    DIGIPASSFLD_REQUEST_MESSAGEAlways 
    DIGIPASSFLD_SERNOAlways 

    DIGIPASSCMD_DEACTIVATE

    The following attributes can be specified in the attributeSet input parameter of this command:

      Table: DIGIPASSCMD_DEACTIVATE (Supported input attributes)
    Attribute nameOptionality
    DIGIPASSFLD_DOMAINOptional
    DIGIPASSFLD_SERNOMandatory

    The following attributes will be specified in the results output parameter of this command:

      Table: DIGIPASSCMD_DEACTIVATE (Supported output attributes)
    Attribute nameReturned
    DIGIPASSFLD_DOMAINAlways
    DIGIPASSFLD_ORGANIZATIONAL_UNITIf defined
    DIGIPASSFLD_REQUEST_MESSAGEAlways
    DIGIPASSFLD_SERNOAlways
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle