Execute Operations (SOAP API)

An execute operation is a SOAP operation to perform administrative actions on specified objects that exist within the OneSpan Authentication Server data model. Each administrative SOAP operation requires service user credentials or a successful administrative logon.

OneSpan Authentication Server provides an administrative session identifier (sessionID) as a response to a successful administrative logon request. Alternatively, when working with service users, the sessionID value is constructed using the service user’s credentials. Each administrative operation on the OneSpan Authentication Server requires the sessionID.

Execute operations are either executed immediately, or scheduled and effectively executed only after approval via maker–checker authorization.

Immediate execution

Immediate execution means that the operation is performed instantly when the request is submitted. This is the regular execution mode.

To perform an execute operation via SOAP immediately

1. Create a SOAP request for the object upon which you want to perform an operation.
2. Specify the administrative session identifier (sessionID) in the SOAP request.
3. Specify the command you want to execute in the SOAP request.
4. Specify one or more attributes as parameters for the SOAP operation. Attributes are key/value pairs.

5. Import the OneSpan Authentication Server SSL server certificate as trusted root certificate on the machine where your client application is running.

   This will allow your SOAP client application to connect to OneSpan Authentication Server securely via SSL.

6. Send the SOAP request to OneSpan Authentication Server. By default, the SOAP request should be transmitted over HTTPS with the OneSpan Authentication Server.

   By default, OneSpan Authentication Server is configured to accept SOAP requests on port 8888.

7. Receive the SOAP response.
8. Process the SOAP response.

For more information about the structure of SOAP messages, see SOAP message structure (SDK SOAP API).

Execution using maker–checker authorization

If maker–checker authorization is enabled, an execute operation is not executed immediately. It is deferred and can only be executed after approval by another administrator.

In this case, the execute operation is to be performed twice:

1. The operation is performed as usual (see Immediate execution), but additionally passing information about the approving administrator, i.e. the *_CHECKER_USERID and *_CHECKER_DOMAIN parameters.

   The operation is scheduled and returns a pending operation identifier (POID) to identify the scheduled operation. The approving administrator receives a notification to either approve or reject the pending operation using approvePendingOperation or rejectPendingOperation, respectively.

   The maker administrator can pass an auto-execution parameter (*_AUTO_EXECUTE). If set to true, the pending operation will be executed automatically on behalf of the maker administrator upon approval by the checker administrator. In that case, the next step is performed implicitly.

2. Once the pending operation has been approved and auto-execution is not set, the execute operation is performed a second time, this time passing the POID.

   The pending operation is executed normally.