Mobile Authenticator Studio 4.0 Configuration

To enable certain features of Mobile Authenticator Studio 4.0 with OneSpan Authentication Server, some changes to the Mobile Authenticator Studio configuration file are required.

The Mobile Authenticator Studio configuration file can be found at:

MAS_install_folder\dp4mobile\4.0\tools\Customization Tool\input\xml\DIGIPASS.xml

Authenticators must be registered and assigned before any of the following actions can be processed successfully.

Static vector

The static vector in the configuration file will have to be updated using the contents of the install_dir\dpx\Demo_DP4Mobile40.svf file. The static vector contained in the configuration file is a placeholder only and MUST be changed before any Mobile Authenticator Studio functions will work.

User principal name (UPN)

The user principal name used in Mobile Authenticator Studio 4.0 with OneSpan Authentication Serverhas no fixed format. You may use whatever format suits your requirements.

Advanced online activation

Advanced online activation for Mobile Authenticator Studio allows the use of the following features:

• Advanced registration (including server generated ID and activation password)
• Advanced generateActivationData
• Online post activation (derivation or OTP)
• Can also support manual post activation using derivation code
• Standard response-only, challenge/response, signature authentication
• Online signature authentication (requires registration UPN)

To configure Mobile Authenticator Studio 4.0 advanced online activation for the OneSpan Authentication Server SDK, the following settings need to be amended:

Online activation settings

• enabled = "true"
• advancedMode = "true"
• useRegistrationIdentifier = "true"
• useActivationPassword = "true"
• checksumOnActivationPassword = "false"
• useAuthorizationCode = "false"
• checksumOnAuthorizationCode = "false"
• useUserIdentifier = "true"

Refer to the example below for the format and settings required. Pay special attention to the format of the sample URLs and use the correct one for your programming language.

DSAPP online authentication

1. enabled = true

2. advancedMode = true, use DSAPP (DIGIPASS Software Advanced Provisioning Protocol)

3. useRegistrationIdentifier = true, server generated identifier, based on new Provisioning Scenario configuration

4. useActivationPassword = true, server generated activation password, based on new Provisioning Scenario configuration

5. useUserIdentifier = true, SDK provided UPN user@domain

6. <OnlineActivation enabled="true" advancedMode="true" useRegistrationIdentifier="true" useActivationPassword="true" checksumOnActivationPassword="false" useAuthorizationCode="false" checksumOnAuthorizationCode="false" useUserIdentifier="true">

Java sample URL

<URL method="GET" value="http://ADDRESS:8080/OASSampleSite/jsp/provisioning/dp4mobile/DSAPPgenerateActivationData.jsp?registrationIdentifier=%_RegistrationIdentifier_%&amp;publicKey=%_PublicKey_%&amp;initialVector=%_InitialVector_%"/>

ASP.NET sample URL

<URL method="GET" value="http://ADDRESS:8080/OASSampleSite/jsp/provisioning/dp4mobile/DSAPPgenerateActivationData.aspx?registrationIdentifier=%_RegistrationIdentifier_%&amp;publicKey=%_PublicKey_%&amp;initialVector=%_InitialVector_%"/>

Standard online activation

Standard online activation for Mobile Authenticator Studio allows the use of the following features:

• Standard registration (serialno. suffix ID and SDK generated custom encryption activation password)
• Get activation code (from the SDK)
• Online post activation
• Standard response-only, challenge/response, signature authentication
• No automatic online signature support
• No UPN provided in the register/activation process, however it can be configured directly in the phone.

To configure Mobile Authenticator Studio 4.0 advanced online activation for the OneSpan Authentication Server SDK, the following settings need to be amended:

Online Activation Settings

• enabled = "true"
• advancedMode = "false"
• useRegistrationIdentifier = "true"
• useActivationPassword = "true"
• checksumOnActivationPassword = "false"
• useAuthorizationCode = "false"
• checksumOnAuthorizationCode = "false"
• useUserIdentifier = "false"

Refer to the example below for the format and settings required. Pay special attention to the format of the sample URLs and use the correct one for your programming language.

Standard online authentication

1. enabled = true

2. advancedMode = false, use standard provisioning (custom encryption password)

3. useRegistrationIdentifier = true, stripped serial number i.e. VDS1000140 => 1000140

4. useActivationPassword = true, SDK generated password

5. useUserIdentifier = false, not supported by the SDK samples in this mode

6. <OnlineActivation enabled="true" advancedMode="false" useRegistrationIdentifier="true" useActivationPassword="true" checksumOnActivationPassword="false" useAuthorizationCode="false" checksumOnAuthorizationCode="false" useUserIdentifier="false">

Java sample URL

<URL method="GET" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/getActivationData.jsp?registrationIdentifier=%_RegistrationIdentifier_%"/>

ASP.NET sample URL

<URL method="GET" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/getActivationData.aspx?registrationIdentifier=%_RegistrationIdentifier_%"/>

Offline manual activation

Offline manual activation for Mobile Authenticator Studio allows the use of the following features:

• Manual assignment
• Manual getActivationCode via the Administration Web Interface or MDC
• Manual post activation using derivation code
• Standard response-only, challenge/response, signature authentication
• No automatic online signature support
• No UPN provided in the register/activation process, however it can be configured directly in the phone.

To configure Mobile Authenticator Studio 4.0 for offline manual activation for the OneSpan Authentication Server SDK, the following settings need to be amended:

Offline activation settings

• enabled = "true"
• useERC = "true"
• useUserIdentifier = "false

Offline manual activation

<OfflineActivation enabled="true" useERC="true" useUserIdentifier="false">

Offline QR code activation

Offline QRc ode activation for Mobile Authenticator Studio allows the use of the following features:

• Manual assignment
• Manual getActivationCode via the Administration Web Interface using QR code scan
• Manual post activation using derivation code
• Standard response-only, challenge/response, signature authentication
• No automatic online signature support
• No UPN provided in the register/activation process, however it can be configured directly in the phone.

To configure Mobile Authenticator Studio 4.0 for offline QR code activation for the OneSpan Authentication Server SDK, the following settings need to be amended:

Offline activation settings

• QRCodeActivation enabled="true"
• useActivationPassword="false"
• useERC = "false"
• useUserIdentifier = "false"
• displayQRCodeContent="false"

Offline QR code activation

<QRCodeActivation enabled="true" useActivationPassword="false" checksumOnActivationPassword="false" useERC="false" useUserIdentifier="false" displayQRCodeContent="false">

Post activation

DSAPP online post activation

To use online post activation using Digipass Software Advanced Provisioning Protocol (DSAPP) on Mobile Authenticator Studio 4.0, the following settings must be changed:

Post activation

• enabled = "true"
• derivation = "true"
• serverActivation = "true"
• cryptoAppIndex = "1"
• regenerate = "false"
• responsePattern = "XXXXXX" (provide the correct pattern)
• hostCodePattern = "XXXXXX" (provide the correct pattern)
• displaySerialNumber = "true"

DSAPP online post activation

1. enabled = true

2. derivation = true, Generate and activation using Derivation Code or false, Generate and activation using OTP. Either choice can be used, depending on your requirements.

3. serverActivation = true, Perform online activation

In this context the Advanced Provisioning SDK activation sample must be configured along with the required parameters:

<PostActivation enabled="true" derivation="true" serverActivation="true" cryptoAppIndex="1" regenerate="false" responsePattern="XXXXXX" hostCodePattern="XXXXXX" displaySerialNumber="true">

Java sample URL

<URL method="POST" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/DSAPPactivate.jsp">

ASP.NET sample URL

<URL method="POST" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/DSAPPactivate.aspx">

Required parameters

<PayloadParameter key="registrationIdentifier" value="%_RegistrationIdentifier_%" />

<PayloadParameter key="initialVector" value="%_InitialVector_%" />

<PayloadParameter key="serverNonce" value="%_Nonce_%" />

<PayloadParameter key="otp" value="%_OTP_%" />

<PayloadParameter key="derivationCode" value="%_DerivationCode_%" />

Online post activation

To perform post activation processes without using DSAPP, the following changes must be made:

Post activation

• enabled = "true"
• derivation = "false"
• serverActivation = "true"
• cryptoAppIndex = "1"
• regenerate = "false"
• response Pattern = "XXXXXX" (provide the correct pattern)
• hostCodePattern = "XXXXXX" (provide the correct pattern)
• displaySerialNumber = "true"

Online post activation

1. enabled = true

2. derivation = false, Generate and activation using OTP

3. serverActivation = true, Perform online activation

In this context the standard provisioning SDK activation sample must be configured along with the required parameters:

<PostActivation enabled="true" derivation="false" serverActivation="true" cryptoAppIndex="1" regenerate="false" responsePattern="XXXXXX" hostCodePattern="XXXXXX" displaySerialNumber="true" >

ASP.NET sample URL

<URL method="POST" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/activate.aspx">

Java sample URL

<URL method="POST" value="http://<ADDRESS>:8080/OASSampleSite/jsp/provisioning/dp4mobile/activate.jsp">

Required parameters

<PayloadParameter key="registrationIdentifier" value="%_RegistrationIdentifier_%" />

<PayloadParameter key="otp" value="%_OTP_%" />

Offline post activation

To perform post activation processes offline, the following changes must be made:

Post activation

• enabled = "true"
• derivation = "true"
• serverActivation = "false"
• cryptoAppIndex = "1"
• regenerate = "false"
• responsePattern = "XXXXXX" (provide the correct pattern)
• hostCodePattern = "XXXXXX" (provide the correct pattern)
• displaySerialNumber = "true"

Offline post activation

enabled = true

Server activation must be false

<PostActivation enabled="true" derivation="true" serverActivation="false" cryptoAppIndex="1" regenerate="false" responsePattern="XXXXXX" hostCodePattern="XXXXXX" displaySerialNumber="true" >

Post configuration

After the XML configuration file (DIGIPASS.xml) has been configured to your requirements, it is used as the input to the Mobile Authenticator Studio midlet customization tool.

Once the midlet has been generated, it must be placed in the correct location for the phone operating system type. Use the following directories:

• Default: sdk_install_folder/IdentikeySampleSite/provisioning/dp4mobile/pkg/
• For Java SDK where sample site is deployed under Tomcat installed by OneSpan Authentication Server: %PROGRAMFILES%\VASCO\Tomcat tomcat_version\webapps\IdentikeySampleSite\provisioning\dp4mobile\pkg\
• For ASP.NET: c:\inetpub\IdentikeySampleSite\provisioning\dp4mobile\pkg\

Place the midlet in the correct folder, according to the type:

• android/. For Android phones.
• blackberry/. For BlackBerry phones.
• midp/. For Java phones.
• wm/. For Windows mobile.

The provisioning process for iPhones is not the same as the process described above. For more information, refer to the Mobile Authenticator Studio 4.0 documentation.