Login
    Contenu x
    SOAP Authentication Wrappers
    • 21 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    SOAP Authentication Wrappers

    • Mis à jour le 21 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The Authentication component is used to validate one-time password (OTP) values. This component implements a system similar to load balancing, which means that two SOAP servers can be defined in a configuration. If the primary server fails to respond, an attempt will be made with the second one. If the second one fails to respond too, the request is dismissed and the relevant error code is returned.

    The AuthenticationBean maps all commands defined in the OneSpan Authentication Server authentication WSDL file.

    All methods return high-level objects that wrap the server’s response. All those objects are subclasses of the IdentikeyResponse, which defines methods common to all objects. For a list of different methods defined by this class, see Overview of SOAP wrappers.

    The authentication commands return an AuthenticationCommandResponse object that wraps the server’s response.

    1-step Challenge/Response

    There is no default policy for the 1-step Challenge/Response option. This means that a policy must be edited to successfully allow this option to work.

    The SDK Authentication client uses the Authentication Sample Client client component, which is linked to the Identikey Local Authentication policy by default. The Identikey Local Authentication policy must be configured accordingly to allow 1-step Challenge/Response.

    To configure OneSpan Authentication Server to allow 1-step Challenge/Response

    1. Launch the Administration Web Interface.
    2. Navigate to the Policies tab and list the policies.
    3. Select the IDENTIKEY Local Authentication policy.
    4. In the Challenge tab, set 1-Step Challenge/Response to Yes – Server Challenge.
    5. In the DP Control Parameters tab, set Challenge Check Mode to 0 – No Challenge Check.

    SOAP authentication wrapper code samples for Java: Response-only

    The following code sample shows what you need to include in your webpage if you want to incorporate OneSpan Authentication Server Response-Only authentication.

    <%@ page import="com.vasco.identikey.model.Credentials" %>
<%@ page import="com.vasco.identikey.controller.authentication.AuthenticationCommandResponse" %>

<jsp:useBean id="authenticationBean" class="com.vasco.identikey.controller.authentication.AuthenticationBean" scope="page" />

<%
  // Credentials have been provided, now perform the request
  String userID = request.getParameter("CREDFLD_USERID");
  String domain = request.getParameter("CREDFLD_DOMAIN");
  String pin = request.getParameter("CREDFLD_CURRENT_PIN");
  String dpResponse = request.getParameter("CREDFLD_DP_RESPONSE");
  String password = request.getParameter("CREDFLD_STATIC_PASSWORD");
  Boolean rhc = Boolean.valueOf("on".equals(request.getParameter("CREDFLD_REQUEST_HOST_CODE")));
  Credentials.RequestHostCode reqHostCode = rhc ? Credentials.RequestHostCode.Required : Credentials.RequestHostCode.Optional;

  // Execute the command
  AuthenticationCommandResponse results = authenticationBean.authUser(domain, userID, pin, dpResponse, password, reqHostCode);

  if (results.getReturnCode() == 0) {
%>
    <p>OTP Verification Succeeded</p>
<%
  }
%>

    If you want to include other functionality, go to the sdk_install_dir/Java/src/SampleSite/src/main/webapp/jsp/authentication folder and use the code from the files in there. All the file names identify the function of the code in the file.

    SOAP authentication wrapper code sample for Java: Secure channel authentication

    The Secure Channel authentication consists of two steps:

    • Getting secure challenge
    • Authenticating user

    Below are code samples that need to be included in the webpages where the OneSpan Authentication Server Secure Channel authentication is to be integrated.

    To use Secure Channel authentication, add a client component (Authentication with Secure Channel Sample Client) with the Identikey Authentication with Secure Channel policy and configure the SDK as described here to use this component for Secure Channel authentication.

    To use Secure Channel authentication, the following code element must be set in the controller.properties file:

    component.type.authentication.secure_channel = Authentication with Secure Channel Sample Client

    Code sample: Getting secure challenge

    <%@ page import="com.vasco.identikey.model.Credentials" %>
<%@ page import="com.vasco.identikey.controller.IdentikeyError" %>
<%@ page import="com.vasco.identikey.controller.authentication.AuthenticationCommandResponse" %>
<%@ page import="org.w3._2001.xmlschema.UnsignedInt" %>

<jsp:useBean id="authenticationBean" class="com.vasco.identikey.controller.authentication.AuthenticationBean" scope="page" />

<%
  // Authentication details have been provided, now perform the request
  String userID = request.getParameter("CREDFLD_USERID");
  String domain = request.getParameter("CREDFLD_DOMAIN");
  String serialNo = request.getParameter("SIGNFLD_SERIAL_NO");
  String challengeMessage = request.getParameter("CREDFLD_CHALLENGE_MESSAGE");
  String transactionTitle = request.getParameter("CREDFLD_TRANSACTION_TITLE");
  String requestBody = request.getParameter("CREDFLD_REQUEST_BODY");

  // Execute getSecureChallenge command
  AuthenticationCommandResponse results = authenticationBean.getSecureChallenge(userID, domain, serialNo, challengeMessage, transactionTitle, requestBody);

  if (results.getReturnCode() == 0) {
    Credentials credentials = results.getResults();
    String requestMessage = credentials.getRequestMessage();
    String challengeKey = credentials.getChallengeKey();
  }
  ...
%>

<!-- Generate cronto image from RequestMessage -->
<img id="crontoImage" class="image-centered" alt="Request Message" title="Request Message" src="data:image/png;base64,<%= credentials.getRequestMessageImage(6) %>"/>

    Code sample: Authenticating user

    <%@ page import="com.vasco.identikey.model.Credentials" %>
<%@ page import="com.vasco.identikey.controller.IdentikeyError" %>
<%@ page import="com.vasco.identikey.controller.authentication.AuthenticationCommandResponse" %>

<jsp:useBean id="authenticationBean" class="com.vasco.identikey.controller.authentication.AuthenticationBean" scope="page" />

<%
  // Retrieve the request parameters
  String userID = request.getParameter("CREDFLD_USERID");
  String domain = request.getParameter("CREDFLD_DOMAIN");
  String challengeKey = request.getParameter("CREDFLD_CHALLENGE_KEY");
  String requestSignature = request.getParameter("CREDFLD_PASSWORD");

  // Execute the authentication command
  AuthenticationCommandResponse results = authenticationBean.authUser(domain, userID, challengeKey, requestSignature);

  if (results.getReturnCode() == 0) {
    // Secure challenge authentication succeeded.
    Credentials credentials = results.getResults();
  }
%>
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle