SOAP Handler

For ease of use and clarity, the SOAP wrapper maps a subset of the commands defined in the OneSpan Authentication Server WSDL files.

The following handlers are defined:

• Authentication handler

  • Get 1-step challenge
  • Authenticate user
  • Cancel authenticate user
  • Change PIN for Response-Only user
  • Update the user’s static password
  • Change the user's Active Directory static back-end password
  • Get secure challenge
  • Get prepared secure challenge

• Signature handler

  • Get signing request
  • Authenticate signatures
  • Generate virtual signature

• EMV-CAP authentication handler

  • Authenticate user

• Provisioning handler

  • Register and activate Mobile Authenticator Studio
  • Register, add device and activate MDL
  • Update the DIGIPASS Push Notification Identifier (PNID) of a device
  • Upgrade the mobile authenticator app to support push notifications

• Administration handler

  • Logon – Static password, response only, first stage Challenge/Response
  • Logon – Challenge/Response second stage
  • Logon – Challenge/Response second stage with man-in-the-middle (MITM) attack prevention
  • Logoff

• Domain handler

  • Create, delete, search and update commands

• User handler (handles all user-related commands)

  • Update, view, create and delete commands
  • Search command
  • Static password change and reset
  • Administrative privileges retrieval and modification
  • Move users from one domain to another
  • Link/unlink a user to another user’s authenticator

• Authenticator handler (handles all commands related to the authenticator container)

  • Update, view, create and delete commands
  • Search command
  • Retrieve all applications defined for a given authenticator
  • Assign/unassign authenticator
  • Move authenticators from one domain/organizational unit to another
  • Reset authenticator
  • Multi-device licensing and activation
  • Deactivate

• Authenticator application handler

  • Update, view, create and delete commands
  • Search command
  • PIN code change and reset
  • Generate virtual OTP
  • Reset application
  • Reset error counter
  • Modify event counter
  • Test application (Response-Only, Challenge/Response, and signature)
  • Unlock application
  • Retrieve application information
  • List all applications for a given authenticator
  • Activate/deactivate application
  • Enable/Disable PIN

• Report handler

  • View report
  • Search for reports

• Report format handler

  • Create report format
  • Delete report format
  • View a report format
  • Update a report format

• DIGIPASS export file (DPX) handler

  • Upload a DPX file
  • Import a DPX file
  • Query the import status of a DPX file
  • Stop the import of a DPX file

• User file handler

  • Upload a user import file
  • Import a user import file
  • Stop the import of a user import file
  • Query the import status of a user import file

• Key handler

  • View cryptographic key details
  • Create a cryptographic key
  • Delete a cryptographic key
  • Update a cryptographic key
  • Rotate a cryptographic key
  • Abort cryptographic key rotation
  • Query status of cryptographic key rotation

• Report file handler

  • View report file
  • Query report file
  • Delete report file
  • Download report file
  • Take ownership of report file
  • Change ownership of report file

• Report field handler

  • View report field
  • Create report field
  • Update report field
  • Query report field

• Task handler

  • View task
  • Update task
  • Delete task
  • Cancel task
  • Resume task
  • Suspend task
  • Query task

• Pending operation handler

  • Approve pending operation
  • Reject pending operation
  • Delete pending operation
  • Query pending operation
  • View pending operation

The wrapper employs a failover system. As such, two SOAP servers can be defined in the configuration. If the primary server fails to respond, an attempt will be made with the second one. If the second one isn’t available either, the request is dismissed and the relevant error code is returned.

Responses

All object methods return high level objects that wrap the server’s response.

Object model

OneSpan Authentication Server entities (e.g. users, authenticators, authenticator application) are wrapped by business objects. The business objects are essentially containers for the entities’ properties and in order to be flexible and support future evolution, the properties of these objects are mapped to their WSDL enumeration value.

This permits building the object directly from the SOAP response without any further processing, as well as serializing the object directly to its SOAP equivalent, without any processing. These properties can be accessed using a specialized getter, e.g. getUserID(). To set these properties, use a specialized setter, e.g. setUserID(String userID).

Correlation ID

OneSpan Authentication Server Authentication SDK supports the use of a correlation ID, also known as the transit ID. This correlation ID contains a unique identifier value which is attached to requests and messages to designate a particular transaction or event. The interfaces of all commands listed in SOAP handler have been extended with an optional parameter of the HTTPHeaderParameters class to support the use of a correlation ID.