Login
    Contenu x
    syncTokenAndHost (Command)
    • 16 Dec 2024
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    syncTokenAndHost (Command)

    • Mis à jour le 16 Dec 2024
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Availability: OneSpan Authentication Server 3.22 and later

    Scenario: Authentication (SSM, HSM)

    The syncTokenAndHost command synchronizes the server time with the authenticator time, or the server event counter with the authenticator event counter. It supports MDL authenticator instances and hardware authenticators. The synchronization requires two consecutive authenticator responses. The authenticator responses must either be Response-Only or 1-step Challenge/Response. 2-step Challenge/Response is not supported.

    The respective user account must not be expired or locked, user auto-unlock is not supported by this command. However, if the responses are invalid, the user lock count is increased and the user account can get locked!

    Only one authenticator can be synchronized at a time, but all authenticator applications of the authenticator will be synchronized. The authenticator and the authenticator applications must be allowed by the effective policy and must not be expired.

    Parameters

      Table: syncTokenAndHost input parameters
    Parameter nameData typeDescription
    componentTypeStringRequired. The component to use to serve this command.
    userUserInputRequired. Specifies the user who owns the authenticator (see Table: UserInput (Data type)). The user account must be active and must not be locked.
    credentialMultiCredentialInputRequired. The user credentials.
      Table: syncTokenAndHost output parameters
    Parameter nameData typeDescription
    statusCommandStatusResponse

    Required. The error stack, if applicable, which indicates that the command has not completed successfully. This also includes the result and status codes returned by the command.

    resultSyncTokenAndHostResultRequired. The output field for this command.

    UserInput (Data type)

      Table:  UserInput (Data type)
    Element nameData typeDescription
    userIDStringThe user ID.
    domainStringOptional. The user domain.

    MultiCredentialInput (Data type)

      Table: MultiCredentialInput (Data type)
    Element nameData typeDescription
    otp1DigipassMultiCredentialInputRequired. The first authenticator response, either Response-Only or 1-step Challenge/Response.
    otp2DigipassMultiCredentialInputRequired. The second authenticator response, either Response-Only or 1-step Challenge/Response.
    serialNumberStringOptional. The serial number of the authenticator to synchronize. The authenticator must be allowed by the effective policy and must not be expired. Can be omitted if the user has exactly one authenticator assigned.
    pinStringOptional. The server PIN of the authenticator if used.

    DigipassMultiCredentialInput (Data type)

      Table: DigipassMultiCredentialInput (Data type)
    Element nameData typeDescription
    responseStringRequired. The generated one-time password (OTP).
    challengeString

    Optional. The challenge generated for a 1-step Challenge/Response operation.

    Choice element, only challenge or challengeKey can be present.

    challengeKeyString

    Optional. The key referring to the generated challenge generated for a 2-step Challenge/Response operation. Not supported by syncTokenAndHost.

    Choice element, only challenge or challengeKey can be present.

    SyncTokenAndHostResult (Data type)

      Table: SyncTokenAndHostResult (Data type)
    Element nameData typeDescription
    userUserOutputThe returned user information (see Table: UserOutput (Data type)).
    credentialsCredentialOutputThe serial number of the used authenticator.

    UserOutput (Data type)

      Table:  UserOutput (Data type)
    Element nameData typeDescription
    userIDStringThe resolved user ID.
    domainStringThe user domain.
    orgUnitStringOptional. The organizational unit of the user.

    CredentialOutput (Data type)

      Table: CredentialOutput (Data type)
    Element nameData typeDescription
    serialNumberStringOptional. The serial number of the authenticator used for the operation.

    Example

     

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication">
  <soapenv:Header/>
  <soapenv:Body>
    <aut:syncTokenAndHost>
      <componentType>Authentication Sample Client</componentType>
      <user>
        <userID>Jane Doe</userID>
        <domain>Master</domain>
      </user>
      <credential>
        <opt1>
          <response>123456</response>
        </otp1>
        <opt2>
          <response>654321</response>
        </otp2>
        <serialNumber>1234567890</serialNumber>
      </credential>
    </aut:syncTokenAndHost>
  </soapenv:Body>
</soapenv:Envelope>
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle