Login
    Contenu x
    User Authentication: getChallenge Operation
    • 11 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    User Authentication: getChallenge Operation

    • Mis à jour le 11 Dec 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The getChallenge operation sends a requests to OneSpan Authentication Server to generate a server challenge. The returned challenge could then be used for a one-step Challenge/Response user authentication.

    Two types of server challenges can be generated with the getChallenge operation:

    1. General server challenge. A server challenge not tied to a specific user.
    2. User-specific server challenge.

    For this operation to succeed, the following administrative tasks should be performed in OneSpan Authentication Server:

    To configure OneSpan Authentication Server for getChallenge operations

    1. Define an authentication policy that supports the generation of a 1-step server-based challenge.
    2. Register a client application, assigning the newly defined authentication policy.
    3. Import authenticators supporting Challenge/Response (CR) user authentication.
    4. Define users and assign the authenticators.

    To execute a getChallenge operation, the registered client application should send a getChallenge SOAP command to OneSpan Authentication Server (see getChallenge SOAP request structure).

    In order for OneSpan Authentication Server to generate a server challenge, the getChallenge command should specify the CREDFLD_COMPONENT_TYPE credential attribute. This credential field attribute indicates the client application type.

    For user-specific server challenges, the getChallenge command should specify the CREDFLD_COMPONENT_TYPE and CREDFLD_USERID credential attributes. The latter is the user ID for which a server challenge should be generated.

    A client application with component type SOAP Auth Client will typically send the following SOAP command to request a challenge for user test1:

    <soapenv:Envelope
  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication">
  <!-- ... Additional namespace declarations -->
  <soapenv:Header/>
  <soapenv:Body>
    <aut:getChallenge>
      <credentialAttributeSet>
        <attributes>
          <valuexsi:type="xsd:string">SOAP Auth Client</value>
          <attributeID>CREDFLD_COMPONENT_TYPE</attributeID>
        </attributes>
        <attributes>
          <valuexsi:type="xsd:string">test1</value>
          <attributeID>CREDFLD_USERID</attributeID>
        </attributes>
      </credentialAttributeSet>
    </aut:getChallenge>
  </soapenv:Body>
</soapenv:Envelope>

    This would generate the following getChallenge SOAP response:

    <soapenv:Envelope
  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
  xmlns:xsd="http://www.w3.org/2001/XMLSchema"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication">
  <soapenv:Header/>
  <soapenv:Body>
    <aut:getChallengeResponse>
      <resultsxsi:type="CREDENTIAL-TYPES:CredentialResults">
        <resultCodesxsi:type="BASIC-TYPES:ResultCodes">
          <returnCodeEnum>RET_SUCCESS</returnCodeEnum>
          <statusCodeEnum>STAT_SUCCESS</statusCodeEnum>
          <returnCode>0</returnCode>
          <statusCode>0</statusCode>
        </resultCodes>
        <resultAttributexsi:type="CREDENTIAL-TYPES:CredentialAttributeSet">
          <attributesxsi:type="CREDENTIAL-TYPES:CredentialAttribute">
            <valuexsi:type="xsd:string">32792</value>
            <attributeID>CREDFLD_CHALLENGE</attributeID>
          </attributes>
          <attributesxsi:type="CREDENTIAL-TYPES:CredentialAttribute">
            <valuexsi:type="xsd:string">862532550</value>
            <attributeID>CREDFLD_CHALLENGE_KEY</attributeID>
          </attributes>
        </resultAttribute>
        <errorStackxsi:type="BASIC-TYPES:ErrorStack"/>
      </results>
    </aut:getChallengeResponse>
  </soapenv:Body>
</soapenv:Envelope>

    In this example, the result attribute CREDFLD_CHALLENGE_KEY specifies the challenge identifier used by OneSpan Authentication Server. A Challenge/Response authentication operation for this challenge should add this attribute to its authentication request.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle