Login
    Contents x
    Integrate post-activation
    • 23 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF
    Contents

    Integrate post-activation

    • Updated on 23 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    • PDF
    Article summary

    Post-activation scenarios

    The post-activation scenarios are used to inform the authentication server that Mobile Authenticator Studio is fully operational. A post-activation scenario consists in submitting an authenticator response to the server for validation. Once the server has successfully validated the authenticator response, it has evidence that Mobile Authenticator Studio has been correctly activated.

    The cryptographic application used to generate the authenticator response can operate the following authentication modes:

    • RO (Response-Only). To verify the authenticator response generated by an application with RO as authentication mode, the AAL2VerifyPassword() function of the OneSpan Authentication Server Framework API must be used with an empty challenge.

    • CR (Challenge/Response). To use a Challenge/Response cryptographic application, Mobile Authenticator Studio must receive a challenge during its activation scenario. To verify the authenticator response, the AAL2VerifyPassword() function of the OneSpan Authentication Server Framework API must be used with the challenge provided during the activation scenario.

    • SC (Secure Channel). The authenticator response generated by a Secure Channel application is the signature of Activation Message 2. The validation of the authenticator response generated by a Secure Channel application must be done using the AAL2VerifyMessageSignature() function of the OneSpan Authentication Server Framework API.

    • MM (multi-mode). The multi-mode applications are used as Response-Only application, unless they are secure-channel-capable.

    Post-activation scenario 1

    Post-activation scenario 1 consists of generating an authenticator response and displaying it to the user. This scenario succeeds completely offline.

    Post-activation – Scenario 1 (Overview)

    Post-activation – Scenario 1 (overview)

    Example

    1. <PostActivation cryptoAppIndex="4">

    2.  <OfflinePostActivation displaySerialNumber="true"responsePattern="XXXXXX"hostCodePattern="XXXXXX"centered="true" />

    3.  ...

    4. </PostActivation>

    Post-activation scenario 2

    Post-activation scenario 2 consists in sending the authenticator response to an authentication server without any user interaction.

    Post-activation – Scenario 2 (Overview)

    Post-activation – Scenario 2 (overview)

    Post-activation request

    1. <PostActivation cryptoAppIndex="4">

    2.  <OnlinePostActivation destroyOnFailure="true||false"

    3. displayMessageOnSuccess="true||false">

    4.    <URL method="GET"value="http://MY_DOMAIN_NAME/MY_WEB_SERVICE?registrationIdentifier=%_RegistrationIdentifier_%&amp;otp=%_OTP_% &amp;deviceIdentifier=%_DeviceIdentifier_%&amp;version=%_Version_%" />

    5.  </OnlinePostActivation>

    6.  ...

    7. </PostActivation>

    The URL can use the HTTP POST or GET methods. For more information about URL customization, refer to the Mobile Authenticator Studio Customization Guide.

    HTTP(S) post-activation request parameters

    Parameter name

    Description

    RegistrationIdentifier

    The identifier provided by the user via the online activation screen of the Mobile Authenticator Studio app.

    Format: Alphanumeric string, limited to 40 characters

    SerialNumber

    The authenticator license serial number.

    Format: Alphanumeric string of 10 characters

    OTP

    A one-time password (OTP) generated by the cryptographic application defined by cryptoAppIndex attribute of the PostActivation element. The length and format of the one-time password (OTP) are defined in the static vector received in the encrypted full activation data (XFAD).

    Version

    The version of the application binary as defined when configuring the application.

    DeviceIdentifier

    The device-unique identifier.

    Format: String of 64 hexadecimal characters

    RootingStatus

    The status indicating whether the device is rooted, either true or false according to the device state.

    Post-activation response

    The response expected by Mobile Authenticator Studio must be formatted as described in the DTD:

    1. <!ELEMENT DP4Mobile (Activation?,PendingTransactions?)>

    2. <!ATTLIST DP4Mobile retCode CDATA #REQUIRED>

    3. <!ATTLIST DP4Mobile message CDATA #REQUIRED>

    4. <!ATTLIST DP4Mobile serverTime CDATA #IMPLIED>

    Example

    1. <?xml version="1.0"encoding="UTF-8"?>

    2. <DP4Mobile retCode="0"message="Operation Successful" />

    Post-activation response attributes

    Attribute name

    Description

    //DP4Mobile/@retCode

    Required. The return code associated with the post-activation request. 0 means success, any other value will cause the message attribute value to be displayed and the activation transaction to stop.

    //DP4Mobile/@message

    Required. The return message associated with the post-activation request. This value will be displayed by the application if not 0.

    //DP4Mobile/@serverTime

    Optional. This is the current server GMT time. This value will be used by the application to silently set the drift between device and server time to keep the application synchronized.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant