SOAP Authentication (Overview)

The SOAP authentication interface exposes various authentication commands (see Table: SOAP authentication commands (Overview)).

Table: SOAP authentication commands (Overview)
Command	Description
authUser	Error codesPerforms a user authentication operation on OneSpan Authentication Server (see authUser (Command)).
cancelAuthUser	Cancels a pending user authentication based on Push Notification (see cancelAuthUser (Command)).
changeBackendPassword	The user can change the static Active Directory password with a configured back end for OneSpan Authentication Server via a user self-management website (see changeBackendPassword (Command)).
changeEncStatPwd	Deprecated. Changes the PIN and static password for a Digipass 110 authenticator (see changeEncStatPwd (Command)).
getChallenge	Requests the OneSpan Authentication Server to generate an authentication challenge, i.e. 1-step challenge (see getChallenge (Command)).
getPreparedSecureChallenge	Used during the Push Notification authentication workflow by the mobile application to fetch the secure challenge for the authentication process (see getPreparedSecureChallenge (Command)).
getSecureChallenge	Requests OneSpan Authentication Server to generate a request message that can be used to initiate an authentication process (see getSecureChallenge (Command)). Applies if Secure Channel is supported.
updatePassword	Performs a static password update operation on OneSpan Authentication Server (see updatePassword (Command)).

The SOAP authentication commands support different credential field attributes (see Table: SOAP authentication credential field attributes).

Table: SOAP authentication credential field attributes
Attribute name	Data type	Description
CREDFLD_ADMIN_PRIVILEGES	String	The administration privileges of the user. Up to 255 characters.
CREDFLD_AUTH_TYPE	String	Determines the authentication type. This is used to force a specific authentication workflow. If omitted, the authentication command uses its default behavior to determine the workflow type. Possible values: PUSH_NOTIFICATION. Triggers an authentication via push notifications (push and login). A keyword is not required in this case. SCAN. Triggers a scan and login workflow. A keyword is not required in this case.
CREDFLD_AUXILIARY_MESSAGE	String	The serialized error stack. Only specified if authuser request is not successful.
CREDFLD_CESPR	String	Deprecated. This is the change encrypted static password request generated by the Digipass 110 applet required for the changeEncStatPwd command.
CREDFLD_CHALLENGE	String	The challenge used to generate a response for challenge/response authentication.
CREDFLD_CHALLENGE_KEY	String	The challenge key used to refer to a challenge generated by OneSpan Authentication Server.
CREDFLD_CHALLENGE_MESSAGE	String	The message to be displayed to the end users asking them to use the returned challenge.
CREDFLD_COMPONENT_TYPE	String	SOAP client application identifier.
CREDFLD_CONFIRM_NEW_PIN	String	The confirmation of the new server PIN to be set.
CREDFLD_CONFIRM_STATIC_PASSWORD	String	The confirmation of the new static password to be set. Up to 255 characters.
CREDFLD_CONTROLLER_TYPE	String	SSM/HSM-Safenet
CREDFLD_CRYPTO_APP_INDEX	Unsigned Integer	The index of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can determine the application index with the DIGIPASSAPPLCMD_GETINFO command. Possible values: 1–n
CREDFLD_CRYPTO_APP_NAME	String	The name of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can retrieve the application names of an authenticator with the digipassapplQuery (Command) command. Up to 12 characters.
CREDFLD_CURRENT_PIN	String	The current server PIN to be changed.
CREDFLD_DIGIPASS		Input of authenticator credentials.
CREDFLD_DOMAIN	String	As output, the user's resolved domain will be specified. Up to 255 characters.
CREDFLD_DP_RESPONSE	String	The one-time password (OTP) generated by the authenticator (only used if CREDFLD_PASSWORD_FORMAT is set to 4).
CREDFLD_HOST_CODE	String	The host code, only returned if the corresponding attribute field was specified in the authentication request and the authentication has been successful.
CREDFLD_LOGICAL_ADMIN_PRIVILEGES	String	A comma-separated list of the assigned administrative privileges. Each administrative privilege is specified as follows: privilege_name [true\|false] For a list of possible values, see Table: Logical administrative privileges.
CREDFLD_NEW_PIN	String	The new server PIN to be set.
CREDFLD_NEW_STATIC_PASSWORD	String	The new static password to be set. Up to 255 characters.
CREDFLD_NOTIFY_GRACE_EXPIRE_DATE	Date
CREDFLD_NOTIFY_GRACE_PERIOD_EXPIRED	Boolean
CREDFLD_NOTIFY_PASSWORD_EXPIRE_DATE	DateTime	The date and time when the static password expires. Format: YYYY-MM-DDThh:mm:ssZ
CREDFLD_NOTIFY_PASSWORD_RANDOMIZE	Boolean
CREDFLD_NOTIFY_REQUIRE_PIN_CHANGE	Boolean
CREDFLD_NOTIFY_TOKEN_IS_ASSIGNED	Boolean
CREDFLD_ORGANIZATIONAL_UNIT	String	Indicates the user's resolved organizational unit. Up to 255 characters.
CREDFLD_PASSWORD	String	The combined password string (only if CREDFLD_PASSWORD_FORMAT is set to 0).
CREDFLD_PASSWORD_FORMAT	Unsigned Integer	Possible values: 0. Cleartext combined password format. 4. Different authentication elements are provided into separate parameters in cleartext.
CREDFLD_PLATFORM	String	Linux/Windows
CREDFLD_PRODUCT_NAME	String	The product name of the OneSpan Authentication Server instance.
CREDFLD_PRODUCT_VERSION	String	The product version of the OneSpan Authentication Server instance including the build number. Format: major.minor.patch.build
CREDFLD_REQUEST_BODY	String	The clear request body used to generate the challenge request message for an authentication process using Secure Channel. Applies if Secure Channel is supported. Up to 512 characters.
CREDFLD_REQUEST_HOST_CODE	String	Possible values: 0. No. 1. Optional. 2. Required. Only the number should be used.
CREDFLD_REQUEST_MESSAGE	String	The secure challenge request message. Applies if Secure Channel is supported. Up to 1070 hexadecimal characters.
CREDFLD_RESTRICT_ADMIN_PRIVILEGE_ASSIGNMENT	String
CREDFLD_SERIAL_NO	String	As input, the serial number of the authenticator to be used for the respective command. As output, the serial number of the authenticator (instance) that was used to perform the respective operation. Up to 255 characters.
CREDFLD_SERVER_LOCAL_TZ	String	Server local timezone.
CREDFLD_SESSION_ID	String	The session ID for a wireless RADIUS session. May be used for fast reconnect. Up to 255 characters.
CREDFLD_STATIC_PASSWORD	String	Only used if CREDFLD_PASSWORD_FORMAT is 4. Up to 255 characters.
CREDFLD_STATUS_MESSAGE	String	The reason of failure. Only specified if an authuser request is not successful.
CREDFLD_STORAGE_TYPE	String	ODBC/LDAP
CREDFLD_USER_ATTRIBUTE_GROUP	String	The user attribute group name for the attributes you want to be returned after a successful authentication. Up to 255 characters.
CREDFLD_USERID	String	The user ID as provided by the calling application (no specific format is required). As output, the resolved user ID will be specified. Up to 255 characters.
CREDLFD_SVR_PUBLIC_KEY	String	Server public key
CREDLFD_TRANSACTION_TITLE	String	The title of a secure challenge transaction. Applies if Secure Channel is supported. Up to 255 characters.

Table: Logical administrative privileges lists the available logical admin privileges.

Table: Logical administrative privileges
access_all_domains	access_domain	access_private_report
admin_logon	approve_reject_pending_operation	assign_digipass
axsguard_system_administration	bind_digipass	bulk_cleanup_digipass_data
cancel_task	change_ownership_reportfile	change_report_owner
create_backend	create_component	create_domain
create_emvcap_application	create_key	create_orgunit
create_policy	create_report	create_user
deactivate_digipass	decrypt_digipass_information_message	delete_admin_session
delete_audit_information	delete_backend	delete_component
delete_digipass	delete_domain	delete_key
delete_orgunit	delete_pending_operation	delete_policy
delete_report	delete_reportfile	delete_task
delete_user	disable_server_pin	disable_user
download_reportfile	enable_disable_maker_checker	enable_server_pin
enable_user	encrypt_digipass_request_message	force_pin_change
generate_dpappl_activation_data	generate_virtual_otp	import_digipass
import_user	link_user	live_audit
move_digipass	move_user	replication_reconnect
replication_status	reset_activation	reset_dpappl
reset_dpappl_lock	reset_last_authentication_time	reset_offline_data
reset_password	reset_pin	resume_task
rotate_key	run_report	send_digipass_activation_data
send_notification	set_admin_domains	set_auth_policy_overrides
set_digipass_expiration	set_dpappl_event	set_password
set_pin	set_privileges	set_user_expiration
suspend_task	take_ownership_reportfile	take_task_ownership
test_otp	test_signature	unassign_digipass
unbind_digipass	unlink_user	unlock_digipass
unlock_user	update_backend	update_component
update_configuration	update_digipass	update_domain
update_key	update_orgunit	update_policy
update_report	update_server_configuration	update_task
update_user	view_admin_session	view_audit_information
view_backend	view_component	view_configuration
view_digipass	view_domain	view_emv_pan
view_key	view_orgunit	view_policy
view_privileges	view_recent_digipass_activity	view_recent_user_activity
view_report	view_reportfile	view_server_configuration
view_task	view_usage_information	view_user

SOAP Authentication (Overview)

Resources