The SOAP authentication interface exposes various authentication commands (see Table: SOAP authentication commands (Overview)).
| Command | Description |
|---|---|
| authUser | Performs a user authentication operation on OneSpan Authentication Server (see authUser (Command)). |
| cancelAuthUser | Cancels a pending user authentication based on Push Notification (see cancelAuthUser (Command)). |
| changeBackendPassword | The user can change the static Active Directory password with a configured back end for OneSpan Authentication Server via a user self-management website (see changeBackendPassword (Command)). |
| changeEncStatPwd | Deprecated. Changes the PIN and static password for a Digipass 110 authenticator (see changeEncStatPwd (Command)). |
| getChallenge | Requests the OneSpan Authentication Server to generate an authentication challenge, i.e. 1-step challenge (see getChallenge (Command)). |
| getPreparedSecureChallenge | Used during the Push Notification authentication workflow by the mobile application to fetch the secure challenge for the authentication process (see getPreparedSecureChallenge (Command)). |
| getSecureChallenge | Requests OneSpan Authentication Server to generate a request message that can be used to initiate an authentication process (see getSecureChallenge (Command)). Applies if Secure Channel is supported. |
| updatePassword | Performs a static password update operation on OneSpan Authentication Server (see updatePassword (Command)). |
The SOAP authentication commands support different credential field attributes (see Table: SOAP authentication credential field attributes).
| Attribute name | Data type | Description |
|---|---|---|
| CREDFLD_ADMIN_PRIVILEGES | String | The administration privileges of the user. Up to 255 characters. |
| CREDFLD_AUTH_TYPE | String | Determines the authentication type. This is used to force a specific authentication workflow. If omitted, the authentication command uses its default behavior to determine the workflow type. Possible values:
|
| CREDFLD_AUXILIARY_MESSAGE | String | The serialized error stack. Only specified if authuser request is not successful. |
| CREDFLD_CESPR | String | Deprecated. This is the change encrypted static password request generated by the Digipass 110 applet required for the changeEncStatPwd command. |
| CREDFLD_CHALLENGE | String | The challenge used to generate a response for challenge/response authentication. |
| CREDFLD_CHALLENGE_KEY | String | The challenge key used to refer to a challenge generated by OneSpan Authentication Server. |
| CREDFLD_CHALLENGE_MESSAGE | String | The message to be displayed to the end users asking them to use the returned challenge. |
| CREDFLD_COMPONENT_TYPE | String | SOAP client application identifier. |
| CREDFLD_CONFIRM_NEW_PIN | String | The confirmation of the new server PIN to be set. |
| CREDFLD_CONFIRM_STATIC_PASSWORD | String | The confirmation of the new static password to be set. Up to 255 characters. |
| CREDFLD_CONTROLLER_TYPE | String | SSM/HSM-Safenet |
| CREDFLD_CRYPTO_APP_INDEX | Unsigned Integer | The index of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can determine the application index with the DIGIPASSAPPLCMD_GETINFO command. Possible values: 1–n |
| CREDFLD_CRYPTO_APP_NAME | String | The name of the authenticator application to use when you initiate an authentication process using Secure Channel (see getSecureChallenge (Command)). The specified authenticator application must be allowed by the effective policy. If not specified, the first applicable authenticator application is used by default. You can retrieve the application names of an authenticator with the digipassapplQuery (Command) command. Up to 12 characters. |
| CREDFLD_CURRENT_PIN | String | The current server PIN to be changed. |
| CREDFLD_DIGIPASS | Input of authenticator credentials. | |
| CREDFLD_DOMAIN | String | As output, the user's resolved domain will be specified. Up to 255 characters. |
| CREDFLD_DP_RESPONSE | String | The one-time password (OTP) generated by the authenticator (only used if CREDFLD_PASSWORD_FORMAT is set to 4). |
| CREDFLD_HOST_CODE | String | The host code, only returned if the corresponding attribute field was specified in the authentication request and the authentication has been successful. |
| CREDFLD_LOGICAL_ADMIN_PRIVILEGES | String | A comma-separated list of the assigned administrative privileges. Each administrative privilege is specified as follows: privilege_name [true|false] For a list of possible values, see Table: Logical administrative privileges. |
| CREDFLD_NEW_PIN | String | The new server PIN to be set. |
| CREDFLD_NEW_STATIC_PASSWORD | String | The new static password to be set. Up to 255 characters. |
| CREDFLD_NONCE | String | Random character string. The nonce value is used to associate client sessions with ID tokens when using OpenID Connect (OIDC) for authentication. Availability: 3.27 and later |
| CREDFLD_NOTIFY_GRACE_EXPIRE_DATE | Date | |
| CREDFLD_NOTIFY_GRACE_PERIOD_EXPIRED | Boolean | |
| CREDFLD_NOTIFY_PASSWORD_EXPIRE_DATE | DateTime | The date and time when the static password expires. Format: YYYY-MM-DDThh:mm:ssZ |
| CREDFLD_NOTIFY_PASSWORD_RANDOMIZE | Boolean | |
| CREDFLD_NOTIFY_REQUIRE_PIN_CHANGE | Boolean | |
| CREDFLD_NOTIFY_TOKEN_IS_ASSIGNED | Boolean | |
| CREDFLD_ORGANIZATIONAL_UNIT | String | Indicates the user's resolved organizational unit. Up to 255 characters. |
| CREDFLD_PASSWORD | String | The combined password string (only if CREDFLD_PASSWORD_FORMAT is set to 0). |
| CREDFLD_PASSWORD_FORMAT | Unsigned Integer | Possible values:
|
| CREDFLD_PLATFORM | String | Linux/Windows |
| CREDFLD_PRODUCT_NAME | String | The product name of the OneSpan Authentication Server instance. |
| CREDFLD_PRODUCT_VERSION | String | The product version of the OneSpan Authentication Server instance including the build number. Format: major.minor.patch.build |
| CREDFLD_REQUEST_BODY | String | The clear request body used to generate the challenge request message for an authentication process using Secure Channel. Applies if Secure Channel is supported. Up to 512 characters. |
| CREDFLD_REQUEST_HOST_CODE | String | Possible values:
Only the number should be used. |
| CREDFLD_REQUEST_MESSAGE | String | The secure challenge request message. Applies if Secure Channel is supported. Up to 1070 hexadecimal characters. |
| CREDFLD_RESTRICT_ADMIN_PRIVILEGE_ASSIGNMENT | String | |
| CREDFLD_SERIAL_NO | String | As input, the serial number of the authenticator to be used for the respective command. As output, the serial number of the authenticator (instance) that was used to perform the respective operation. Up to 255 characters. |
| CREDFLD_SERVER_LOCAL_TZ | String | Server local timezone. |
| CREDFLD_SESSION_ID | String | The session ID for a wireless RADIUS session. May be used for fast reconnect. Up to 255 characters. |
| CREDFLD_STATIC_PASSWORD | String | Only used if CREDFLD_PASSWORD_FORMAT is 4. Up to 255 characters. |
| CREDFLD_STATUS_MESSAGE | String | The reason of failure. Only specified if an authuser request is not successful. |
| CREDFLD_STORAGE_TYPE | String | ODBC/LDAP |
| CREDFLD_USER_ATTRIBUTE_GROUP | String | The user attribute group name for the attributes you want to be returned after a successful authentication. Up to 255 characters. |
| CREDFLD_USERID | String | The user ID as provided by the calling application (no specific format is required). As output, the resolved user ID will be specified. Up to 255 characters. |
| CREDLFD_SVR_PUBLIC_KEY | String | Server public key |
| CREDLFD_TRANSACTION_TITLE | String | The title of a secure challenge transaction. Applies if Secure Channel is supported. Up to 255 characters. |
Table: Logical administrative privileges lists the available logical admin privileges.