authUser (Command)

Scenario: Authentication

Support:  full-sdk   auth-sdk 

The authUser command can be used to send the following requests to OneSpan Authentication Server:

• Authenticate with Response-Only
• Authenticate with Challenge/Response
• Authenticate with push notifications (push and login)
• Authenticate with Cronto images (scan and login)
• Authenticate with Secure Channel, i.e. authentication with the getChallenge and getSecureChallenge commands (see  getChallenge (Command) and  getSecureChallenge (Command)).
• Change server PIN

Parameters

CREDFLD_SERIAL_NO is not returned, if a static password (and not an authenticator) was used for the authentication.

The CREDFLD_CHALLENGE attribute is used as input parameter for 1-step challenge/response authentication. If a user initiates a 2-step challenge/response authentication with a request keyword, the authUser command generates a response and returns it via the CREDFLD_CHALLENGE attribute as output parameter. For more information about challenge/response authentication, see User authentication: Challenge/response.

Examples

Response-only

Authentication request via response-only with server PIN and OTP (as cleartext combined password)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <aut:authUser xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <credentialAttributeSet>
        <attributes>
          <value xsi:type="xsd:string">jane.doe</value>
          <attributeID>CREDFLD_USERID</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">1234703557</value>
          <attributeID>CREDFLD_PASSWORD</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:unsignedInt">0</value>
          <attributeID>CREDFLD_PASSWORD_FORMAT</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">SOAP Auth Client</value>
          <attributeID>CREDFLD_COMPONENT_TYPE</attributeID>
        </attributes>
      </credentialAttributeSet>
    </aut:authUser>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Scan and login request

This is an example for the first blocking authUser request in a scan and sign workflow.

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <aut:authUser xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
      <credentialAttributeSet>
        <attributes>
          <value xsi:type="xsd:string">user</value>
          <attributeID>CREDFLD_USERID</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">password</value>
          <attributeID>CREDFLD_PASSWORD</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:unsignedInt">0</value>
          <attributeID>CREDFLD_PASSWORD_FORMAT</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">1234567890</value>
          <attributeID>CREDFLD_CHALLENGE_KEY</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">Client</value>
          <attributeID>CREDFLD_COMPONENT_TYPE</attributeID>
        </attributes>
        <attributes>
          <value xsi:type="xsd:string">SCAN</value>
          <attributeID>CREDFLD_AUTH_TYPE</attributeID>
        </attributes>
      </credentialAttributeSet>
    </aut:authUser>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>