Scan and Login Test

  • Updated on Oct 7, 2025
  • Published on Oct 6, 2025
  • 1 minute(s) read
Prev Next

For a scan and login test, the following form fields must be used on the Scan and Login Test page and posted to the User Self-Management Website servlet (action="scanandlogintest"):

Scan and Login Test (Step 1 of 2) form fields

Form field name

Visible label

Description

username

User Name

Required. The name of the user to log on. The maximum length is 255 characters.

password

Password

Required. The static password to authenticate the user. The maximum length is 128 characters.

message

Challenge Message/Service Name

Optional. An optional text to send to the mobile app, typically used as challenge message or the name of the service to authenticate to. If this field is left blank, the User Self-Management Website submits the name of the client component registered in OneSpan Authentication Server. The text is displayed in the mobile app. The maximum length is 128 characters.

commit

Log In

Required. The button to submit data entered by the user to OneSpan Authentication Server.

replay_token

<hidden>

Required. Internally used form field to prevent re-transmission of form data.

Scan and Login Test (Step 2 of 2) form fields

Form field name

Visible label

Description

crontoImage

<image>

Required. The challenge key, which was generated by OneSpan Authentication Server when the logon request was initiated, provided as a Cronto image.

challengekey

Challenge Key

Required. The challenge key as plain text.

replay_token

<hidden>

Required. Internally used form field to prevent re-transmission of form data.

Scan and login test process

  1. The user navigates to the Scan and Login Test (1/2) page.

  2. The user enters the user name.

  3. The user enters the static password.

    The scan and login test page automatically sets the authentication type to initiate a scan and login process. The user doesn’t need to type a keyword, even if one is specified in the respective OneSpan Authentication Server policy.

  4. The user clicks Log In.

  5. The user is redirected to the Scan and Login Test (2/2) page, which displays a Cronto image.

  6. The user opens the Mobile Authentication Studio app and scans the Cronto image.

  7. The user confirms the authentication in the mobile app to complete the authentication process.

  8. The mobile app displays a message that the authentication was successful.