Integrate response validation
- 23 Oct 2024
- 3 Minutes à lire
- SombreLumière
- PDF
Integrate response validation
- Mis à jour le 23 Oct 2024
- 3 Minutes à lire
- SombreLumière
- PDF
The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article
Avez-vous trouvé ce résumé utile ?
Merci pour vos commentaires
Each action configured in the Mobile Authenticator Studio app can call a web service to validate a response. If an action uses a URL in its OutputData element with the internalValidation attribute set to true, the URL will be called by Mobile Authenticator Studio internally. If the internalValidation attribute is not used as described, Mobile Authenticator Studio will close. If this occurs, a web browser will then open the configured URL after the mask parameters in the URL have been replaced.
.png?sv=2022-11-02&spr=https&st=2024-11-19T20%3A52%3A00Z&se=2024-11-19T21%3A02%3A00Z&sr=c&sp=r&sig=4GmwH59Hktz%2FNh86KcFCdEfDv4ZXdQ2Yd5JUqwWmwh4%3D "image(147).png")
Internal response validation (overview)
.png?sv=2022-11-02&spr=https&st=2024-11-19T20%3A52%3A00Z&se=2024-11-19T21%3A02%3A00Z&sr=c&sp=r&sig=4GmwH59Hktz%2FNh86KcFCdEfDv4ZXdQ2Yd5JUqwWmwh4%3D "image(148).png")
External response validation (overview)
If a score-based authentication mechanism is used to generate the OTP, the score evaluated by Mobile Authenticator Studio will be returned by OneSpan Authentication Server Framework. This is done through the return code of the OTP verification API.
Score-based authentication requires OneSpan Authentication Server Framework 3.14 or later.
For more information about retrieving the client score from Authentication Server Framework, refer to the OneSpan Authentication Server Framework Programmer's Guide.
Response Validation Request
Standard action (single-device licensing)
The request sent by Mobile Authenticator Studio is configured in the OutputData section of the configuration file:
<!-- Out of Band login -->
<Action id="oob"cryptoAppIndex="2">
<InputData inputType="image"imageFormat="all"displayImageContent="false"/>
<OutputData displayed="false"internalValidation="true">
<URL method="POST"value="http://MY_DOMAIN_NAME/MY_WEB_SERVICE?serialNumber=%_SerialNumber_%&sequenceNumber=%_SequenceNumber_%&otp=%_OTP_%" />
</OutputData>
...
</Action>
The URL can use the HTTP POST or GET methods. For more information about URL customization, refer to the Mobile Authenticator Studio Customization Guide.
Parameter name | Description |
|---|---|
PlatformName | The name of the platform on which the device is running. |
OTP | The response generated by the cryptographic application defined by the cryptoAppIndex attribute of the Action element. Format: Hexadecimal string, limited to 16 characters |
Challenge | The challenge used for Challenge/Response-based cryptographic applications. Format: Decimal string, limited to 16 characters |
SerialNumber | The authenticator serial number. Format: Alphanumeric string, 10 characters |
SequenceNumber | The sequence number of the authenticator instance/account. Format: Numeric string of 2 characters |
UserIdentifier | The extra user identifier that has been set during activation. Format: Alphanumeric string, limited to 40 characters |
DTF1 | This is the first data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF2 | This is the second data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF3 | This is the third data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF4 | This is the fourth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF5 | This is the fifth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF6 | This is the sixth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF7 | This is the seventh data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
DTF8 | This is the eighth data field used to generate the response. Format: Alphanumeric string, limited to 16 characters |
Version | The version of the application binary as defined when configuring the app. |
DeviceIdentifier | The device-unique identifier. Format: String of 64 hexadecimal characters |
RootingStatus | The status indicating whether the device is rooted, either true or false according to the device state. |
Secure Channel action (multi-device licensing)
The Secure Channel action can send a request to the server just as the standard action. This request sent by Mobile Authenticator Studio is configured in the OutputData section of the configuration file:
<SecureChannelAction id="sa"imageFormat="all"responsePattern="XX-XX-XX">
<SecureChannelValidation internalValidation="true">
<URL method="GET"value="http://MY_DOMAIN_NAME/MY_WEB_SERVICE?serialNumber=%_SerialNumber_%&sequenceNumber=%_SequenceNumber_%&otp=%_OTP_%&secureChannelMessage=%_SecureChannelMessage_%"/>
</SecureChannelValidation>
</SecureChannelAction>
The URL can use the HTTP POST or GET methods. For more information about URL customization, refer to the Mobile Authenticator Studio Customization Guide.
Parameter name | Description |
|---|---|
OTP | The response generated by the cryptographic application defined by the cryptoAppIndex attribute of the Action element. Format: Hexadecimal string, limited to 16 characters |
SecureChallengeMessage | The Secure Channel message signed by the app. This mask is optional. |
PlatformName | The name of the platform on which the device is running. |
SerialNumber | The authenticator serial number. Format: Alphanumeric string, 10 characters |
SequenceNumber | The sequence number of the authenticator instance/account. Format: Numeric string of 2 characters |
UserIdentifier | The extra user identifier that has been set during activation. Format: Alphanumeric string, limited to 40 characters |
Version | The version of the application binary as defined during the app configuration. |
DeviceIdentifier | The device-unique identifier. Format: String of 64 hexadecimal characters |
RootingStatus | The status indicating whether the device is rooted, either true or false according to the device state. |
Response Validation Response
The response expected by Mobile Authenticator Studio must be formatted as described in the DTD:
<!ELEMENT DP4Mobile>
<!ATTLIST DP4Mobile retCode CDATA #REQUIRED>
<!ATTLIST DP4Mobile message CDATA #REQUIRED>
<!ATTLIST DP4Mobile serverTime CDATA #IMPLIED>
Example
<?xml version="1.0"encoding="UTF-8"?>
<DP4Mobile retCode="0"message="Operation Successful" />
Attribute name | Description |
|---|---|
//DP4Mobile/@retCode | Required. The return code associated with the response validation request. 0 means success, any other value will cause the message attribute value to be displayed. |
//DP4Mobile/@message | Required. The return message associated with the response validation request. This value will be displayed by the app if not empty. |
//DP4Mobile/@serverTime | Optional. This is the current server GMT time. This value will be used by the app to silently set the drift between device and server time to keep the app synchronized. |
Cet article vous a-t-il été utile ?