Integrate response validation
  • 23 Oct 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Integrate response validation

  • Dark
    Light
  • PDF

Article summary

Each action configured in the Mobile Authenticator Studio app can call a web service to validate a response. If an action uses a URL in its OutputData element with the internalValidation attribute set to true, the URL will be called by Mobile Authenticator Studio internally. If the internalValidation attribute is not used as described, Mobile Authenticator Studio will close. If this occurs, a web browser will then open the configured URL after the mask parameters in the URL have been replaced.

Internal response validation (overview)

External response validation (overview)

If a score-based authentication mechanism is used to generate the OTP, the score evaluated by Mobile Authenticator Studio will be returned by OneSpan Authentication Server Framework. This is done through the return code of the OTP verification API.

Score-based authentication requires OneSpan Authentication Server Framework 3.14 or later.

For more information about retrieving the client score from Authentication Server Framework, refer to the OneSpan Authentication Server Framework Programmer's Guide.

Response Validation Request

The request sent by Mobile Authenticator Studio is configured in the OutputData section of the configuration file:

  1. <!-- Out of Band login -->

  2. <Action id="oob"cryptoAppIndex="2">

  3.   <InputData inputType="image"imageFormat="all"    displayImageContent="false"/>

  4.   <OutputData displayed="false"internalValidation="true">

  5.     <URL method="POST"value="http://MY_DOMAIN_NAME/MY_WEB_SERVICE?serialNumber=%_SerialNumber_%&amp;sequenceNumber=%_SequenceNumber_%&amp;otp=%_OTP_%" />

  6.   </OutputData>

  7.   ...

  8. </Action>

The URL can use the HTTP POST or GET methods. For more information about URL customization, refer to the Mobile Authenticator Studio Customization Guide.

Parameters supported in URLs (standard action)

Parameter name

Description

RegistrationIdentifier

The identifier used during activation.

Format: Alphanumeric string, limited to 40 characters

OTP

The response generated by the cryptographic application defined by the cryptoAppIndex attribute of the Action element.

Format: Hexadecimal string, limited to 16 characters

Challenge

The challenge used for Challenge/Response-based cryptographic applications.

Format: Decimal string, limited to 16 characters

SerialNumber

The authenticator serial number.

Format: Alphanumeric string, 10 characters

SequenceNumber

The sequence number of the authenticator instance/account.

Format: Numeric string of 2 characters

UserIdentifier

The extra user identifier that has been set during activation.

Format: Alphanumeric string, limited to 40 characters

DTF1

This is the first data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF2

This is the second data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF3

This is the third data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF4

This is the fourth data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF5

This is the fifth data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF6

This is the sixth data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF7

This is the seventh data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

DTF8

This is the eighth data field used to generate the response.

Format: Alphanumeric string, limited to 16 characters

Version

The version of the application binary as defined when configuring the app.

DeviceIdentifier

The device-unique identifier.

Format: String of 64 hexadecimal characters

RootingStatus

The status indicating whether the device is rooted, either true or false according to the device state.

Response Validation Response

The response expected by Mobile Authenticator Studio must be formatted as described in the DTD:

  1. <!ELEMENT DP4Mobile>

  2. <!ATTLIST DP4Mobile retCode CDATA #REQUIRED>

  3. <!ATTLIST DP4Mobile message CDATA #REQUIRED>

  4. <!ATTLIST DP4Mobile serverTime CDATA #IMPLIED>

Example

  1. <?xmlversion="1.0"encoding="UTF-8"?>

  2. <DP4MobileretCode="0"message="Operation Successful" />

Response validation response attributes

Attribute name

Description

//DP4Mobile/@retCode

Required. The return code associated with the response validation request. 0 means success, any other value will cause the message attribute value to be displayed.

//DP4Mobile/@message

Required. The return message associated with the response validation request. This value will be displayed by the app if not empty.

//DP4Mobile/@serverTime

Optional. This is the current server GMT time. This value will be used by the app to silently set the drift between device and server time to keep the app synchronized.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant