Configuration of Mobile Authenticator Studio

To enable the integration of Mobile Authenticator Studio functionalities with OneSpan Cloud Authentication, the Mobile Authenticator Studio XML configuration file must be updated .

The procedures outlined in this section provide an overview of the configuration steps for a sample Mobile Authenticator Studio app with the following features enabled:

• Offline activation with user identifier
• Response-Only application
• Challenge/Response application
• Signature application
• Secure Channel The Secure Channel feature encrypts the communication between device and server. It uses payload keys to protect the confidentiality and authenticity of the message's payload.
• Push Notification Message that is pushed from a server to a user and is displayed on an end-user device, e.g. a mobile device. Push notifications are received by a particular app. This must be registered on the corresponding server to receive notifications. Notifications can be sent at any time, the users do not have to be actively using the app at that time.-based authentication
• Push Notification-based signature

For more detailed information about the customization options of Mobile Authenticator Studio, refer to the Mobile Authenticator Studio Customization Guide provided in the product package.

To configure Mobile Authenticator Studio for offline activation

1. Modify the default Activations element attributes and set the static vector associated to the Digipass license order. The static vector can be found in the static vector file (export.svf) delivered with the DIGIPASS export file (DPX).

   <Activations useUserIdentifier="true" splitPasswordInput="false" replaceInstance="false" activationIdForSecureChannelAction="multiDeviceOfflineActivation" staticVector="38080175010356...">

2. Modify the default MultiDeviceActivation element attributes as indicated below.

   1. <MultiDeviceActivation id="multiDeviceOfflineActivation">
   2.   <MenuItem .../>
   3.   <LicenseActivation>
   4.     <OfflineLicenseActivation imageFormat="all" />
   5.     <View>

   6.       <Labels>

   7.         <Label id="ReplaceInstanceConfirmationMessage" value="Do you want to overwrite your Digipass instance?"/>

   8.       </Labels>

   9.       <Errors>

   10.         <Error id="CameraMandatory" value="A usable camera is mandatory to run this application."/>

   11.         <Error id="ReplaceInstanceNotPermitted" value="You cannot replace the Digipass instance"/>

   12.         <Error id="MultiInstanceNotPermitted" value="You cannot load another Digipass instance."/>

   13.       </Errors>

   14.     </View>
   15.   </LicenseActivation>
   16.   <InstanceActivation>
   17.     <OfflineInstanceActivation imageFormat="all" />
   18.     <View>

   19.       <Labels>

   20.         <Label id="MultiDeviceLicenseActivationSuccess" value="You have preactivated your license. Please find below your device code. Once entered on the server side, press Scan to continue."/>

   21.         <Label id="MultiDeviceLicenseActivationScanImageMessage" value="Press the button below to scan your online image."/>

   22.       </Labels>

   23.       <Dynamics>

   24.         <Dynamic id="DeviceCode" class="resultGenerated"/>

   25.       </Dynamics>

   26.       <Buttons>

   27.         <Button id="Next" value="Scan online image"/>

   28.       </Buttons>

   29.     </View>
   30.   </InstanceActivation>
   31.   <ExtraActivationData>
   32.     <View>

   33.       <Fields>

   34.         <Field id="CreatePassword" name="Local password" comment="Create your Digipass local password." class="inputText"/>

   35.         <Field id="CreatePasswordConfirmation" name="Confirmation password" comment="Enter your confirmation password." class="inputText"/>

   36.         <Field id="VerifyPassword" name="Local password" comment="Enter your Digipass local password." class="inputText"/>

   37.         <Field id="UserIdentifier" name="User identifier" comment="Enter your user identifier." class="inputText"/>

   38.       </Fields>

   39.       <Errors>

   40.         <Error id="UserIdentifierEmpty" value="You must enter a user identifier."/>

   41.         <Error id="ConfirmationPasswordIncorrect" value="The confirmation password does not match the password."/>

   42.       </Errors>

   43.     </View>
   44.   </ExtraActivationData>
   45.   <PostActivation cryptoAppIndex="4">
   46.     <OfflinePostActivation displaySerialNumber="true" responsePattern="XXXXXX" hostCodePattern="XXXXXX" centered="true" />
   47.     <View title="Token derivation">

   48.       <Fields>

   49.         <Field id="Challenge" name="Challenge" comment="Enter the challenge." class="inputText"/>

   50.       </Fields>

   51.       <Labels>

   52.         <Label id="ClipboardCopyHostCode" value="Server response copied to clipboard"/>

   53.         <Label id="ClipboardCopyResponse" value="First OTP copied to clipboard"/>

   54.         <Label id="OnlineServerActivationWaitMessage" value="Activation confirmation, please wait..."/>

   55.         <Label id="ResultHostCode" value="Server host code:" class="resultText"/>

   56.         <Label id="ResultResponse" value="Your first OTP is:" class="resultText"/>

   57.         <Label id="SerialNumber" value="Your serial number:" class="resultText"/>

   58.       </Labels>

   59.       <Dynamics>

   60.         <Dynamic id="ResultHostCode" class="resultGenerated"/>

   61.         <Dynamic id="ResultResponse" class="resultGenerated"/>

   62.         <Dynamic id="SerialNumber" class="resultGenerated"/>

   63.       </Dynamics>

   64.       <Errors>

   65.         <Error id="ChallengeEmpty" value="The activation response does not include a challenge."/>

   66.         <Error id="ChallengeTooShort" value="The minimal length for the challenge is %_MinLength_%."/>

   67.         <Error id="ChallengeTooLong" value="The maximum length of the challenge is %_MaxLength_%."/>

   68.       </Errors>

   69.     /View>
   70.   </PostActivation>
   71. </MultiDeviceActivation>

   The cryptoAppIndex attribute of the PostActivation element must define the Digipass cryptographic application used for Secure Channel.

To configure Mobile Authenticator Studio for Push Notification workflows

1. Set up the URL of the sandbox environment to register user devices to receive Push Notification messages: add a NotificationRegistration block to the Notifications element.

   1. <Notifications>
   2.   <NotificationRegistration>
   3.     <URL method="POST" contentType="json" value="https://tenant.env.tid.onespan.cloud/v1/mobile-commands/notification/push/updateNotificationID">
   4.       <PayloadParameter key="userID" value="%_UserIdentifier_%"/>
   5.       <PayloadParameter key="domain" value="%_Domain_%"/>
   6.       <PayloadParameter key="digipassInstanceID" value="%_SerialNumber_%-%_SequenceNumber_%"/>
   7.       <PayloadParameter key="encryptedNotificationID" value="%_VascoNotificationIdentifier_%"/>
   8.     </URL>
   9.   </NotificationRegistration>
   10. ...
   11. </Notifications>

2. Set up the URLs of the sandbox environment required for Push Notification-based authentication: add a SecureChannelAction block to the NotificationsList element.

   The identifier of the relevant block is related to the message type and has the value 03.

   1. <Notifications>
   2.   <NotificationsList>
   3.   <!-- Secure channel Action with push and login -->
   4.     <SecureChannelAction id="03">
   5.       <SecureChannelDetails>
   6.         <URL method="POST" contentType="json" value="https://tenant.env.tid.onespan.cloud/v1/mobile-commands/authentication/push/getPreparedSecureChallenge">
   7.           <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
   8.           <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
   9.         </URL>
   10.       </SecureChannelDetails>
   11.       <SecureChannelValidation>
   12.         <URL method="POST" contentType="json" value="https://tenant.env.tid.onespan.cloud/v1/mobile-commands/authentication/push/authUser">
   13.           <PayloadParameter key="userID" value="%_UserIdentifier_%"/>
   14.           <PayloadParameter key="domain" value="%_Domain_%"/>
   15.           <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
   16.           <PayloadParameter key="signature" value="%_OTP_%"/>
   17.         </URL>
   18.       </SecureChannelValidation>
   19.       <SecureChannelRejection>
   20.         <URL method="POST" contentType="json" value="https://tenant.env.tid.onespan.cloud/v1/mobile-commands/authentication/push/cancelAuthUser">
   21.           <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
   22.           <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
   23.         </URL>
   24.       </SecureChannelRejection>
   25.       <View title="Login Request">
   26.       <Labels>

   27.         <Label id="TransactionAcceptRejectMessage" value="Do you want to log in to ‘%_ServiceName_%’ as %_UserIdentifier_%?"/>

   28.         <Label id="DetailsWaitMessage" value="Fetching login request" />

   29.         <Label id="RejectionWaitMessage" value="Rejecting login ..." />

   30.         <Label id="ValidationWaitMessage" value="Accepting login..." />

   31.       </Labels>

   32.       <Buttons>

   33.         <Button id="Accept" value="Accept"/>

   34.         <Button id="Deny" value="Reject"/>

   35.       </Buttons>

   36.     </View>
   37.     </SecureChannelAction>
   38.   </NotificationsList>
   39. </Notifications>

3. Set up the URLs of the sandbox environment required for the Push Notification-based transaction data signing workflow: add a SecureChannelAction block to the NotificationsList element.

   The identifier of the relevant block is related to the message type and has the value 05.

   1.   <NotificationsList>
   2.     <!-- Secure channel Action with push and sign -->
   3.     <SecureChannelAction id="05">
   4.       <SecureChannelDetails>
   5.         <URL method="POST" contentType="json" value="https://<tenant>.<env>.tid.onespan.cloud/v1/mobile-commands/signature/push/getPreparedSignatureRequest">
   6.           <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%">
   7.           PayloadParameter key="requestKey" value="%_Challenge_%"/>
   8.         </URL>
   9.       </SecureChannelDetails>
   10.       <SecureChannelValidation>
   11.         <URL method="POST" contentType="json" value="https://<tenant>.<env>.tid.onespan.cloud/v1/mobile-commands/signature/push/authSignature">
   12.           <PayloadParameter key="userID" value="%_UserIdentifier_%">
   13.           <PayloadParameter key="domain" value="%_Domain_%"/>
   14.           <PayloadParameter key="requestKey" value="%_Challenge_%"/>
   15.           <PayloadParameter key="signature" value="%_OTP_%"/>
   16.         </URL>
   17.       </SecureChannelValidation>
   18.       <SecureChannelRejection>
   19.         <URL method="POST" contentType="json" value="https:/<tenant>.<env>.tid.onespan.cloud/v1/mobile-commands/signature/push/cancelAuthSignatureRequest">
   20.           <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
   21.           <PayloadParameter key="requestKey" value="%_Challenge_%"/>
   22.         </URL>
   23.       </SecureChannelRejection>
   24.       <View title="Transaction Request">
   25.         <Labels>
   26.           <Label id="TransactionAcceptRejectMessage" value="\Do you want to accept this transaction as %_UserIdentifier_%?"class="infoLabel"/>
   27.           <Label id="DetailsWaitMessage" value="Fetching transaction request" />
   28.           <Label id="RejectionWaitMessage" value="Rejecting transaction..." />
   29.           <Label id="ValidationWaitMessage" value="Accepting transaction..." />
   30.         </Labels>
   31.         <Dynamics>
   32.           <Dynamic id="Title" class="titleItem"/>
   33.           <Dynamic id="Keys" class="keyItem"/>
   34.           <Dynamic id="Values" class="valueItem"/>
   35.           <Dynamic id="FreeText" class="freeTextItem"/>
   36.         </Dynamics>
   37.         <Buttons>
   38.           <Button id="Accept" value="Accept"/>
   39.           <Button id="Deny" value="Reject"/>
   40.         </Buttons>
   41.       </View>
   42.     </SecureChannelAction>
   43.   </NotificationsList>
   44. </Notifications>