Configure Mobile Authenticator Studio Classic or Premium Edition

Configuring Mobile Authenticator Studio Classic or Premium Edition 4.17 and later involves updating the following elements in the Mobile Authenticator Studio XML configuration file:

  • Activations
  • MultiDeviceActivation
  • OnlineTimeSynchronization
  • Notifications
  • AdvancedActivationV1
  • ChecksumV1

Configure Mobile Authenticator Studio Classic or Premium Edition

To configure Mobile Authenticator Studio Classic or Premium Edition for offline activation

  1. Modify the default Activations element attributes and set the static vector associated to the Digipass license order. The static vector can be found in the export.svf file delivered with the DIGIPASS export file (DPX).

    <Activations replaceInstance="true" staticVector="DC8A9AC3EF2A41791DF1A03959C4ED4F...">

  2. Modify the default MultiDeviceActivation element attributes as indicated below.

    <MultiDeviceActivation id="MDA_Offline_Activation">
      <MenuItem .../>
      <LicenseActivation>
        <OfflineLicenseActivation imageFormat="crontoCode" />
        <View ...>...</View>
      </LicenseActivation>
      <InstanceActivation>
        <OfflineInstanceActivation imageFormat="crontoCode" 
            responsePattern="XXXX-XXXX-XXXX-XXXX"/>
        <View ...>...</View>
      </InstanceActivation>
      <ExtraActivationData>
        <View ...>...</View>
      </ExtraActivationData>
      <PostActivation cryptoAppIndex="4">
        <OfflinePostActivation responsePattern="XXXX-XXXX-XXXX-XXXX-XXXX-XXXX" hostCodePattern="XXXX-XXXX-XXXX-XXXX-XXXX-XXXX" />
        <View ...>... </View>
      </PostActivation>
    </MultiDeviceActivation>

    The cryptoAppIndex attribute of the PostActivation element must define the Digipass cryptographic application used for Secure Channel.

To configure Mobile Authenticator Studio Classic or Premium Edition for online activation

  1. Add the following MultiDeviceActivation element attributes and set the URL of the activation web service of DIGIPASS Gateway as configured when setting up DIGIPASS Gateway.

    <MultiDeviceActivation id="MDA_Online_Activation">
      <MenuItem .../>
      <LicenseActivation useActivationPassword="true" checksumOnActivationPassword="true">
        <OnlineLicenseActivation useRegistrationIdentifier="true">
          <URL method="POST" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/licenseActivation">
            <PayloadParameter key="RegistrationIdentifier" value="%_RegistrationIdentifier_%" />
            <PayloadParameter key="PublicKey" value="%_PublicKey_%"/>
            <PayloadParameter key="InitialVector" value="%_InitialVector_%"/>
          </URL>
        </OnlineLicenseActivation>
        ...
      </LicenseActivation>
      <InstanceActivation>
        <OnlineInstanceActivation>
          <URL method="POST" 
               value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/instanceActivation">
            <PayloadParameter key="RegistrationIdentifier" value="%_RegistrationIdentifier_%"/>
            <PayloadParameter key="DeviceCode" value="%_DeviceCode_%"/>
            <PayloadParameter key="InitialVector" value="%_InitialVector_%"/>
            <PayloadParameter key="Nonce" value="%_Nonce_%"/>
          </URL>
        </OnlineInstanceActivation>
        <View>...</View>
      </InstanceActivation>
      <ExtraActivationData>
        <View ...>... </View>
      </ExtraActivationData>
      <PostActivation cryptoAppIndex="1" >
        <OnlinePostActivation destroyOnFailure="true">
          <URL method="POST" 
               value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/postActivation">
            <PayloadParameter key="RegistrationIdentifier" value="%_RegistrationIdentifier_%"/>
            <PayloadParameter key="OTP" value="%_OTP_%"/>
          </URL>
        </OnlinePostActivation>
        <View ...>... </View>
      </PostActivation>
    </MultiDeviceActivation>

    The cryptoAppIndex attribute of the PostActivation element must define the Digipass cryptographic application used by OneSpan Authentication Server to validate the Digipass derivation code and perform the device binding.

  2. Set the URL of the time synchronization web service of DIGIPASS Gateway in the OnlineSynchronization element with the IP address and port configured when setting up DIGIPASS Gateway.

    <OnlineSynchronization>  <URL method="POST" 
        value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/synchronize" />

      ...
    </OnlineSynchronization>
  3. Disable the AdvancedActivationV1 element:

    <AdvancedActivationV1 enabled="false" />

To configure Mobile Authenticator Studio Classic or Premium Edition for push notification workflows

  1. Set up the URL of the notification web service of DIGIPASS Gateway required to register end-user devices to receive push notifications by adding a NotificationRegistration block to the Notifications element.

    <Notifications>
      <NotificationRegistration>
        <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/notification/push/updateNotificationID">
          <PayloadParameter key="userID" value="%_UserIdentifier_%"/>
          <PayloadParameter key="domain" value="%_Domain_%"/>
          <PayloadParameter key="digipassInstanceID" value="%_SerialNumber_%-%_SequenceNumber_%"/>
          <PayloadParameter key="encryptedNotificationID" value="%_VascoNotificationIdentifier_%"/>
        </URL>
      </NotificationRegistration>
      ...
    </Notifications>
  2. Set up the URLs of the notification web services of DIGIPASS Gateway required for the push and login workflow by adding a respective SecureChannelAction block to the NotificationList element.

    The identifier of the respective block is related to the message type and has the value 03.

    <Notifications>
      <NotificationsList>
        <SecureChannelAction id="03">
          <SecureChannelDetails>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/authentication/push/getPreparedSecureChallenge">
              <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
              <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
            </URL>
          </SecureChannelDetails>
          <SecureChannelValidation>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/authentication/push/authUser">
              <PayloadParameter key="userID" value="%_UserIdentifier_%"/>
              <PayloadParameter key="domain" value="%_Domain_%"/>
              <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
              <PayloadParameter key="signature" value="%_OTP_%"/>
            </URL>
          </SecureChannelValidation>
          <SecureChannelRejection>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/authentication/push/cancelAuthUser">
              <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
              <PayloadParameter key="challengeKey" value="%_Challenge_%"/>
            </URL>
          </SecureChannelRejection>
          <View title="Login Request">
            <Labels>
              <Label id="TransactionAcceptRejectMessage" value="Do you want to login to the service as %_UserIdentifier_%?" class="classId"/>
              <Label id="DetailsWaitMessage" value="Fetching Login request" />
              <Label id="RejectionWaitMessage" value="Rejecting login ..." />
              <Label id="ValidationWaitMessage" value="Accepting login..." />
            </Labels>
            <Buttons>
              <Button id="Accept" value="Yes"/>
              <Button id="Deny" value="No"/>
            </Buttons>
          </View>
        </SecureChannelAction>
      </NotificationsList>
    </Notifications>
  3. Set up the URLs of the notification web services of DIGIPASS Gateway required for the push and sign workflow by adding a respective SecureChannelAction block to the NotificationList element.

    The identifier of the respective block is related to the message type and has the value 05.

    <Notifications>
      <NotificationsList>
        <SecureChannelAction id="05">
          <SecureChannelDetails>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/signature/push/getPreparedSignatureRequest">
              <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
              <PayloadParameter key="requestKey" value="%_Challenge_%"/>
            </URL>
          </SecureChannelDetails>
          <SecureChannelValidation>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/signature/push/authSignature">
              <PayloadParameter key="userID" value="%_UserIdentifier_%"/>
              <PayloadParameter key="domain" value="%_Domain_%"/>
              <PayloadParameter key="requestKey" value="%_Challenge_%"/>
              <PayloadParameter key="signature" value="%_OTP_%"/>
            </URL>
          </SecureChannelValidation>
          <SecureChannelRejection>
            <URL method="POST" contentType="json" value="https://DPGATEWAY_HOST:DPGATEWAY_PORT/rest/v2/signature/push/cancelAuthSignatureRequest">
              <PayloadParameter key="serialNumber" value="%_SerialNumber_%-%_SequenceNumber_%"/>
              <PayloadParameter key="requestKey" value="%_Challenge_%"/>
            </URL>
          </SecureChannelRejection>
          <View title="Transaction Request">
            <Labels>
              <Label id="TransactionAcceptRejectMessage" value="Do you want to accept this transaction as %_UserIdentifier_%?" class="classId"/>
              <Label id="DetailsWaitMessage" value="Fetching transaction request" />
              <Label id="RejectionWaitMessage" value="Rejecting transaction..." />
              <Label id="ValidationWaitMessage" value="Accepting transaction..." />
            </Labels>
            <Dynamics>
              <Dynamic id="Title" class="classId"/>
              <Dynamic id="Keys" class="classId"/>
              <Dynamic id="Values" class="classId"/>
              <Dynamic id="FreeText" class="classId"/>
            </Dynamics>
            <Buttons>
              <Button id="Accept" value="Yes"/>
              <Button id="Deny" value="No"/>
            </Buttons>
          </View>
        </SecureChannelAction>
      </NotificationsList>
    </Notifications>

For more information about generating the Mobile Authenticator Studio application using the modified XML configuration file, refer to the Mobile Authenticator Studio Customization Guide.