Earned badges

Earned badges

Achievement: Latest Unlocked

Topic Started

This user has not created any forum posts.

Replies Created

Reply to: How to trigger "2 Different IP Countries in 1 hour"?

0 votes

Hi Josh,

Could you please provide the request payload for your ../users/register API call.  While you did indicated that you used LoginInput objectType to login, I need to determine which objectType you have used when you registered, in order to help you with the your inquiry. Please make sure to remove any sensitive data before submission.

Thank you!


Reply to: How to trigger "2 Different IP Countries in 1 hour"?

2 votes

In order to see the desired result, you will need to register using "objectType": "AdaptiveRegisterUserInput" attribute in your JSON payload, and then login using "objectType": "AdaptiveLoginInput".  

When you call "/users/{[email protected]}/login" endpoint the second time simulating an IP from another country, like in step 6, you must receive a "riskResponseCode" attribute with a value that represent the authentication challenge associated with this type of behaviour, for example it could be '2' for "Challenge", or '23' for "ChallengeFingerprint", depending on your Risk Analytics instance setup to step up the authentication.  The value for your first login should be '0' for "Accept", if you used the default request body.

Coming to the important part of your question, when you have called "/users/{[email protected]}/events/validate" to validate your login, you should have called the endpoint using "eventType": "LoginAttempt" rather than "eventType": "LoginSuccess", if you take a look into your latest events in Risk Analytics for your login attempts, you will see their event type fields are filled as "LoginAttempt" and not "LoginSuccess", so in step 7, you should have validated using "LoginAttempt" in your request.  Then you will have a response body with the same "riskResponseCode" you had following your login attempt, and a "sessionStatus" as "unknown" until you have completed the required authentication. 

Please note that if you chose to set up your response code to a value that requires a device to authenticate, like "ChallengeFingerprint", you will need first to activate that device to be your trusted device, otherwise you will receive '409' error code.

Please let me know how it works for you.

Reply to: How to trigger "2 Different IP Countries in 1 hour"?

0 votes

I am glad you reached there.

As for the latest error code you had with AdaptiveLoginInput, what seems to cause the issue is in "02-users-login-adaptive-POST_request.txt" file, "sessionID" should have been written with an uppercase D in ID.


Topics Replies Freshness Views Users

Hi OneSpan,

We are going to implement app shielding for RASP. According to the app shielding document, there are several APIs for automated shielding: We have few questions for that:

2 9 hours 59 minutes ago 23


Using the Mobile Security Suite, How are the messages sent to and from the mobile application?

2 47 minutes 6 seconds ago 17

When scanning CRONTO using onespan app, I keep getting error message "invalid activation parameters".

2 6 days 17 hours ago 49


I'm trying to run "Orchestration SDK" backend server but I faced an error as I can't find jar files that includes below libraries.


2 1 month 2 weeks ago 45

My company would like to get their stuff secure with MFA. Well, not everything, but at least they want to secure the remote access VPN and our O365 accounts. So, that's a plus.

1 2 months 3 weeks ago 37

Code Share

This user has not submitted any code shares.