Follow

AuthAnvil Two Factor Auth authentication APIs

Developer Center - Scorpion Software

­

Two Factor Auth

Setup

If your 2FA Server is accessible on https://yourFullyQualifiedDomain.com/AuthAnvil, then you can find the Authentication calls at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx and more information at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx?wsdl

The web service verifies 2FA credentials and authenticates valid credentials. Used by all AuthAnvil products to verify 2FA credentials. It provides 3 different authentication methods and a Version method to verify responsiveness.

Notes:

  • The Tokentype parameter for Authenticate should always be set to 1.
  • You can invoke Authenticate directly for testing 2FA credentials.
  • The Admin.asmx and MasterAdmin.asmx have methods that allow testing and resynchronization of all types of tokens.

Authenticate

This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server.

Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Authenticate with AuthAnvil username, and a passcode of PIN + OTP
bool validCredentials = validator.Authenticate(userName, passCode, 1, siteID);

 

Authenticate in PHP

/**
* Call Authenticate at the AuthAnvil server
*
* @param String $user username entered by user
* @param String $otp One-time Password entered by user
* @param String $authanvil_sas_url SAS URL of AuthAnvil server
* @param String $authanvil_site_id Site ID of AuthAnvil server
* @return Boolean Is the password OK ?
*/
function Authenticate($user, $otp, $authanvil_sas_url, $authanvil_site_id)
{
//First check for passcode length - Should be ([4 -> 8 digit pin] + 8 digit OTP)
if (strlen($otp) < 12 || strlen($otp) > 16)
{
return false;
}

//Then try and authenticate the user. Bail on exception and fail safe by returning false
try
{
$client = new SoapClient($authanvil_sas_url . '?wsdl');
$response = $client->Authenticate(array('Username'=> $user, 'Passcode'=> $otp, 'Tokentype'=> 1, 'SiteID'=> $authanvil_site_id));

return $response->AuthenticateResult;
}
catch (Exception $e)
{
return false;
}
}



AuthenticateMSCHAP2

This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server through an MS-CHAP2 session used in VPN and RADIUS. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Authenticate using MS-CHAP2 Challenge and Response used in VPN and RADIUS
bool validMSCHAPCredentials = validator.AuthenticateMSCHAP2(userName, PeerChallenge, ChapChallenge, ChapResponse, 1, siteID);

AuthenticateWithCachedCredentials

This method authenticates a user against their passcode [PIN+OTP] and reports offline authentications in the AuthAnvil Strong Authentication Server, returning a salted hash cache list for offline authentication. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Create log events to be sent to the 2FA Server
//This should detail previous offline authentications and failures
object[] offLineLogListItems = PopulateLogEvents();

//The list of hashed otps that will be returned
object[] otpList;

//Generate a secure hash using machine specific values.
string hashSalt = GenerateHashSalt();

//Authenticate as normal, and get a list of hashed OTPs that can be used offline.
bool validCachedCredentials = validator.AuthenticateWithCachedCredentials(userName, passCode, siteID, hashSalt, offLineLogListItems, otpList);

Version

This method returns the current version of AuthAnvil. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

string version = validator.Version();

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk