Request-operation-validation Sample

This sample uses ActivID OAuth/OpenID Connect API and ActivID SCIM API to send a Logon Validation or an Action Validation to the HID Approve application:

  • Authenticates to ActivID AS using spl-api user.

  • Generates a Logon approval message.

  • Requests ActivID AS to send a message to the user’s mobile device.

  • ActivID AS then pushes the message to mobile device though the Microsoft Azure Notification Hub.

  • The user uses the mobile device to approve or decline the logon validation request.

  • ActivID AS notifies the result of the user validation (approve or decline the request) on the JMS topic.

Install the Sample

  1. Unzip the Push_Authentication_Sample\Request-operation-validation-sample.zip file to the destination of your choice (for example, a request-operation-validation-sample folder).

  2. Create the truststore file in the config subfolder using the Java keytool located on your client machine in <JAVA_HOME>/bin.

    • For JBoss, retrieve <JBOSS_HOME>/ssl-server.truststore and copy it to your client system under request-operation-validation-sample\config
    • For WebSphere:
      • Retrieve your server SSL certificate (as described in the ActivID AS installation guide).
      • Create the truststore file using Java keytool

        Copy
        keytool -import -file ssl-server.cer -alias <serverName> -keystore truststore.jks -storepass <mypassword> -noprompt
      • Where <mypassword> is the password you set to protect the certificate.

  3. Edit the request-operation-validation-sample\config\deliverChallenge.properties configuration file and update it with information from your deployment.

  4. Go to request-operation-validation-sample\scripts directory and edit the RequestDeviceRegistration.bat and RequestOperationValidation.sh files to configure the path and password of the truststore created earlier.

Run the request-operation-validation Sample

Prerequisites: A user has a successfully registered device.
  1. Retrieve the device id of the registered device.

    For example, from the output of the request for the device-registration-sample (or using the ActivID Management Console):

  2. On the scripts subfolder, run the following command:

    Copy
    RequestOperationValidation.bat –u myuser –did 14780 –ci correlationID1234 –t testLogonMessage
  3. Where:

    • CorrelationID1234 is a sample value for the ID of this operation.
    • testLogonMessage is a sample value for the message that will be displayed to user on the HID Approve application for approval.

REST API Request Samples for Operation Validation

  • Search the user myTestUser1 to get its userid (13274):

    Copy
    POST https://myServer:8445/scim/ONLINEBANK/v2/Users/.search
     Headers:
       Authorization: Bearer RTp7HwAAAWAMlL+hho0qmFlEndOxkGDGKhMOCPjA
       Content-Type: application/scim+json
       Accept: application/scim+json
     Body:
    {"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"filter":"username eq myTestUser1"}
     
    Response: HTTP/1.1 200 OK
     Headers:
       Cache-Control: no-cache
       X-Powered-By: Undertow/1
       Server: JBoss-EAP/7
       Pragma: no-cache
       Date: Thu, 30 Nov 2017 10:59:23 GMT
       Connection: keep-alive
       Strict-Transport-Security: max-age=16070400; includeSubDomains
       X-Content-Type-Options: nosniff
       Transfer-Encoding: chunked
       Content-Type: application/scim+json;charset=utf-8
    {"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"totalResults":1,"resources":[{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:hid:scim:api:idp:2.0:UserDevice","urn:hid:scim:api:idp:2.0:UserAttribute","urn:hid:scim:api:idp:2.0:UserAuthenticator"],"id":"13274","externalId":"myTestUser1","meta":{"resourceType":"User","created":"2017-11-29T23:00:00Z","location":"https://myServer:8445/scim/ONLINEBANK/v2/Users/13274","version":"1"},"userName":"myTestUser1","active":true,"groups":[{"type":"Group","display":"Consumer Online Banking","value":"USG_CUST1","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Groups/USG_CUST1"}],"roles":[],"urn:hid:scim:api:idp:2.0:UserAttribute":{"attributes":[]},"urn:hid:scim:api:idp:2.0:UserAuthenticator":{"authenticators":[{"display":"AT_TDS","value":"13274.AT_TDS","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_TDS"},{"display":"AT_PASA","value":"13274.AT_PASA","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_PASA"},{"display":"AT_SMK","value":"13274.AT_SMK","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_SMK"},{"display":"AT_CUSTOTP","value":"13274.AT_CUSTOTP","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_CUSTOTP"}]},"urn:hid:scim:api:idp:2.0:UserDevice":{"devices":[{"display":"SN_1019003681","value":"13275","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Device/13275"}]}}]}
  • Creation of the logon validation request (value myTransactionContent  for user 13274 on authenticator of type AT_PASA for device 13275):

    Copy
    POST https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_PASA
     Headers:
       Authorization: Bearer RTp7HwAAAWAMlL+hho0qmFlEndOxkGDGKhMOCPjA
       Content-Type: application/scim+json
       Accept: application/scim+json
     Body:
    {"schemas":["urn:hid:scim:api:idp:2.0:Authenticator","urn:hid:scim:api:idp:2.0:Action"],"id":"13274.AT_PASA","urn:hid:scim:api:idp:2.0:Action":{"schemas":["urn:hid:scim:api:idp:2.0:Action"],"attributes":[{"name":"tds","type":"string","value":"myTransactionContent","readOnly":false},{"name":"createSession","type":"string","value":"0","readOnly":false},{"name":"correlationid","type":"string","value":"123456789","readOnly":false},{"name":"DEVICE.ID","type":"string","value":"13275","readOnly":false}],"action":"DELIVER-CHALLENGE"}}
     
    Response: HTTP/1.1 200 OK
     Headers:
       Cache-Control: no-cache
       X-Powered-By: Undertow/1
       Server: JBoss-EAP/7
       Pragma: no-cache
       Date: Thu, 30 Nov 2017 10:59:24 GMT
       Connection: keep-alive
       Strict-Transport-Security: max-age=16070400; includeSubDomains
       X-Content-Type-Options: nosniff
       Transfer-Encoding: chunked
       Content-Type: application/scim+json;charset=utf-8
    {"schemas":["urn:hid:scim:api:idp:2.0:Action"],"attributes":[{"name":"CHALLENGE","type":"string","value":"eyJ6aXAiOiJERUYiLCJraWQiOiJLRVkxIiwiY3R5IjoidGV4dFwvcGxhaW4iLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiY29udGFpbmVyaWQiOiIyIiwidmVyc2lvbiI6InY2IiwiYWxnIjoiZGlyIiwiY2lkIjoxMzI4OX0..5uY-eQRZyzGMhWR5G-I9uQ.urP9G2mbHYyLnDIJaM7s2HLsh97SwHAwmsr9qKkkm6YVZOSS-X3s2yE_o2CzHg4hF3seXG0jTI7UD0kS7c6fovaY0azaYHrJyeWLg22ghWk.wGetw2zz-0jiA8VsIMzvi8rQ7zsbnCEYfGNH8loAe0g","readOnly":false},{"name":"CHALLENGE.ID","type":"string","value":"13289","readOnly":false},{"name":"REQUEST.STATUS","type":"string","value":"1","readOnly":false},{"name":"REQUEST.REASON","type":"string","value":"-1","readOnly":false},{"name":"REQUEST.ERROR_MESSAGE","type":"string","readOnly":false}]}