Request-operation-validation Sample
This sample uses ActivID OAuth/OpenID Connect API and ActivID SCIM API to send a Logon Validation or an Action Validation to the HID Approve application:
-
Authenticates to ActivID AS using spl-api user.
-
Generates a Logon approval message.
-
Requests ActivID AS to send a message to the user’s mobile device.
-
ActivID AS then pushes the message to mobile device though the Microsoft Azure Notification Hub.
-
The user uses the mobile device to approve or decline the logon validation request.
-
ActivID AS notifies the result of the user validation (approve or decline the request) on the JMS topic.
Install the Sample
-
Unzip the Push_Authentication_Sample\Request-operation-validation-sample.zip file to the destination of your choice (for example, a request-operation-validation-sample folder).
-
Create the truststore file in the config subfolder using the Java keytool located on your client machine in <JAVA_HOME>/bin.
- For JBoss, retrieve <JBOSS_HOME>/ssl-server.truststore and copy it to your client system under request-operation-validation-sample\config
- For WebSphere:
- Retrieve your server SSL certificate (as described in the ActivID AS installation guide).
Create the truststore file using Java keytool
Copykeytool -import -file ssl-server.cer -alias <serverName> -keystore truststore.jks -storepass <mypassword> -noprompt
Where <mypassword> is the password you set to protect the certificate.
-
Edit the request-operation-validation-sample\config\deliverChallenge.properties configuration file and update it with information from your deployment.
-
Go to request-operation-validation-sample\scripts directory and edit the RequestDeviceRegistration.bat and RequestOperationValidation.sh files to configure the path and password of the truststore created earlier.
Run the request-operation-validation Sample
-
Retrieve the device id of the registered device.
For example, from the output of the request for the device-registration-sample (or using the ActivID Management Console):
-
On the scripts subfolder, run the following command:
CopyRequestOperationValidation.bat –u myuser –did 14780 –ci correlationID1234 –t testLogonMessage
CorrelationID1234
is a sample value for the ID of this operation.testLogonMessage
is a sample value for the message that will be displayed to user on the HID Approve application for approval.
Where:
REST API Request Samples for Operation Validation
-
Search the user myTestUser1 to get its userid (13274):
CopyPOST https://myServer:8445/scim/ONLINEBANK/v2/Users/.search
Headers:
Authorization: Bearer RTp7HwAAAWAMlL+hho0qmFlEndOxkGDGKhMOCPjA
Content-Type: application/scim+json
Accept: application/scim+json
Body:
{"schemas":["urn:ietf:params:scim:api:messages:2.0:SearchRequest"],"filter":"username eq myTestUser1"}
Response: HTTP/1.1 200 OK
Headers:
Cache-Control: no-cache
X-Powered-By: Undertow/1
Server: JBoss-EAP/7
Pragma: no-cache
Date: Thu, 30 Nov 2017 10:59:23 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/scim+json;charset=utf-8
{"schemas":["urn:ietf:params:scim:api:messages:2.0:ListResponse"],"totalResults":1,"resources":[{"schemas":["urn:ietf:params:scim:schemas:core:2.0:User","urn:hid:scim:api:idp:2.0:UserDevice","urn:hid:scim:api:idp:2.0:UserAttribute","urn:hid:scim:api:idp:2.0:UserAuthenticator"],"id":"13274","externalId":"myTestUser1","meta":{"resourceType":"User","created":"2017-11-29T23:00:00Z","location":"https://myServer:8445/scim/ONLINEBANK/v2/Users/13274","version":"1"},"userName":"myTestUser1","active":true,"groups":[{"type":"Group","display":"Consumer Online Banking","value":"USG_CUST1","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Groups/USG_CUST1"}],"roles":[],"urn:hid:scim:api:idp:2.0:UserAttribute":{"attributes":[]},"urn:hid:scim:api:idp:2.0:UserAuthenticator":{"authenticators":[{"display":"AT_TDS","value":"13274.AT_TDS","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_TDS"},{"display":"AT_PASA","value":"13274.AT_PASA","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_PASA"},{"display":"AT_SMK","value":"13274.AT_SMK","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_SMK"},{"display":"AT_CUSTOTP","value":"13274.AT_CUSTOTP","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_CUSTOTP"}]},"urn:hid:scim:api:idp:2.0:UserDevice":{"devices":[{"display":"SN_1019003681","value":"13275","$ref":"https://myServer:8445/scim/ONLINEBANK/v2/Device/13275"}]}}]}
-
Creation of the logon validation request (value myTransactionContent for user 13274 on authenticator of type AT_PASA for device 13275):
CopyPOST https://myServer:8445/scim/ONLINEBANK/v2/Authenticator/13274.AT_PASA
Headers:
Authorization: Bearer RTp7HwAAAWAMlL+hho0qmFlEndOxkGDGKhMOCPjA
Content-Type: application/scim+json
Accept: application/scim+json
Body:
{"schemas":["urn:hid:scim:api:idp:2.0:Authenticator","urn:hid:scim:api:idp:2.0:Action"],"id":"13274.AT_PASA","urn:hid:scim:api:idp:2.0:Action":{"schemas":["urn:hid:scim:api:idp:2.0:Action"],"attributes":[{"name":"tds","type":"string","value":"myTransactionContent","readOnly":false},{"name":"createSession","type":"string","value":"0","readOnly":false},{"name":"correlationid","type":"string","value":"123456789","readOnly":false},{"name":"DEVICE.ID","type":"string","value":"13275","readOnly":false}],"action":"DELIVER-CHALLENGE"}}
Response: HTTP/1.1 200 OK
Headers:
Cache-Control: no-cache
X-Powered-By: Undertow/1
Server: JBoss-EAP/7
Pragma: no-cache
Date: Thu, 30 Nov 2017 10:59:24 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: application/scim+json;charset=utf-8
{"schemas":["urn:hid:scim:api:idp:2.0:Action"],"attributes":[{"name":"CHALLENGE","type":"string","value":"eyJ6aXAiOiJERUYiLCJraWQiOiJLRVkxIiwiY3R5IjoidGV4dFwvcGxhaW4iLCJlbmMiOiJBMjU2Q0JDLUhTNTEyIiwiY29udGFpbmVyaWQiOiIyIiwidmVyc2lvbiI6InY2IiwiYWxnIjoiZGlyIiwiY2lkIjoxMzI4OX0..5uY-eQRZyzGMhWR5G-I9uQ.urP9G2mbHYyLnDIJaM7s2HLsh97SwHAwmsr9qKkkm6YVZOSS-X3s2yE_o2CzHg4hF3seXG0jTI7UD0kS7c6fovaY0azaYHrJyeWLg22ghWk.wGetw2zz-0jiA8VsIMzvi8rQ7zsbnCEYfGNH8loAe0g","readOnly":false},{"name":"CHALLENGE.ID","type":"string","value":"13289","readOnly":false},{"name":"REQUEST.STATUS","type":"string","value":"1","readOnly":false},{"name":"REQUEST.REASON","type":"string","value":"-1","readOnly":false},{"name":"REQUEST.ERROR_MESSAGE","type":"string","readOnly":false}]}