AuthAnvil Two Factor Auth authentication APIs

Developer Center - Scorpion Software

­

// <![CDATA[ document.documentElement.className = 'js'; // ]]> // <![CDATA[ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/72x72\/","ext":".png","source":{"concatemoji":"http:\/\/www.scorpionsoft.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=4.5.3"}}; !function(a,b,c){function d(a){var c,d,e,f=b.createElement("canvas"),g=f.getContext&&f.getContext("2d"),h=String.fromCharCode;if(!g||!g.fillText)return!1;switch(g.textBaseline="top",g.font="600 32px Arial",a){case"flag":return g.fillText(h(55356,56806,55356,56826),0,0),f.toDataURL().length>3e3;case"diversity":return g.fillText(h(55356,57221),0,0),c=g.getImageData(16,16,1,1).data,d=c[0]+","+c[1]+","+c[2]+","+c[3],g.fillText(h(55356,57221,55356,57343),0,0),c=g.getImageData(16,16,1,1).data,e=c[0]+","+c[1]+","+c[2]+","+c[3],d!==e;case"simple":return g.fillText(h(55357,56835),0,0),0!==g.getImageData(16,16,1,1).data[0];case"unicode8":return g.fillText(h(55356,57135),0,0),0!==g.getImageData(16,16,1,1).data[0]}return!1}function e(a){var c=b.createElement("script");c.src=a,c.type="text/javascript",b.getElementsByTagName("head")[0].appendChild(c)}var f,g,h,i;for(i=Array("simple","flag","unicode8","diversity"),c.supports={everything:!0,everythingExceptFlag:!0},h=0;h<i.length;h++)c.supports[i[h]]=d(i[h]),c.supports.everything=c.supports.everything&&c.supports[i[h]],"flag"!==i[h]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[i[h]]);c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&!c.supports.flag,c.DOMReady=!1,c.readyCallback=function(){c.DOMReady=!0},c.supports.everything||(g=function(){c.readyCallback()},b.addEventListener?(b.addEventListener("DOMContentLoaded",g,!1),a.addEventListener("load",g,!1)):(a.attachEvent("onload",g),b.attachEvent("onreadystatechange",function(){"complete"===b.readyState&&c.readyCallback()})),f=c.source||{},f.concatemoji?e(f.concatemoji):f.wpemoji&&f.twemoji&&(e(f.twemoji),e(f.wpemoji)))}(window,document,window._wpemojiSettings); // ]]> // <![CDATA[ jQueryWP = jQuery; // ]]> // <![CDATA[ jQuery(function($) { if (/chrom(e|ium)/.test(navigator.userAgent.toLowerCase())) { $('body').css('opacity', '1.0') } }) // ]]> // <![CDATA[ (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-28553070-1', 'auto', {'allowLinker' : true}); ga('require', 'linker'); ga('linker:autoLink', ['content.scorpionsoft.com'] ); ga('send', 'pageview'); // ]]>

Two Factor Auth

Setup

If your 2FA Server is accessible on https://yourFullyQualifiedDomain.com/AuthAnvil, then you can find the Authentication calls at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx and more information at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx?wsdl

The web service verifies 2FA credentials and authenticates valid credentials. Used by all AuthAnvil products to verify 2FA credentials. It provides 3 different authentication methods and a Version method to verify responsiveness.

Notes:

  • The Tokentype parameter for Authenticate should always be set to 1.
  • You can invoke Authenticate directly for testing 2FA credentials.
  • The Admin.asmx and MasterAdmin.asmx have methods that allow testing and resynchronization of all types of tokens.

Authenticate

This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server.

Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Authenticate with AuthAnvil username, and a passcode of PIN + OTP
bool validCredentials = validator.Authenticate(userName, passCode, 1, siteID);

 

Authenticate in PHP

/**
* Call Authenticate at the AuthAnvil server
*
* @param String $user username entered by user
* @param String $otp One-time Password entered by user
* @param String $authanvil_sas_url SAS URL of AuthAnvil server
* @param String $authanvil_site_id Site ID of AuthAnvil server
* @return Boolean Is the password OK ?
*/
function Authenticate($user, $otp, $authanvil_sas_url, $authanvil_site_id)
{
//First check for passcode length - Should be ([4 -> 8 digit pin] + 8 digit OTP)
if (strlen($otp) < 12 || strlen($otp) > 16)
{
return false;
}

//Then try and authenticate the user. Bail on exception and fail safe by returning false
try
{
$client = new SoapClient($authanvil_sas_url . '?wsdl');
$response = $client->Authenticate(array('Username'=> $user, 'Passcode'=> $otp, 'Tokentype'=> 1, 'SiteID'=> $authanvil_site_id));

return $response->AuthenticateResult;
}
catch (Exception $e)
{
return false;
}
}



AuthenticateMSCHAP2

This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server through an MS-CHAP2 session used in VPN and RADIUS. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Authenticate using MS-CHAP2 Challenge and Response used in VPN and RADIUS
bool validMSCHAPCredentials = validator.AuthenticateMSCHAP2(userName, PeerChallenge, ChapChallenge, ChapResponse, 1, siteID);

AuthenticateWithCachedCredentials

This method authenticates a user against their passcode [PIN+OTP] and reports offline authentications in the AuthAnvil Strong Authentication Server, returning a salted hash cache list for offline authentication. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

//Create log events to be sent to the 2FA Server
//This should detail previous offline authentications and failures
object[] offLineLogListItems = PopulateLogEvents();

//The list of hashed otps that will be returned
object[] otpList;

//Generate a secure hash using machine specific values.
string hashSalt = GenerateHashSalt();

//Authenticate as normal, and get a list of hashed OTPs that can be used offline.
bool validCachedCredentials = validator.AuthenticateWithCachedCredentials(userName, passCode, siteID, hashSalt, offLineLogListItems, otpList);

Version

This method returns the current version of AuthAnvil. Example:

TokenValidator validator = new TokenValidator();

validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";

string version = validator.Version();

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us