Developer Center - Scorpion Software
Two Factor Auth
Setup
If your 2FA Server is accessible on https://yourFullyQualifiedDomain.com/AuthAnvil, then you can find the Authentication calls at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx and more information at https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx?wsdl
The web service verifies 2FA credentials and authenticates valid credentials. Used by all AuthAnvil products to verify 2FA credentials. It provides 3 different authentication methods and a Version method to verify responsiveness.
Notes:
- The Tokentype parameter for Authenticate should always be set to 1.
- You can invoke Authenticate directly for testing 2FA credentials.
- The Admin.asmx and MasterAdmin.asmx have methods that allow testing and resynchronization of all types of tokens.
Authenticate
This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server.
Example:
TokenValidator validator = new TokenValidator();
validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";
//Authenticate with AuthAnvil username, and a passcode of PIN + OTP
bool validCredentials = validator.Authenticate(userName, passCode, 1, siteID);
Authenticate in PHP
/**
* Call Authenticate at the AuthAnvil server
*
* @param String $user username entered by user
* @param String $otp One-time Password entered by user
* @param String $authanvil_sas_url SAS URL of AuthAnvil server
* @param String $authanvil_site_id Site ID of AuthAnvil server
* @return Boolean Is the password OK ?
*/
function Authenticate($user, $otp, $authanvil_sas_url, $authanvil_site_id)
{
//First check for passcode length - Should be ([4 -> 8 digit pin] + 8 digit OTP)
if (strlen($otp) < 12 || strlen($otp) > 16)
{
return false;
}
//Then try and authenticate the user. Bail on exception and fail safe by returning false
try
{
$client = new SoapClient($authanvil_sas_url . '?wsdl');
$response = $client->Authenticate(array('Username'=> $user, 'Passcode'=> $otp, 'Tokentype'=> 1, 'SiteID'=> $authanvil_site_id));
return $response->AuthenticateResult;
}
catch (Exception $e)
{
return false;
}
}
AuthenticateMSCHAP2
This method authenticates a user against their passcode [PIN+OTP] in the AuthAnvil Strong Authentication Server through an MS-CHAP2 session used in VPN and RADIUS. Example:
TokenValidator validator = new TokenValidator();
validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";
//Authenticate using MS-CHAP2 Challenge and Response used in VPN and RADIUS
bool validMSCHAPCredentials = validator.AuthenticateMSCHAP2(userName, PeerChallenge, ChapChallenge, ChapResponse, 1, siteID);
AuthenticateWithCachedCredentials
This method authenticates a user against their passcode [PIN+OTP] and reports offline authentications in the AuthAnvil Strong Authentication Server, returning a salted hash cache list for offline authentication. Example:
TokenValidator validator = new TokenValidator();
validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";
//Create log events to be sent to the 2FA Server
//This should detail previous offline authentications and failures
object[] offLineLogListItems = PopulateLogEvents();
//The list of hashed otps that will be returned
object[] otpList;
//Generate a secure hash using machine specific values.
string hashSalt = GenerateHashSalt();
//Authenticate as normal, and get a list of hashed OTPs that can be used offline.
bool validCachedCredentials = validator.AuthenticateWithCachedCredentials(userName, passCode, siteID, hashSalt, offLineLogListItems, otpList);
Version
This method returns the current version of AuthAnvil. Example:
TokenValidator validator = new TokenValidator();
validator.Url = "https://yourFullyQualifiedDomain.com/AuthAnvil/sas.asmx";
string version = validator.Version();