MAS MDL Online Activation with USW and DP Gateway

You have OAS, USW and DP Gateway installed and configured. Now you want to have a mobile application to generate OTPs and downloaded Mobile Authenticator Studio (MAS) but would like to have a fully online activation method.

Getting Started

First we'll extract the file MAS_X.XX.X_TwoStep.zip, as this contains the Multi-Device License edition of MAS. Once extracted, we will have the following folder structure:

MAS_X.XX.X
└─── Documentation
└─── DPXs
└─── Integration Samples
└─── Tools
     └─── Customization Tool
     	  └─── core
          └─── input
               └─── cert
               └─── conf
               └─── eula
               └─── fonts
               └─── img
               └─── sign
               └─── svf
               └─── xml
                    └─── DIGIPASS.xml
                    └─── readme.txt
          └─── lib
          └─── log
          └─── Customize.bat
          └─── Customize.command
          └─── Customize.sh
     └─── XML Conversion Tool
└─── Utilities
└─── License.txt
└─── Readme.txt

Configuring the xml

Let's open up DIGIPASS.xml in our favorite text editor and find the section online activation sections with the tags: <MultiDeviceActivation id="multiDeviceOnlineActivation"> and <MultiDeviceActivation id="multiDeviceOnlineImageActivation">. In these sections we will replace the OnlineLicenseActivation section with the following:

<OnlineLicenseActivation useRegistrationIdentifier="true" useAuthorizationCode="false" checksumOnAuthorizationCode="false" inputType="manual">
    <URL method="POST" value="https://{{server_url}}:{{port}}/licenseActivation?RegistrationIdentifier=%_RegistrationIdentifier_%&amp;PublicKey=%_PublicKey_%&amp;InitialVector=%_InitialVector_%"/>
</OnlineLicenseActivation>

or

<OnlineLicenseActivation useRegistrationIdentifier="true" useAuthorizationCode="false" checksumOnAuthorizationCode="false" inputType="image" imageFormat="all">
    <URL method="POST" value="https://{{server_url}}:{{port}}/licenseActivation?RegistrationIdentifier=%_RegistrationIdentifier_%&amp;PublicKey=%_PublicKey_%&amp;InitialVector=%_InitialVector_%"/>
</OnlineLicenseActivation>

depending on if you are using the manual input or are scanning an image. This process takes the credentials for the DSAPP protocol, establishes a secure channel and retrieves activation message 1.

Next we will have to replace the OnlineInstanceActivation section as well:

<OnlineInstanceActivation>
    <URL method="POST" value="https://{{server_url}}:{{port}}/instanceActivation?RegistrationIdentifier=%_RegistrationIdentifier_%&amp;DeviceCode=%_DeviceCode_%&amp;Nonce=%_Nonce_%&amp;InitialVector=%_InitialVector_%"/>
</OnlineInstanceActivation>

This will retrieve activation message 2 and activate an instance on the server.

Finally to complete the online activation process, we will want to verify that the token is working correctly and will sign activation message 2 using the secure channel application. The secure channel application index must be specified in the PostActivation tag as follows:

<PostActivation cryptoAppIndex="4">

The value may be different depending on your configuration. We will now replace the OnlinePostActivation section with the following:

<OnlinePostActivation destroyOnFailure="true" displayMessageOnSuccess="false">
    <URL method="POST" value="https://{{server_url}}:{{port}}/postActivation?RegistrationIdentifier=%_RegistrationIdentifier_%&amp;OTP=%_OTP_%"/>
</OnlinePostActivation>

Conclusion

We now have configured the xml, now all that is left is to build the application and test!

Show Comments