​Hello all,

I need to create a new OTP mechanism which doesn't deliver the OTP but sends it to a portal (REST callout). I found Philip Nye's following article very helpful:
ISAM create a new OTP Mechanism
The above article describes how to use a custom OTP mechanism through web browser. However, I need to invoke this through API from my client using apiauthsvc. I have tried to create my new authentication policy accepting the username and deliveryType from the scope of the request and passing it to MAC OTP mechanism. When I try to invoke the authentication policy from postman, I receive the following error in response:

"State [ID [mechanism].] has no target state on event [internal:abort]."

The complete response is:

{
    "exceptionMsg": "State [ID [mechanism].] has no target state on event [internal:abort].",
    "state": "",
    "message": "",
    "mechanism": "urn:ibm:security:authentication:asf:mechanism:macotp"
}

I need some help regarding what should be the correct flow of invoking this custom OTP mechanism through apiauthsvc so that it generates the stateId and I am able to verify the OTP using the generated stateId?

Best regards,




------------------------------
Jahanzaib Sarwar
------------------------------

Hi Jahanzaib,

How did you solve this?
I'm also getting the same error in postman.





------------------------------
Mukesh
------------------------------

Original Message:
Sent: Sun September 29, 2019 03:09 PM
From: Jahanzaib Sarwar
Subject: ISAM create new OTP Mechanism and Invoke through API

​Hello all,

I need to create a new OTP mechanism which doesn't deliver the OTP but sends it to a portal (REST callout). I found Philip Nye's following article very helpful:
ISAM create a new OTP Mechanism
The above article describes how to use a custom OTP mechanism through web browser. However, I need to invoke this through API from my client using apiauthsvc. I have tried to create my new authentication policy accepting the username and deliveryType from the scope of the request and passing it to MAC OTP mechanism. When I try to invoke the authentication policy from postman, I receive the following error in response:

"State [ID [mechanism].] has no target state on event [internal:abort]."

The complete response is:

{
    "exceptionMsg": "State [ID [mechanism].] has no target state on event [internal:abort].",
    "state": "",
    "message": "",
    "mechanism": "urn:ibm:security:authentication:asf:mechanism:macotp"
}

I need some help regarding what should be the correct flow of invoking this custom OTP mechanism through apiauthsvc so that it generates the stateId and I am able to verify the OTP using the generated stateId?

Best regards,




------------------------------
Jahanzaib Sarwar
------------------------------