IBM Security Verify

 View Only
Expand all | Collapse all

ISAM create new OTP Mechanism and Invoke through API

  • 1.  ISAM create new OTP Mechanism and Invoke through API

    Posted Sun September 29, 2019 03:09 PM
    ​Hello all,

    I need to create a new OTP mechanism which doesn't deliver the OTP but sends it to a portal (REST callout). I found Philip Nye's following article very helpful:
    ISAM create a new OTP Mechanism
    The above article describes how to use a custom OTP mechanism through web browser. However, I need to invoke this through API from my client using apiauthsvc. I have tried to create my new authentication policy accepting the username and deliveryType from the scope of the request and passing it to MAC OTP mechanism. When I try to invoke the authentication policy from postman, I receive the following error in response:

    "State [ID [mechanism].] has no target state on event [internal:abort]."

    The complete response is:

    {
        "exceptionMsg": "State [ID [mechanism].] has no target state on event [internal:abort].",
        "state": "",
        "message": "",
        "mechanism": "urn:ibm:security:authentication:asf:mechanism:macotp"
    }

    I need some help regarding what should be the correct flow of invoking this custom OTP mechanism through apiauthsvc so that it generates the stateId and I am able to verify the OTP using the generated stateId?

    Best regards,




    ------------------------------
    Jahanzaib Sarwar
    ------------------------------


  • 2.  RE: ISAM create new OTP Mechanism and Invoke through API

    Posted Wed October 21, 2020 01:24 PM
    Hi Jahanzaib,

    How did you solve this?
    I'm also getting the same error in postman.





    ------------------------------
    Mukesh
    ------------------------------