Hello all,
I need to create a new OTP mechanism which doesn't deliver the OTP but sends it to a portal (REST callout). I found Philip Nye's following article very helpful:
ISAM create a new OTP MechanismThe above article describes how to use a custom OTP mechanism through web browser. However, I need to invoke this through API from my client using apiauthsvc. I have tried to create my new authentication policy accepting the username and deliveryType from the scope of the request and passing it to MAC OTP mechanism. When I try to invoke the authentication policy from postman, I receive the following error in response:
"State [ID [mechanism].] has no target state on event [internal:abort]."
The complete response is:
{
"exceptionMsg": "State [ID [mechanism].] has no target state on event [internal:abort].",
"state": "",
"message": "",
"mechanism": "urn:ibm:security:authentication:asf:mechanism:macotp"
}
I need some help regarding what should be the correct flow of invoking this custom OTP mechanism through apiauthsvc so that it generates the stateId and I am able to verify the OTP using the generated stateId?
Best regards,
------------------------------
Jahanzaib Sarwar
------------------------------