IBM Security Verify

 View Only
  • 1.  MAC One-time password

    Posted Fri April 30, 2021 08:26 AM
    Edited by Joao Goncalves Fri April 30, 2021 09:33 AM
    I am trying to implement this mechanism, and I am stuck on how to overcome ISVA restrictions:
    • MAC will generate a password
    • He must deliver the password to the customer using a delivery method.
      • By email
      • By SMS

    Unfortunately, I don't have other options for the delivery method, or even create a custom delivery method.
    In fact I need to deliver by SMS, but the service provider requires me to send a SOAP request!

    So here are the options I thought on using:
    • I was trying to use the properties available by SMS configuration. It would be great if I could specify the body of the request! Unfortunately I cannot! DEAD END!
    • So, I thought on sending the SMS request to ISAM itself and eventually get it, and in a junction I could capture the request and then I could make the SOAP request! Perhaps by calling http://localhost/mga/sps/authsvc?PolicyId=urn:ibm:security:authentication:asf:MySendSMS and providing the arguments in the header.
    • Final alternative, is for me to develop the whole MAC, generate it, Send the SOAP request and deliver the OTP, create the interface for the user to type in the One-time password and validate it.

    Are there any other alternatives? Which one is the best?

    ------------------------------
    Joao Goncalves
    Pyxis, Lda.
    ------------------------------


  • 2.  RE: MAC One-time password

    Posted Fri May 14, 2021 08:52 AM
    Hi Joao,

    Does this help at all?

    https://philipnye.com/2017/02/14/isam-create-a-new-otp-mechanism/

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------