IBM Security Verify

 View Only

MAC OTP Validation - REST API - issue with Enforcing invalid pin attempts - 9.0.7

  • 1.  MAC OTP Validation - REST API - issue with Enforcing invalid pin attempts - 9.0.7

    Posted Wed June 22, 2022 02:40 PM
    We have configured Authentication policy with MAC OTP mechanism. We are calling policy from the application to generate and validating OTP as mentioned below

    OTP Generation Curl eg;
    curl -k -v -X POST -H "Content-Type:application/json" -H "Accept: application/json" --data "{'myuid' : 'aacuser' , 'media' : 'Email' , 'deliveryAttribute' : 'local@admin.com'}" "https://isamhost/mga/sps/apiauthsvc?PolicyId=urn:ibm:security:authentication:asf:newmacotp"

    OTP Validation Curl Eg:

    curl -k -v -X PUT -H "Content-Type:application/json" -H "Accept: application/json" --data "{'otp.user.otp-hint':'3608','otp.user.otp':'555999'}" "https://isamhost/mga/sps/apiauthsvc?StateId=dWbRQpE8KqLYnJmbDFBmvOYJCwvhvhgAJ7bALjEK2orSd6UOUtPya2t9eXTvuha0DWhenNKhhDEFqjKYtHMC9hXbrQ0crEhOcq6MsIg6BTKP1huiP4wAcU428qzKGE5M"

    We are able to validate when we enter valid pin and no issues identified but when we try with invalid pin, it is not enforcing retry limit value from OTPVerify mapping rule.
    We have noticed IDMappingExtUtils.getSPSSessionData(retryCounterID) value as null during OTPVerify mapping rule execution.

    We have configured
    authentication and access module for cookieless operation to function in like an API as mentioned below. 

                          https://www.ibm.com/docs/en/sva/9.0.7?topic=authentication-configuring-access-module-cookieless-operation

    Are we missing anything in our config?



     



    ------------------------------
    Anji Babu
    ------------------------------