IDENTIKEY Authentication Server

SDK SOAP Reference

3.11
 Disclaimer of Warranties and Limitations of Liabilities

Intellectual Property
VASCO Software, documents and related materials (“Materials”) made available on the Site contain pro-
prietary and confidential information. All title, rights and interest in VASCO Software and Materials,
updates and upgrades thereof, including software rights, copyrights, patent rights, trade secret rights,
sui generis database rights, and all other intellectual and industrial property rights, vest exclusively in
VASCO or its licensors. No VASCO Software or Materials published in this Site may be downloaded,
copied, transferred, disclosed, reproduced, redistributed, or transmitted in any form or by any means,
electronic, mechanical or otherwise, for any commercial or production purpose, except as otherwise
marked or when expressly permitted by VASCO in writing.

Disclaimer
VASCO accepts no liability for the accuracy, completeness, or timeliness of Site content, or for the reli-
ability of links to and content of external or third party websites.

VASCO shall have no liability under any circumstances for any loss, damage, or expense incurred by
you, your company, or any third party arising from the use or inability to use VASCO Software or Mater-
ials, or any third party material available or downloadable from the Site. VASCO will not be liable in rela-
tion to any loss/damage caused by modification of these Legal Notices or Site content.

Reservation
VASCO reserves the right to modify these Notices and the content at any time. VASCO likewise reserves
the right to withdraw or revoke consent or otherwise prohibit use of the VASCO Software or Materials if
such use does not conform to the terms of any written agreement between VASCO and you, or other
applicable terms that VASCO publishes from time to time.

Trademarks
VASCO®, VACMAN®, IDENTIKEY®, aXsGuard®, DIGIPASS®, CertiID®, CRONTO™, MYDIGIPASS.COM™,
the MYDIGIPASS.COM MD Lock logo, the DP+ logo, the VASCO ‘V’ logo, and the CRONTO logo are
registered or unregistered trademarks of VASCO Data Security, Inc. and/or VASCO Data Security Inter-
national GmbH in the U.S. and other countries.

VASCO reserves all rights to the trademarks, service marks and logos of VASCO and its subsidiaries.

Copyright
Copyright © 2008–2016 VASCO Data Security, Inc., VASCO Data Security International GmbH. All rights
reserved.

Date last modified: 11/13/2016

 Table of Contents

Table of Contents

1. Introduction 27

1.1. Who should read this guide? 27

1.2. Reading Requirements 27

1.3. IDENTIKEY Authentication Server Documentation Suite 27

2. SOAP Authentication 29

2.1. authUser 33

2.2. getChallenge 35

2.3. getSecureChallenge 35

2.4. updatePassword 36

2.5. changeEncStatPwd 37

2.6. changeBackendPassword 37

3. SOAP Signature Validation 41

3.1. authSignature 43

3.2. genSignature 44

3.3. genRequest 45

4. SOAP EMV-CAP Authentication 47

5. SOAP Administration Overview 50

5.1. logon 51

5.2. logoff 54

5.3. sessionalive 54

6. userExecute 56

6.1. USERCMD_CREATE 61

6.2. USERCMD_VIEW 62

6.3. USERCMD_GET_ADMIN_DOMAINS 64

6.4. USERCMD_SET_ADMIN_DOMAINS 64

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference iii

 Table of Contents

6.5. USERCMD_DELETE 65

6.6. USERCMD_UPDATE 65

6.7. USERCMD_LINK_USER 67

6.8. USERCMD_UNLINK_USER 69

6.9. USERCMD_MOVE 70

6.10. USERCMD_GET_PERMISSION 70

6.11. USERCMD_SET_PERMISSION 71

6.12. USERCMD_COPY_PERMISSION 71

6.13. USERCMD_ENABLE 72

6.14. USERCMD_DISABLE 72

6.15. USERCMD_UNLOCK 73

6.16. USERCMD_RESET_PASSWORD 74

6.17. USERCMD_SET_PASSWORD 74

6.18. USERCMD_SET_EXPIRATION 75

6.19. USERCMD_RESET_LAST_AUTH_TIME 75

6.20. Attribute Options 76

7. userQuery 77

7.1. Parameters 77

7.2. Example 82

7.3. Requirements 83

7.4. Additional Considerations 83

8. userattributeExecute 84

8.1. USERATTRIBUTECMD_CREATE 85

8.2. USERATTRIBUTECMD_VIEW 86

8.3. USERATTRIBUTECMD_UPDATE 87

8.4. USERATTRIBUTECMD_DELETE 88

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference iv

 Table of Contents

9. userSendNotification 89

9.1. Parameters 89

9.2. Example 90

9.3. Requirements 91

10. offlinedataExecute 92

10.1. OFFLINEDATACMD_VIEW 93

10.2. OFFLINEDATACMD_DELETE 94

11. digipassExecute 95

11.1. DIGIPASSCMD_VIEW 101

11.2. DIGIPASSCMD_UPDATE 102

11.3. DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE 104

11.4. DIGIPASSCMD_DELETE 105

11.5. DIGIPASSCMD_ASSIGN 105

11.6. DIGIPASSCMD_UNASSIGN 107

11.7. DIGIPASSCMD_MOVE 108

11.8. DIGIPASSCMD_SET_EXPIRATION 108

11.9. DIGIPASSCMD_RESET_ACTIVATION 109

11.10. DIGIPASSCMD_GENERATE_ACTIVATION_DATA 110

11.11. DIGIPASSCMD_SEND_ACTIVATION_DATA 111

11.12. DIGIPASSCMD_BIND_DEVICE 112

11.13. DIGIPASSCMD_UNBIND_DEVICE 112

11.14. DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE 113

11.15. DIGIPASSCMD_ADD_DEVICE 113

11.16. DIGIPASSCMD_DEACTIVATE 114

12. digipassQuery 115

12.1. Parameters 115

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference v

 Table of Contents

12.2. Example 120

12.3. Requirements 121

12.4. Additional Considerations 121

13. digipassapplExecute 122

13.1. DIGIPASSAPPLCMD_CREATE 129

13.2. DIGIPASSAPPLCMD_VIEW 129

13.3. DIGIPASSAPPLCMD_UPDATE 130

13.4. DIGIPASSAPPLCMD_DELETE 131

13.5. DIGIPASSAPPLCMD_TEST_OTP 131

13.6. DIGIPASSAPPLCMD_RESET_APPL 132

13.7. DIGIPASSAPPLCMD_RESET_PIN 133

13.8. DIGIPASSAPPLCMD_SET_PIN 133

13.9. DIGIPASSAPPLCMD_ENABLE_PIN 134

13.10. DIGIPASSAPPLCMD_DISABLE_PIN 134

13.11. DIGIPASSAPPLCMD_UNLOCK 135

13.12. DIGIPASSAPPLCMD_GETINFO 135

13.13. DIGIPASSAPPLCMD_GEN_VOTP 139

13.14. DIGIPASSAPPLCMD_FORCE_PIN_CHANGE 140

13.15. DIGIPASSAPPLCMD_SET_EVENT_COUNTER 140

13.16. DIGIPASSAPPLCMD_RESET_ERROR_COUNT 141

13.17. DIGIPASSAPPLCMD_TEST_SIGNATURE 142

13.18. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 143

13.19. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 144

13.20. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 145

13.21. DIGIPASSAPPLCMD_CREATE_EMVCAP 146

13.22. DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA 147

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference vi

 Table of Contents

14. digipassapplQuery 149

14.1. Parameters 149

14.2. Example 153

14.3. Requirements 154

14.4. Additional Considerations 154

15. dpxfileExecute 155

15.1. DPXFILECMD_IMPORT_FILE 156

15.2. DPXFILECMD_QUERY_STATUS 157

15.3. DPXFILECMD_STOP_IMPORT 158

15.4. dpxfileuploadmime 158

15.5. dpxfileuploaddime 159

15.6. dpxfileuploadmtom 160

16. domainExecute 162

16.1. DOMAINCMD_CREATE 163

16.2. DOMAINCMD_VIEW 163

16.3. DOMAINCMD_UPDATE 164

16.4. DOMAINCMD_DELETE 164

17. domainQuery 165

17.1. Attribute Set 165

17.2. Query Options 165

17.3. Additional Considerations 166

18. orgunitExecute 167

18.1. ORGUNITCMD_CREATE 168

18.2. ORGUNITCMD_VIEW 169

18.3. ORGUNITCMD_UPDATE 169

18.4. ORGUNITCMD_DELETE 170

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference vii

 Table of Contents

19. orgunitQuery 171

19.1. Attribute Set 171

19.2. Query Options 171

19.3. Additional Considerations 172

20. componentExecute 173

20.1. COMPONENTCMD_CREATE 174

20.2. COMPONENTCMD_VIEW 175

20.3. COMPONENTCMD_UPDATE 176

20.4. COMPONENTCMD_DELETE 177

21. componentQuery 179

21.1. Attribute Set 179

21.2. Query Options 179

21.3. Additional Considerations 180

22. backendExecute 181

22.1. BACKENDCMD_CREATE 183

22.2. BACKENDCMD_VIEW 185

22.3. BACKENDCMD_UDPATE 186

22.4. BACKENDCMD_DELETE 188

23. backendQuery 189

23.1. Attribute Set 189

23.2. Query Options 189

23.3. Additional Considerations 190

24. policyExecute 191

24.1. POLICYCMD_CREATE 206

24.2. POLICYCMD_VIEW 215

24.3. POLICYCMD_UPDATE 219

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference viii

 Table of Contents

24.4. POLICYCMD_DELETE 227

24.5. POLICYCMD_GET_EFFECTIVE_POLICY 228

25. policyQuery 233

25.1. Parameters 233

25.2. Example 244

25.3. Requirements 244

25.4. Additional Considerations 245

26. reportExecute 246

26.1. REPORTCMD_CREATE 249

26.2. REPORTCMD_VIEW 250

26.3. REPORTCMD_UPDATE 251

26.4. REPORTCMD_DELETE 253

26.5. REPORTCMD_CHANGE_OWNER 253

26.6. REPORTCMD_RUN 254

26.7. reportfiledownloadmtom 255

27. reportQuery 256

27.1. Attribute Set 256

27.2. Query Options 256

27.3. Additional Considerations 257

28. reportformatExecute 258

28.1. REPORTFORMATCMD_CREATE 259

28.2. REPORTFORMATCMD_VIEW 260

28.3. REPORTFORMATCMD_UPDATE 260

28.4. REPORTFORMATCMD_DELETE 261

29. reportformatQuery 262

29.1. Attribute Set 262

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference ix

 Table of Contents

29.2. Query Options 263

29.3. Additional Considerations 263

30. replicationserverExecute 265

30.1. REPLICATIONCMD_RECONNECT 265

31. replicationserverQuery 266

31.1. Attribute Set 266

31.2. Query Options 267

31.3. Additional Considerations 267

32. reportFileExecute 268

32.1. REPORTFILECMD_VIEW 268

32.2. REPORTFILECMD_DELETE 269

32.3. REPORTFILECMD_TAKE_OWNERSHIP 269

32.4. REPORTFILECMD_CHANGE_OWNERSHIP 270

32.5. reportfiledownloadmtom 270

33. reportfieldExecute 271

33.1. REPORTFIELDCMD_VIEW 273

33.2. REPORTFIELDCMD_CREATE 274

33.3. REPORTFIELDCMD_DELETE 275

33.4. REPORTFIELDCMD_UPDATE 275

34. reportfieldQuery 277

34.1. Attribute Set 277

34.2. Query Options 278

34.3. Additional Considerations 278

35. userfileExecute 279

35.1. USERFILECMD_IMPORT_FILE 280

35.2. USERFILECMD_QUERY_STATUS 281

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference x

 Table of Contents

35.3. USERFILECMD_STOP_IMPORT 281

36. keyExecute 282

36.1. KEYCMD_VIEW 284

36.2. KEYCMD_CREATE 284

36.3. KEYCMD_DELETE 285

36.4. KEYCMD_UPDATE 286

36.5. KEYCMD_ROTATE_KEY 286

36.6. KEYCMD_ROTATE_ABORT 287

36.7. KEYCMD_ROTATE_STATUS 287

37. keyQuery 288

37.1. Attribute Set 288

37.2. Query Options 289

37.3. Additional Considerations 289

38. taskExecute 290

38.1. TASKCMD_VIEW 291

38.2. TASKCMD_DELETE 292

38.3. TASKCMD_UPDATE 292

38.4. TASKCMD_CANCEL 294

38.5. TASKCMD_RESUME 294

38.6. TASKCMD_SUSPEND 294

39. taskQuery 295

39.1. Attribute Set 295

39.2. Query Options 296

39.3. Additional Considerations 296

40. timeZoneListExecute 297

40.1. TMZLISTCMD_GETZONELIST 297

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xi

 Table of Contents

41. SOAP Provisioning 298

41.1. Provisioning Field Attributes 299

41.2. PROVISIONCMD_REGISTER 303

41.3. PROVISIONCMD_ACTIVATE 304

41.4. PROVISIONCMD_ASSIGN 305

41.5. PROVISIONCMD_DSAPPREGISTER 305

41.6. PROVISIONCMD_DSAPPACTIVATE 306

41.7. PROVISIONCMD_DSAPPGENERATEACTIVATIONDATA 306

41.8. PROVISIONCMD_MDL_REGISTER 307

41.9. PROVISIONCMD_MDL_ADD_DEVICE 307

41.10. PROVISIONCMD_MDL_ACTIVATE 308

41.11. dsappSRPRegister 308

41.12. dsappSRPGenerateEphemeralKey 310

41.13. dsappSRPGenerateActivationData 311

41.14. dsappSRPActivate 314

42. SOAP Audit Management 316

42.1. auditGetMessage 316

42.2. digipassActivityQuery 323

42.3. userActivityQuery 326

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xii

 Table of Contents

Table Index

Table 1: SOAP Authentication commands 29

Table 2: SOAP Authentication credential field attributes 29

Table 3: Logical Administrative Privileges 32

Table 4: SOAP Authentication: authUser Command Attributes 34

Table 5: SOAP Authentication: getChallenge Command Attributes 35

Table 6: SOAP Authentication: getSecureChallenge Command Attributes 36

Table 7: SOAP Authentication: UpdatePassword Command Attributes 36

Table 8: SOAP Authentication: changeEncStatPwd Command Attributes 37

Table 9: changeBackendPassword Input Parameters (SOAP Administration) 38

Table 10: changeBackendPassword Output Parameters (SOAP Administration) 38

Table 11: UserInput (Data Type) 38

Table 12: CredentialInput (Data Type) 38

Table 13: PinChange (Data Type) 39

Table 14: ChangeBackendPasswordResult (Data Type) 39

Table 15: UserOutput (Data Type) 39

Table 16: CredentialOutput (Data Type) 40

Table 17: SOAP Signature Validation Commands 41

Table 18: SOAP Signature Field Attributes 41

Table 19: authSignature Command Attributes 43

Table 20: genSignature Command Attributes 45

Table 21: genRequest Command Attributes 45

Table 22: SOAP EMV-CAP Authentication: AuthUser_EMVCAP command attributes 47

Table 23: SOAP EMV-CAP authentication field attributes 48

Table 24: SOAP Administration Commands 50

Table 25: Logon Command Attributes (SOAP Administration) 51

Table 26: logoff Command Attributes (SOAP Administration) 54

Table 27: sessionalive Command Attributes (SOAP Administration) 55

Table 28: userExecute Commands (SOAP Administration) 56

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xiii

 Table of Contents

Table 29: userExecute Global Command Attributes 57

Table 30: userExecute Field Attributes 57

Table 31: USERCMD_CREATE Input Parameters 61

Table 32: USERCMD_CREATE Output Parameters 61

Table 33: USERCMD_VIEW Input Parameters 62

Table 34: USERCMD_VIEW Output Parameters (resultAttribute) 63

Table 35: USERCMD_GET_ADMIN_DOMAINS Input Parameters 64

Table 36: USERCMD_SET_ADMIN_DOMAINS Input Parameters 64

Table 37: USERCMD_DELETE Input Parameters 65

Table 38: USERCMD_UPDATE Input Parameters 65

Table 39: USERCMD_UPDATE Output Parameters 66

Table 40: USERCMD_LINK_USER Input Parameters 67

Table 41: USERCMD_LINK_USER Output Parameters 68

Table 42: USERCMD_UNLINK_USER Input Parameters 69

Table 43: USERCMD_UNLINK_USER Output Parameters 69

Table 44: USERCMD_MOVE Input Parameters 70

Table 45: USERCMD_MOVE Output Parameters 70

Table 46: USERCMD_GET_PERMISSION Input Parameters 70

Table 47: USERCMD_GET_PERMISSION Output Parameters 71

Table 48: USERCMD_SET_PERMISSION Input Parameters] 71

Table 49: USERCMD_SET_PERMISSION Output Parameters 71

Table 50: USERCMD_COPY_PERMISSION Input Parameters 71

Table 51: USERCMD_ENABLE Input Parameters 72

Table 52: USERCMD_ENABLE Output Parameters 72

Table 53: USERCMD_DISABLE Input Parameters 72

Table 54: USERCMD_DISABLE Output Parameters 73

Table 55: USERCMD_UNLOCK Input Parameters 73

Table 56: USERCMD_UNLOCK Output Parameters 73

Table 57: USERCMD_RESET_PASSWORD Input Parameters 74

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xiv

 Table of Contents

Table 58: USERCMD_RESET_PASSWORD Output Parameters 74

Table 59: USERCMD_SET_PASSWORD Input Parameters 74

Table 60: USERCMD_SET_PASSWORD Output Parameters 75

Table 61: USERCMD_SET_EXPIRATION Input Parameters 75

Table 62: USERCMD_RESET_LAST_AUTH_TIME Input Parameters 75

Table 63: userExecute attribute Options 76

Table 64: userQuery Input Parameters (SOAP Administration) 77

Table 65: userQuery Output Parameters (SOAP Administration) 77

Table 66: UserAttributeSet (Data Type) 78

Table 67: UserAttribute (Data Type) 78

Table 68: userQuery (Supported Input Attributes) 78

Table 69: UserFieldSet (Data Type) 79

Table 70: userQuery (Supported Output Attributes) 79

Table 71: QueryOptions (Data Type) 81

Table 72: UserQueryResults (Data Type) 82

Table 73: userattributeExecute Commands (SOAP Administration) 84

Table 74: userattributeExecute Command Parameters 84

Table 75: userattributeExecute Field Attributes 84

Table 76: UATTFLD_OPTIONS values and resulting attribute types 85

Table 77: USERATTRIBUTECMD_CREATE Input Parameters 85

Table 78: USERATTRIBUTECMD_CREATE Output Parameters 86

Table 79: USERATTRIBUTECMD_VIEW Input Parameters 86

Table 80: USERATTRIBUTECMD_VIEW Output Parameters 87

Table 81: USETATTRIBUTECMD_UPDATE Input Parameters 87

Table 82: USERATTRIBUTECMD_UPDATE Output Parameters 88

Table 83: USETATTRIBUTECMD_DELETE Input Parameters 88

Table 84: userSendNotification Input Parameters (SOAP Administration) 89

Table 85: userSendNotification Output Parameters (SOAP Administration) 89

Table 86: UserInput (Data Type) 90

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xv

 Table of Contents

Table 87: ScheduleInput (Data Type) 90

Table 88: UserOutput (Data Type) 90

Table 89: offlinedataExecute Commands (SOAP Administration) 92

Table 90: offlinedataExecute Command Attributes 92

Table 91: offlinedataExecute Field Attributes 92

Table 92: OFFLINEDATACMD_VIEW Input Parameters 93

Table 93: OFFLINEDATACMD_VIEW Output Parameters 93

Table 94: OFFLINEDATACMD_DELETE Input Parameters 94

Table 95: digipassExecute Commands (SOAP Administration) 95

Table 96: digipassExecute Input Parameters 96

Table 97: digipassExecute Output Parameters 96

Table 98: digipassExecute Field Attributes 96

Table 99: DIGIPASSCMD_VIEW Input Parameters 101

Table 100: DIGIPASSCMD_VIEW Output Parameters (resultAttribute) 101

Table 101: DIGIPASSCMD_UPDATE Input Parameters 103

Table 102: DIGIPASSCMD_UPDATE Output Parameters 103

Table 103: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE Input Parameters 104

Table 104: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE Output Parameters 104

Table 105: DIGIPASSCMD_ASSIGN Input Parameters 105

Table 106: DIGIPASSCMD_ASSIGN Output Parameters 106

Table 107: DIGIPASSCMD_UNASSIGN Input Parameters 107

Table 108: DIGIPASSCMD_UNASSIGN Output Parameters 107

Table 109: DIGIPASSCMD_MOVE Input Parameters 108

Table 110: DIGIPASSCMD_SET_EXPIRATION Input Parameters 109

Table 111: DIGIPASSCMD_SET_EXPIRATION Output Parameters 109

Table 112: DIGIPASSCMD_RESET_ACTIVATION Input Parameters 109

Table 113: DIGIPASSCMD_RESET_ACTIVATION Output Parameters 110

Table 114: DIGIPASSCMD_GENERATE_ACTIVATION_DATA Input Parameters 111

Table 115: DIGIPASSCMD_GENERATE_ACTIVATION_DATA Output Parameters 111

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xvi

 Table of Contents

Table 116: DIGIPASSCMD_SEND_ACTIVATION_DATA Input Parameters 111

Table 117: DIGIPASSCMD_SEND_ACTIVATION_DATA Output Parameters 112

Table 118: DIGIPASSCMD_BIND_DEVICE Input Parameters 112

Table 119: DIGIPASSCMD_UNBIND_DEVICE Input Parameters 112

Table 120: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE Input Parameters 113

Table 121: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE Output Parameters 113

Table 122: DIGIPASSCMD_ADD_DEVICE Input Parameters 113

Table 123: DIGIPASSCMD_ADD_DEVICE Output Parameters 113

Table 124: DIGIPASSCMD_DEACTIVATE Input Parameters 114

Table 125: DIGIPASSCMD_DEACTIVATE Output Parameters 114

Table 126: digipassQuery Input Parameters (SOAP Administration) 115

Table 127: digipassQuery Output Parameters (SOAP Administration) 115

Table 128: DigipassAttributeSet (Data Type) 116

Table 129: DigipassAttribute (Data Type) 116

Table 130: digipassQuery (Supported Input Attributes) 116

Table 131: DigipassFieldSet (Data Type) 118

Table 132: digipassQuery (Supported Output Attributes) 118

Table 133: QueryOptions (Data Type) 119

Table 134: DigipassQueryResults (Data Type) 120

Table 135: digipassapplExecute Commands (SOAP Administration) 122

Table 136: digipassapplExecute Input Parameters 123

Table 137: digipassapplExecute Output Parameters 123

Table 138: digipassapplExecute Field Attributes 123

Table 139: DIGIPASSAPPLCMD_CREATE Input Parameters 129

Table 140: DIGIPASSAPPLCMD_CREATE Output Parameters 129

Table 141: DIGIPASSAPPLCMD_VIEW Input Parameters 129

Table 142: DIGIPASSAPPLCMD_VIEW Output Parameters 130

Table 143: DIGIPASSAPPLCMD_UPDATE Input Parameters 130

Table 144: DIGIPASSAPPLCMD_UPDATE Output Parameters 130

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xvii

 Table of Contents

Table 145: DIGIPASSAPPLCMD_DELETE Input Parameters 131

Table 146: DIGIPASSAPPLCMD_TEST_OTP Input Parameters 131

Table 147: DIGIPASSAPPLCMD_TEST_OTP Output Parameters 132

Table 148: DIGIPASSAPPLCMD_RESET_APPL Input Parameters 132

Table 149: DIGIPASSAPPLCMD_RESET_APPL Output Parameters 132

Table 150: DIGIPASSAPPLCMD_RESET_PIN Input Parameters 133

Table 151: [DIGIPASSAPPLCMD_RESET_PIN Output Parameters 133

Table 152: DIGIPASSAPPLCMD_SET_PIN Input Parameters 134

Table 153: DIGIPASSAPPLCMD_SET_PIN Output Parameters 134

Table 154: DIGIPASSAPPLCMD_ENABLE_PIN Input Parameters 134

Table 155: DIGIPASSAPPLCMD_DISABLE_PIN Input Parameters 134

Table 156: DIGIPASSAPPLCMD_DISABLE_PIN Output Parameters 135

Table 157: DIGIPASSAPPLCMD_UNLOCK Input Parameters 135

Table 158: DIGIPASSAPPLCMD_UNLOCK Output Parameters 135

Table 159: DIGIPASSAPPLCMD_GETINFO Input Parameters 136

Table 160: DIGIPASSAPPLCMD_GETINFO Output Parameters 136

Table 161: DIGIPASSAPPL-TYPES:DigipassApplDPInfoItem List Items 136

Table 162: DIGIPASSAPPLCMD_GEN_VOTP Input Parameters 139

Table 163: DIGIPASSAPPLCMD_GEN_VOTP Output Parameters 140

Table 164: DIGIPASSAPPLCMD_FORCE_PIN_CHANGE Input Parameters 140

Table 165: DIGIPASSAPPLCMD_FORCE_PIN_CHANGE Output Parameters 140

Table 166: DIGIPASSAPPLCMD_SET_EVENT_COUNTER Input Parameters 141

Table 167: DIGIPASSAPPLCMD_SET_EVENT_COUNTER Output Parameters 141

Table 168: DIGIPASSAPPLCMD_RESET_ERROR_COUNT Input Parameters 141

Table 169: DIGIPASSAPPLCMD_RESET_ERROR_COUNT Output Parameters 142

Table 170: DIGIPASSAPPLCMD_TEST_SIGNATURE Input Parameters 142

Table 171: DIGIPASSAPPLCMD_TEST_SIGNATURE Output Parameters 143

Table 172: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 Input Parameters 143

Table 173: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 Output Parameters 144

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xviii

 Table of Contents

Table 174: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 Input Parameters 144

Table 175: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 Output Parameters 145

Table 176: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 Input Parameters 145

Table 177: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 Output Parameters 146

Table 178: DIGIPASSAPPLCMD_CREATE_EMVCAP Input Parameters 146

Table 179: DIGIPASSAPPLCMD_CREATE_EMVCAP Output Parameters 147

Table 180: DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA Input Parameters 147

Table 181: DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA Output Parameters 148

Table 182: digipassapplQuery Input Parameters (SOAP Administration) 149

Table 183: digipassapplQuery Output Parameters (SOAP Administration) 149

Table 184: DigipassApplAttributeSet (Data Type) 150

Table 185: DigipassApplAttribute (Data Type) 150

Table 186: digipassapplQuery (Supported Input Attributes) 150

Table 187: DigipassApplFieldSet (Data Type) 151

Table 188: digipassapplQuery (Supported Output Attributes) 151

Table 189: QueryOptions (Data Type) 152

Table 190: DigipassApplQueryResults 152

Table 191: dpxfileExecute Commands (SOAP Administration) 155

Table 192: dpxfileExecute Command Attributes 155

Table 193: dpxfileExecute Field Attributes 155

Table 194: DPXFILECMD_IMPORT_FILE Input Parameters 157

Table 195: DPXFILECMD_QUERY_STATUS Input Parameters 157

Table 196: DPXFILECMD_QUERY_STATUS Output Parameters 157

Table 197: dpxfileuploadmime Command Attributes 158

Table 198: dpxfileuploadmimie Input Parameters 158

Table 199: dpxfileuploadmime Output Parameters 158

Table 200: dpxfileuploaddime Command Attributes 159

Table 201: dpxfileuploaddime Input Parameters 159

Table 202: dpxfileuploaddime Output Parameters 160

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xix

 Table of Contents

Table 203: dpxfileuploadmtom Command Attributes 160

Table 204: dpxfileuploadmtom Input Parameters 160

Table 205: dpxfileuploadmtom Output Parameters 161

Table 206: domainExecute Commands (SOAP Administration) 162

Table 207: domainExecute Command Attributes 162

Table 208: domainExecute Field Attributes 162

Table 209: DOMAINCMD_CREATE Input Parameters 163

Table 210: DOMAINCMD_CREATE Output Parameters 163

Table 211: DOMAINCMD_VIEW Output Parameters 163

Table 212: DOMAINCMD_UPDATE Input Parameters 164

Table 213: DOMAINCMD_UPDATE Output Parameters 164

Table 214: domainQuery Parameters (SOAP Administration) 165

Table 215: QueryOptions (Data Type) 166

Table 216: orgunitExecute Commands (SOAP Administration) 167

Table 217: orgunitExecute Command Parameters 167

Table 218: orgunitExecute Field Attributes 167

Table 219: ORGUNITCMD_CREATE Input Parameters 168

Table 220: ORGUNITCMD_CREATE Output Parameters 168

Table 221: ORGUNITCMD_VIEW Input Parameters 169

Table 222: ORGUNITCMD_VIEW Output Parameters 169

Table 223: ORGUNITCMD_UPDATE Input Parameters 169

Table 224: ORGUNITCMD_UPDATE Output Parameters 170

Table 225: ORGUNITCMD_DELETE Input Parameters 170

Table 226: orgunitQuery Parameters 171

Table 227: QueryOptions (Data Type) 172

Table 228: componentExecute Commands (SOAP Administration) 173

Table 229: componentExecute Command Parameters 173

Table 230: componentExecute Field Attributes 173

Table 231: COMPONENTCMD_CREATE Input Parameters 174

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xx

 Table of Contents

Table 232: COMPONENTCMD_CREATE Output Parameters 175

Table 233: COMPONENTCMD_VIEW Input Parameters 175

Table 234: COMPONENTCMD_VIEW Output Parameters 175

Table 235: COMPONENTCMD_UPDATE Input Parameters 176

Table 236: COMPONENTCMD_UPDATE Output Parameters 177

Table 237: COMPONENTCMD_DELETE Input Parameters 177

Table 238: componentQuery Parameters 179

Table 239: QueryOptions (Data Type) 180

Table 240: backendExecute Commands 181

Table 241: backendExecute Command Parameters 181

Table 242: backendExecute Field Attributes 181

Table 243: BACKENDCMD_CREATE Input Parameters 183

Table 244: BACKENDCMD_CREATE Output Parameters 184

Table 245: BACKENDCMD_VIEW Output Parameters 185

Table 246: BACKENDCMD_UDPATE Input Parameters 186

Table 247: BACKENDCMD_UDPATE Output Parameters 187

Table 248: backendQuery Parameters 189

Table 249: QueryOptions (Data Type) 190

Table 250: policyExecute Commands (SOAP administration) 191

Table 251: policyExecute Command Parameters 191

Table 252: policyExecute Field Attributes 191

Table 253: POLICYCMD_CREATE Input Parameters 207

Table 254: POLICYCMD_CREATE Output Parameters 210

Table 255: POLICYCMD_VIEW Input Parameters 215

Table 256: POLICYCMD_VIEW Output Parameters 215

Table 257: POLICYCMD_UPDATE Input Parameters 219

Table 258: POLICYCMD_UPDATE Output Parameters 223

Table 259: POLICYCMD_GET_EFFECTIVE_POLICY Input Parameters 228

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters 228

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxi

 Table of Contents

Table 261: policyQuery Input Parameters (SOAP Administration) 233

Table 262: policyQuery Output Parameters (SOAP Administration) 233

Table 263: PolicyAttributeSet (Data Type) 234

Table 264: PolicyAttribute (Data Type) 234

Table 265: policyQuery (Supported Input Attributes) 234

Table 266: PolicyFieldSet (Data Type) 238

Table 267: policyQuery (Supported Output Attributes) 238

Table 268: QueryOptions (Data Type) 242

Table 269: PolicyQueryResults (Data Type) 243

Table 270: reportExecute Commands 246

Table 271: reportExecute Command Parameters 246

Table 272: reportExecute Field Attributes 246

Table 273: REPORTCMD_CREATE Input Parameters 249

Table 274: REPORTCMD_CREATE Output Parameters 250

Table 275: REPORTCMD_VIEW Input Parameters 250

Table 276: REPORTCMD_VIEW Output Parameters 251

Table 277: REPORTCMD_UPDATE Input Parameters 251

Table 278: REPORTCMD_UPDATE Output Parameters 252

Table 279: REPORTCMD_DELETE Input Parameters 253

Table 280: REPORTCMD_CHANGE_OWNER Input Parameters 253

Table 281: REPORTCMD_CHANGE_OWNER Output Parameters 253

Table 282: REPORTCMD_RUN Input Parameters 254

Table 283: reportfiledownloadmtom Command Attributes 255

Table 284: reportfiledownloadmtom Input Parameters 255

Table 285: reportQuery Parameters 256

Table 286: QueryOptions (Data Type) 257

Table 287: reportformatExecute Commands 258

Table 288: reportformatExecute Command Parameters 258

Table 289: reportformatExecute Field Attributes 258

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxii

 Table of Contents

Table 290: REPORTFORMATCMD_CREATE Input Parameters 259

Table 291: REPORTFORMATCMD_CREATE Output Parameters 259

Table 292: REPORTFORMATCMD_VIEW Input Parameters 260

Table 293: REPORTFORMATCMD_VIEW Output Parameters 260

Table 294: REPORTFORMATCMD_UPDATE Input Parameters 260

Table 295: REPORTFORMATCMD_UPDATE Output Parameters 261

Table 296: REPORTFORMATCMD_DELETE Input Parameters 261

Table 297: reporfFormatQuery Parameters 262

Table 298: QueryOptions (Data Type) 263

Table 299: replicationserverExecute Command Parameters 265

Table 300: replicationserverQuery Parameters 266

Table 301: QueryOptions (Data Type) 267

Table 302: reportFileExecute Commands 268

Table 303: reportFileExecute Field Attributes 268

Table 304: REPORTFILECMD_VIEW Output Parameters 269

Table 305: REPORTFILECMD_TAKE_OWNERSHIP Input Parameters 269

Table 306: REPORTFILECMD_CHANGE_OWNERSHIP Input Parameters 270

Table 307: REPORTFILECMD_CHANGE_OWNERSHIP Output Parameters 270

Table 308: reportfieldExecute Commands 271

Table 309: reportfieldExecute Field Attributes 271

Table 310: REPORTFIELDCMD_VIEW Input Parameters 273

Table 311: REPORTFIELDCMD_VIEW Output Parameters 274

Table 312: REPORTFIELDCMD_CREATE Input Parameters 274

Table 313: REPORTFIELDCMD_CREATE Output Parameters 274

Table 314: REPORTFIELDCMD_DELTE Input Parameters 275

Table 315: REPORTFIELDCMD_UPDATE Input Parameters 275

Table 316: REPORTFIELDCMD_UPDATE Output Parameters 275

Table 317: reportfieldQuery Parameters (SOAP Administration) 277

Table 318: QueryOptions (Data Type) 278

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxiii

 Table of Contents

Table 319: userfileExecute Commands 279

Table 320: userfileExecute Field Attributes 279

Table 321: USERFILECMD_IMPORT_FILE Input Parameters 280

Table 322: USERFILECMD_QUERY_STATUS Input Parameters 281

Table 323: USERFILECMD_QUERY_STATUS Output Parameters 281

Table 324: keyExecute Commands 282

Table 325: keyExecute Field Attributes 282

Table 326: KEYCMD_VIEW Output Parameters 284

Table 327: KEYCMD_CREATE Input Parameters 284

Table 328: KEYCMD_CREATE Output Parameters 285

Table 329: KEYCMD_UPDATE Input Parameters 286

Table 330: KEYCMD_UPDATE Output Parameters 286

Table 331: KEYCMD_ROTATE_KEY Input Parameters 286

Table 332: KEYCMD_ROTATE_KEY Output Parameters 287

Table 333: KEYCMD_ROTATE_STATE Output Parameters 287

Table 334: keyQuery Parameters 288

Table 335: QueryOptions (Data Type) 289

Table 336: taskExecute Commands 290

Table 337: taskExecute Field Attributes 290

Table 338: TASKCMD_VIEW Output Parameters 291

Table 339: TASKCMD_UPDATE Input Parameters 293

Table 340: TASKCMD_UPDATE Output Parameters 293

Table 341: taskQuery Parameters 295

Table 342: QueryOptions (Data Type) 296

Table 343: timeZoneListExecute Commands 297

Table 344: timeZoneListExecute Command Parameters 297

Table 345: TMZLISTCMD_GETZONELIST Output Parameters 297

Table 346: provisioningExecute Commands (SOAP Provisioning) 298

Table 347: SOAP Provisioning Field Attributes 299

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxiv

 Table of Contents

Table 348: PROVISIONCMD_REGISTER Attributes 303

Table 349: PROVISIONCMD_ACTIVATE Attributes 304

Table 350: PROVISIONCMD_ASSIGN Attributes 305

Table 351: PROVISIONCMD_DSAPPREGISTER Attributes 305

Table 352: PROVISIONCMD_DSAPPACTIVATE Attributes 306

Table 353: PROVISIONCMD_DSAPPGENERATEACTIVATIONDATA Attributes 306

Table 354: PROVISIONCMD_MDL_REGISTER Attributes 307

Table 355: PROVISIONCMD_MDL_ADD_DEVICE Attributes 307

Table 356: PROVISIONCMD_MDL_ACTIVATE Attributes 308

Table 357: dsappSRPRegister Input Parameters (SOAP Administration) 308

Table 358: dsappSRPRegister Output Parameters (SOAP Administration) 309

Table 359: UserInput (Data Type) 309

Table 360: RegisterCredentialInput (Data Type) 309

Table 361: DSAPPSRPRegisterResult (Data Type)] 309

Table 362: dsappSRPGenerateEphemeralKey Input Parameters (SOAP Administration) 310

Table 363: dsappSRPGenerateEphemeralKey Output Parameters (SOAP Administration) 310

Table 364: DSAPPSRPGenerateEphemeralKeyResult (Data Type) 311

Table 365: dsappSRPGenerateActivationData Input Parameters (SOAP Administration) 312

Table 366: dsappSRPGenerateActivationData Output Parameters (SOAP Administration) 312

Table 367: DSAPPSRPGenerateActivationDataResult (Data Type) 312

Table 368: DSAPPSRPStandardActivation (Data Type) 312

Table 369: DSAPPSRPMDLActivation (Data Type) 313

Table 370: DSAPPSRPEncryptedData (Data Type) 313

Table 371: dsappSRPActivate Input Parameters (SOAP Administration) 314

Table 372: dsappSRPActivate Output Parameters (SOAP Administration) 314

Table 373: ActivateCredentialInput (Data Type) 314

Table 374: SOAP Audit Management Commands 316

Table 375: auditGetMessage Input Parameters (SOAP Administration) 316

Table 376: auditGetMessage Output Parameters (SOAP Administration) 316

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxv

 Table of Contents

Table 377: AuditMessage (Data Type) 317

Table 378: digipassActivityQuery Input Parameters (SOAP Administration) 323

Table 379: digipassActivityQuery Output Parameters (SOAP Administration) 323

Table 380: DigipassActivityInput (Data Type) 323

Table 381: DigipassActivityQueryOptions (Data Type) 324

Table 382: DigipassActivitySortOrder (Data Type) 324

Table 383: DigipassActivityList (Data Type) 325

Table 384: userActivityQuery Input Parameters (SOAP Administration) 327

Table 385: userActivityQuery Output Parameters (SOAP Administration) 327

Table 386: UserActivityInput (Data Type) 327

Table 387: userActivityQueryOptions (Data Type) 328

Table 388: UserActivityFilterExpression (Data Type) 328

Table 389: UserActivityFilter Attributes (Data Type) 328

Table 390: UserActivityFilter Inner XML (Data Type) 329

Table 391: UserActivitySortOrder (Data Type) 329

Table 392: UserActivityList (Data Type) 329

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference xxvi

 1. Introduction

1. Introduction
The IAS Authentication SDK SOAP Reference is a reference for developers using the IDENTIKEY Authentication
Server SOAP interface. It is highly recommended to use this guide together with the IAS Authentication SDK Pro-
grammer's Guide.

The IDENTIKEY Authentication Server SDK SOAP Reference is a reference for developers using the IDENTIKEY
Authentication Server SOAP interface. It is highly recommended to use this guide together with the IDENTIKEY
Authentication Server SDK Programmer's Guide.

1.1. Who should read this guide?

This guide is designed for developers using the IDENTIKEY Authentication Server SOAP interface.

The reader should be familiar with:

n Online authentication and authorisation tools and protocols, including SOAP, RADIUS, WSDL, SSL, XML,
HTML and TCP/IP.
n Windows and Linux security software environments including IIS, Active Directory and ODBC.
n Administration tasks including user management , policy, scheduling, reports, and performance mon-
itoring.
n Password management and encryption techniques.
n EMV-CAP and other e-commerce transaction standards.
n Programming languages, especially Java and ASP.NET.

1.2. Reading Requirements

It is assumed that any users of this document will have read the following manuals:

n IDENTIKEY Authentication Server SDK Programmer's Guide

n IDENTIKEY Authentication Server Product Guide

IDENTIKEY Authentication Server SOAP interface users must be familiar with the concepts and functions of
IDENTIKEY Authentication Server, its SDK, and SOAP.

1.3. IDENTIKEY Authentication Server Documentation Suite

The following IDENTIKEY Authentication Server guides are available:

n IDENTIKEY Authentication Server Product Guide: introduces the features and concepts of IDENTIKEY
Authentication Server and explains various usage options.
n IDENTIKEY Authentication Server Getting Started Guide: provides a walkthrough on deploying a standard
setup of IDENTIKEY Authentication Server and testing its key features.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 27

 1. Introduction

n IDENTIKEY Authentication Server Installation Guide for Windows: provides comprehensive instructions on
installing IDENTIKEY Authentication Server on a Windows platform.
n IDENTIKEY Authentication Server Installation Guide for Linux: provides comprehensive instructions on
installing IDENTIKEY Authentication Server on a supported Linux distribution.
n IDENTIKEY Authentication Server Administrator Guide: in-depth information on the administration and man-
agement of IDENTIKEY Authentication Server.
n IDENTIKEY Authentication Server Administrator Reference: detailed IDENTIKEY Authentication Server ref-
erences, including data attributes, utility commands, schema information, and other related information.
n IDENTIKEY Authentication Server Performance and Deployment Guide: information on common deploy-
ment models and performance statistics.
n IDENTIKEY Authentication Server Release Notes: latest information on corresponding IDENTIKEY Authentic-
ation Server releases.
n IDENTIKEY Authentication Server Data Migration Guide: provides comprehensive information on the vari-
ous paths available when updating IDENTIKEY Authentication Server to a higher version.
n IDENTIKEY Authentication Server SDK Programmer's Guide: information on the IDENTIKEY Authentication
Server Software Development Kit (SDK):
n IDENTIKEY Authentication Server SDK Programmer's Guide
n IDENTIKEY Authentication Server SDK Programmer's Guide for Java
n IDENTIKEY Authentication Server SDK Programmer's Guide for .NET
n IDENTIKEY Authentication Server Authentication SDK Programmer's Guide for Java
n IDENTIKEY Authentication Server Authentication SDK Programmer's Guide for .NET
n IDENTIKEY Authentication Server SDK SOAP Reference
n IDENTIKEY Authentication Server SDK Plug-In Engine Guide
n IAS Authentication SDK Programmer's Guide: in-depth information required to develop using the
IAS Authentication SDK:
n IDENTIKEY Authentication Server SDK Programmer's Guide
n IDENTIKEY Authentication Server SDK Programmer's Guide for Java
n IDENTIKEY Authentication Server SDK Programmer's Guide for .NET
n IDENTIKEY Authentication Server Authentication SDK Programmer's Guide for Java
n IDENTIKEY Authentication Server Authentication SDK Programmer's Guide for .NET
n IDENTIKEY Authentication Server SDK SOAP Reference

1.3.1. Further assistance

Comprehensive Help Files including context-sensitive assistance are available via IDENTIKEY Authentication Server
user interfaces. For more information, please visit http://www.vasco.com.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 28

 2. SOAP Authentication

2. SOAP Authentication
The following table lists the authentication commands supported in the SOAP authentication interface.

Table 1: SOAP Authentication commands

Command Description

authUser Perform a user authentication operation on the IDENTIKEY Authentication Server (see 2.1.
authUser).

getChallenge Request the IDENTIKEY Authentication Server to generate an authentication challenge, i.e 1-
step challenge (see 2.2. getChallenge).

getSecureChallenge Request IDENTIKEY Authentication Server to generate a request message which can be used to
initiate an authentication process (see 2.3. getSecureChallenge).

Applies if Secure Channel is supported.

updatePassword Perform a static password update operation on the IDENTIKEY Authentication Server (see 2.4.
updatePassword).

changeEncStatPwd Change the PIN and static password for a DIGIPASS 110 authenticator (see 2.5.
changeEncStatPwd).

changeBackendPassword The user can change the static Active Directory password with a configured back end for
IDENTIKEY Authentication Server via a user self- management website (see 2.6.
changeBackendPassword ).

The following credential field attributes are available for SOAP Authentication commands:

Table 2: SOAP Authentication credential field attributes

Attribute Name Data Value Description
Type

CREDFLD_ADMIN_PRIVILEGES String Up to 255 chars. Administration privileges of the User.

CREDFLD_AUXILIARY_MESSAGE String The serialized errorstack.

Only specified if authuser request is not suc-

cessful.

CREDFLD_CESPR String

CREDFLD_CHALLENGE String Challenge used by the end-user to generate the

response for the C/R authentication.

CREDFLD_CHALLENGE_KEY String Key used to refer to a challenge generated by the

IDENTIKEY Authentication Server.

CREDFLD_CHALLENGE_MESSAGE String Message to be displayed to the end-user asking

them to use the returned challenge.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 29

 2. SOAP Authentication

Table 2: SOAP Authentication credential field attributes (continued)

Attribute Name Data Value Description
Type

CREDFLD_COMPONENT_TYPE String SOAP client application identifier.

CREDFLD_CONFIRM_NEW_PIN String To be used to change server PIN.

CREDFLD_CONFIRM_STATIC_ String Up to 255 chars.

PASSWORD

CREDFLD_CONTROLLER_TYPE String SSM/HSM-

Safenet

CREDFLD_CURRENT_PIN String

CREDFLD_DIGIPASS Input of DIGIPASS credentials.

CREDFLD_DOMAIN String Up to 255 chars. As output, the user's resolved domain will be spe-
cified.

CREDFLD_DP_RESPONSE String DIGIPASS one-time password (only used in case of

password format 4).

CREDFLD_HOST_CODE String The host code; only returned in case the cor-
responding attribute field was specified in the
authentication request and the authentication has
been successful.

CREDFLD_LOGICAL_ADMIN_ String For a list of pos- Comma separated list of the assigned admin-
PRIVILEGES sible values, refer istrative privileges. Each administrative privilege is
to Table 3: Logical specified as follows:
Administrative
Privileges. <admin priv name> [true|false]

CREDFLD_NEW_PIN String To be used to change server PIN.

CREDFLD_NEW_STATIC_PASSWORD String Up to 255 chars.

CREDFLD_NOTIFY_GRACE_EXPIRE_ String
DATE

CREDFLD_NOTIFY_GRACE_PERIOD_ String
EXPIRED

CREDFLD_NOTIFY_PASSWORD_ DateTime YYYY-MM-DDTh- The date and time when the static password
EXPIRE_DATE h:mm:ssZ expires.

CREDFLD_NOTIFY_PASSWORD_ String
RANDOMIZE

CREDFLD_NOTIFY_REQUIRE_PIN_ String
CHANGE

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 30

 2. SOAP Authentication

Table 2: SOAP Authentication credential field attributes (continued)

Attribute Name Data Value Description
Type

CREDFLD_NOTIFY_TOKEN_IS_ String
ASSIGNED

CREDFLD_ORGANIZATIONAL_UNIT String Up to 255 chars. Indicates the user's resolved organizational unit.

CREDFLD_PASSWORD String The combined password string (only in case of

password format 0).

CREDFLD_PASSWORD_FORMAT Unsigned Following values

Integer are supported:

0: cleartext com-
bined password
format

4: different
authentication ele-
ments are
provided into sep-
arate parameters
in cleartext.

CREDFLD_PLATFORM String Linux/Windows

CREDFLD_PRODUCT_NAME String

CREDFLD_PRODUCT_VERSION String

CREDFLD_REQUEST_BODY String Up to 512 chars. The clear request body used to generate the chal-
lenge request message for an authentication pro-
cess using Secure Channel.

Applies if Secure Channel is supported.

CREDFLD_REQUEST_MESSAGE String Up to 1070 hexa- The secure challenge request message.

decimal chars.
Applies if Secure Channel is supported.

CREDFLD_REQUEST_HOST_CODE String Supported input

values:

0 - No

1 - Optional

2 - Required

Only the number

should be used.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 31

 2. SOAP Authentication

Table 2: SOAP Authentication credential field attributes (continued)

Attribute Name Data Value Description
Type

CREDFLD_SERIAL_NO String Up to 255 chars. The serial number of the DIGIPASS to be used in
the authentication processing.

CREDFLD_SESSION_ID String Up to 255 chars. Session ID for a wireless RADIUS session. May be
used for Fast Reconnect.

CREDFLD_STATIC_PASSWORD String Up to 255 chars. Only used in case of password format 4

CREDFLD_STATUS_MESSAGE String Reason of failure.

Only specified if authuser request is not suc-

cessful.

CREDFLD_STORAGE_TYPE String ODBC/LDAP

CREDLFD_SVR_PUBLIC_KEY String Server Public key

CREDLFD_TRANSACTION_TITLE String Up to 255 chars. The title of a secure challenge transaction.

Applies if Secure Channel is supported.

CREDFLD_USER_ATTRIBUTE_GROUP String Up to 255 chars. The user attribute group name for the attributes
you want to be returned after a successful authen-
tication.

CREDFLD_USERID String Up to 255 chars. The UserID, in whatever form the calling applic-
ation provides it (no specific format is required).

As output, the resolved UserID will be specified.

CREDFLD_SERVER_LOCAL_TZ String Server Local Timezone.

CREDFLD_RESTRICT_ADMIN_ String
PRIVILEGE_ASSIGNMENT

The following table lists the available logical admin privileges.

Table 3: Logical Administrative Privileges

admin_logon update_digipass disable_server_pin delete_orgunit take_task_ownership

access_all_domains delete_digipass enable_server_pin reset_offline_data import_user

live_audit assign_digipass create_emvcap_applic- replication_status view_key

ation

set_auth_policy_over- unassign_digipass generate_dpappl_activ- replication_reconnect create_key

rides ation_data

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 32

 2. SOAP Authentication

Table 3: Logical Administrative Privileges (continued)

axsguard_system_ move_digipass import_digipass view_report update_key
administration

view_audit_information reset_activation view_policy create_report delete_key

view_user view_emv_pan create_policy update_report rotate_key

create_user set_digipass_expiration update_policy delete_report view_reportfile

update_user send_digipass_activ- delete_policy change_report_owner delete_reportfile

ation_data

delete_user bind_digipass view_backend run_report download_reportfile

link_user unbind_digipass create_backend access_domain take_ownership_report-

file

unlink_user generate_activation_ update_backend take_report_ownership change_ownership_

message reportfile

move_user add_device delete_backend view_server_con-

figuration

view_privileges deactivate_digipass view_component update_server_con-

figuration

set_privileges reset_dpappl create_component view_admin_session

unlock_user set_dpappl_event update_component delete_admin_session

enable_user reset_pin delete_component view_configuration

disable_user force_pin_change view_domain update_configuration

set_password set_pin create_domain view_task

reset_password unlock_digipass update_domain update_task

set_user_expiration reset_dpappl_lock delete_domain delete_task

reset_last_authen- test_otp view_orgunit cancel_task

tication_time

set_admin_domains generate_virtual_otp create_orgunit resume_task

view_digipass test_signature update_orgunit suspend_task

2.1. authUser

The authuser command can be used to send the following requests to the IDENTIKEY Authentication Server:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 33

 2. SOAP Authentication

n Authenticate with Response-Only DIGIPASS

n Authenticate with Challenge/Response DIGIPASS
n Secure Channel-based authentication (authentication with the getChallenge and getSe-
cureChallenge commands - see Sections 2.2. getChallenge and 2.3. getSecureChallenge for more
information on the corresponding command.)
n Change Server PIN

Table 4: SOAP Authentication: authUser Command Attributes

Attribute Name Input Output

CREDFLD_USERID Mandatory Mandatory

CREDFLD_DOMAIN Optional Optional

CREDFLD_ORGANIZATIONAL_UNIT Optional

CREDFLD_SERIAL_NO Optional Optional

CREDFLD_PASSWORD Optional

CREDFLD_PASSWORD_FORMAT Mandatory

CREDFLD_DP_RESPONSE Optional

CREDFLD_COMPONENT_TYPE Mandatory

CREDFLD_REQUEST_HOST_CODE Optional

CREDFLD_HOST_CODE Optional

CREDFLD_USER_ATTRIBUTE_GROUP Optional

CREDFLD_STATIC_PASSWORD Optional

CREDFLD_CURRENT_PIN Optional

CREDFLD_NEW_PIN Optional

CREDFLD_CONFIRM_NEW_PIN Optional

CREDFLD_CHALLENGE Optional

CREDFLD_CHALLENGE_KEY Optional Optional

CREDFLD_CHALLENGE_MESSAGE Optional

CREDFLD_STATUS_MESSAGE Optional

CREDFLD_AUXILIARY_MESSAGE Optional

CREDFLD_REQUEST_BODY Optional

CREDFLD_REQUEST_MESSAGE Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 34

 2. SOAP Authentication

Table 4: SOAP Authentication: authUser Command Attributes

(continued)
Attribute Name Input Output

CREDFLD_TRANSACTION_TITLE Optional

CREDFLD_NOTIFY_PASSWORD_EXPIRE_ Optional
DATE

2.2. getChallenge

The getChallenge command can be used to send the following requests to the IDENTIKEY Authentication
Server:

n Get 1-step Challenge (user specific server challenge)

n Get 1-step Challenge (general server challenge)

Table 5: SOAP Authentication: getChallenge Command Attributes

Attribute Name Input/Output Optional?

CREDFLD_USERID I/O Optional

CREDFLD_DOMAIN I/O Optional

CREDFLD_ORGANIZATIONAL_UNIT O

CREDFLD_SERIAL_NO I/O Optional

CREDFLD_COMPONENT_TYPE I Mandatory

CREDFLD_CHALLENGE O

CREDFLD_CHALLENGE_KEY O

CREDFLD_CHALLENGE_MESSAGE O

CREDFLD_STATUS_MESSAGE O

CREDFLD_AUXILIARY_MESSAGE O

2.3. getSecureChallenge

The getSecureChallenge command can be used to generate a request message to initiate an authen-
tication process using the Secure Channel feature.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 35

 2. SOAP Authentication

Table 6: SOAP Authentication: getSecureChallenge Command Attributes

Attribute Name Input Output Remarks
CREDFLD_USERID Mandatory Mandatory
CREDFLD_DOMAIN Optional Mandatory
CREDFLD_ORGANIZATIONAL_UNIT Optional
CREDFLD_SERIAL_NO Optional Mandatory
CREDFLD_COMPONENT_TYPE Mandatory
CREDFLD_REQUEST_BODY Optional This field cannot be used in combination with
CREDFLD_CHALLENGE_MESSAGE and CREDFLD_
TRANSACTION_TITLE.
CREDFLD_TRANSACTION_TITLE Optional This field cannot be used in combination with
CREDFLD_REQUEST_BODY.
CREDFLD_CHALLENGE_MESSAGE Optional This field cannot be used in combination with
CREDFLD_REQUEST_BODY.
CREDFLD_CHALLENGE_KEY Mandatory
CREDFLD_REQUEST_MESSAGE Mandatory

You can define the challenge message displayed to the user either with CREDFLD_REQUEST_BODY or with
CREDFLD_CHALLENGE_MESSAGE and, optionally, CREDFLD_TRANSACTION_TITLE.

2.4. updatePassword

The updatePassword command can be used to send an update static password request to the IDENTIKEY
Authentication Server:

Table 7: SOAP Authentication: UpdatePassword Command Attributes

Attribute Name Input/Output Optional?

CREDFLD_USERID I/O Mandatory

CREDFLD_DOMAIN I/O Optional

CREDFLD_ORGANIZATIONAL_UNIT O

CREDFLD_COMPONENT_TYPE I Mandatory

CREDFLD_STATIC_PASSWORD I Mandatory

CREDFLD_NEW_STATIC_PASSWORD I Mandatory

CREDFLD_CONFIRM_STATIC_PASSWORD I Mandatory

CREDFLD_STATUS_MESSAGE O

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 36

 2. SOAP Authentication

Table 7: SOAP Authentication: UpdatePassword Command Attributes (con-

tinued)
Attribute Name Input/Output Optional?

CREDFLD_AUXILIARY_MESSAGE O

2.5. changeEncStatPwd

The changeEncStatPwd command can be used to send a request to the IDENTIKEY Authentication Server for
changing a PIN and static password for a DIGIPASS 110 authenticator.

Table 8: SOAP Authentication: changeEncStatPwd Command Attributes

Attribute Name Input/Output Optional?

CREDFLD_USERID I/O Mandatory

CREDFLD_DOMAIN I Optional

CREDFLD_CESPR I Mandatory

CREDFLD_CHALLENGE I

CREDFLD_SERVER_PUBLIC_KEY I Mandatory

CREDFLD_COMPONENT_TYPE I Mandatory

2.6. changeBackendPassword

The changeBackendPassword command serves to change the user's static Active Directory password with
a configured back end of IDENTIKEY Authentication Server.The user must authenticate in IDENTIKEY Authentication
Server, using local authentication, for this operation to succeed.

Note
If the Password Randomization feature of IDENTIKEY Authentication Server is used, the policy used in IDENTIKEY
Authentication Server must not apply password proxying for the changeBackendPassword SOAP com-
mand because this would lead to a user with a randomized password being able to change their password.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 37

 2. SOAP Authentication

2.6.1. Parameters

Table 9: changeBackendPassword Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
componentType String Mandatory Specifies the component to which the password change is applied.
user UserInput Mandatory The user input information; specifies the user who changes the
password.
credential CredentialInput Mandatory The credential parameters used to authenticate the user.
newStaticPassword String Mandatory The new password to be set by the user.

Table 10: changeBackendPassword Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
status CommandStatusResponse Mandatory The error stack, indicating that the command has not completed suc-
cessfully, and the result and status codes returned by the command.
result ChangeBackendPasswordResult Optional The returned information about user and user credentials.

2.6.1.1. UserInput
Table 11: UserInput (Data Type)
Element Type Description
Name

userID String The ID of the user who changes the back-end password.

domain String The domain of the user who changes the back-end password.

2.6.1.2. CredentialInput
Table 12: CredentialInput (Data Type)
Element Name Type Description

staticPassword String The current static password of the user.

response String The one-time password sent by the user to obtain the challenge necessary for
changing the back-end password.

serialNumber String The serial number of the DIGIPASS authenticator used for changing the back-
end password.

pin String The user's current server PIN.

pinChange PinChange The parameters to be used when changing the PIN.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 38

 2. SOAP Authentication

Table 12: CredentialInput (Data Type) (continued)

Element Name Type Description

challenge String The challenge entered by the user in order to change the back-end password.

challengeKey String The key that is used to refer to the challenge IDENTIKEY Authentication Server
generates.

requestHostCode RequestHostCodeEnumeration Supported input values are:

n No
n Optional
n Required

The default input value is No.

2.6.1.3. PinChange
Table 13: PinChange (Data Type)
Parameter Name Data Type Optionality Description
currentPin String Mandatory The user's current PIN.
newPin String Mandatory The new PIN, to be set by the user.

2.6.1.4. ChangeBackendPasswordResult
Table 14: ChangeBackendPasswordResult (Data Type)
Element Name Type Description

user UserOutput The returned user information.

credential CredentialOutput The returned information about the user credentials.

2.6.1.5. UserOutput
Table 15: UserOutput (Data Type)
Element Type Description
Name

userID String The returned ID of the user who changes the back-end password.

domain String The returned domain of the user who changes the back-end password.

orgUnit String The returned organizational unit of the user who changes the back-end password.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 39

 2. SOAP Authentication

2.6.1.6. CredentialOutput
Table 16: CredentialOutput (Data Type)
Element Name Type Description

serialNumber String The serial number of the used DIGIPASS authenticator.

hostCode String The host code; only returned in case the corresponding attribute field was specified
in the authentication request and the authentication has been successful.

challenge String Challenge used by the end user to generate the response.

2.6.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header/>

<soapenv:Body>

<aut:changeBackendPassword xmlns:aut="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication">

<componentType>SOAP-LocalAuth</componentType>

<user>

<userID>user_pws</userID>

<domain>MASTER</domain>

</user>

<credential>

<staticPassword>Test1234</staticPassword>

</credential>

<newStaticPassword>newPass1</newStaticPassword>

</aut:changeBackendPassword>

</soapenv:Body>

</soapenv:Envelope>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 40

 3. SOAP Signature Validation

3. SOAP Signature Validation

The SOAP signature interface provides commands to generate and validate signatures (see Table 17:
SOAP Signature Validation Commands).

Table 17: SOAP Signature Validation Commands

Command Description
authSignature Validates a signature on the IDENTIKEY Authentication Server (see 3.1. authSig-
nature.
genSignature Generates a virtual signature on the IDENTIKEY Authentication Server (see 3.2.
genSignature).
genRequest Generates a request message which can be used to initiate a signature validation
transaction (see 3.3. genRequest).

Applies if Secure Channel is supported.

Different field attributes are available for SOAP signature interface commands (see Table 18: SOAP Signature Field
Attributes).

Table 18: SOAP Signature Field Attributes

Name Data Type Value Description
SIGNFLD_USERID String Up to 255 chars. The UserID, in whatever form the
calling application provides it (no
specific format is required).

As output, the resolved UserID will

be specified.
SIGNFLD_DOMAIN String Up to 255 chars. As output, the user's resolved
domain will be specified.
SIGNFLD_ORGANIZATIONAL_ String Up to 255 chars. Indicates the user's resolved organ-
UNIT izational unit.
SIGNFLD_SERIAL_NO String Exactly 10 chars. As input, the serial number of the
DIGIPASS to be self-assigned.

As output, the serial number of the

SIGNFLD_COMPONENT_TYPE
SIGNFLD_REQUEST_BODY
DIGIPASS used to login or the
DIGIPASS that was assigned as a
result of self – or auto- assignment.
String SOAP client application identifier.
String The clear signature validation
request body.

Applies if Secure Channel is sup-

ported.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 41

 3. SOAP Signature Validation

Table 18: SOAP Signature Field Attributes (continued)

Name Data Type Value Description
SIGNFLD_REQUEST_CONFIRM_ String Supported values: The client application can use this
CODE field to indicate its requirement
n 0 - No related to host code feedback.
n 1 - Optional
n 2 - Required

Only the numeric value should be

used.
SIGNFLD_REQUEST_KEY String The key which refers to a request
message cached by IDENTIKEY
Authentication Server.

Applies if Secure Channel is sup-

ported.
SIGNFLD_REQUEST_MESSAGE String Signature validation request mes-
sage.

Applies if Secure Channel is sup-

ported.
SIGNFLD_DATA_FIELD_1 String Up to 16 chars. The signature data fields (limited by
the DIGIPASS Application, max-
SIGNFLD_DATA_FIELD_2 String Up to 16 chars.
imum 8) used to generate the elec-
SIGNFLD_DATA_FIELD_3 String Up to 16 chars. tronic signature.
SIGNFLD_DATA_FIELD_4 String Up to 16 chars.
SIGNFLD_DATA_FIELD_5 String Up to 16 chars.
SIGNFLD_DATA_FIELD_6 String Up to 16 chars.
SIGNFLD_DATA_FIELD_7 String Up to 16 chars.
SIGNFLD_DATA_FIELD_8 String Up to 16 chars.
SIGNFLD_DEFERRED_DATETIME DateTime The deferred signature
datetime attribute should be
specified in a full date/time format.
SIGNFLD_DEFERRED_EVENT_ Unsigned Integer The deferred event counter of the
VALUE DIGIPASS Application used for the
generating the signature.
SIGNFLD_SIGNATURE String Up to 17 numeric or hexadecimal The electronic signature.
characters
SIGNFLD_CONFIRM_CODE String Up to 17 numeric or hexadecimal The host code which can be used
characters by the client to validate the com-
mand was executed on the correct
server.

Only returned in case requested in

the input and the command exe-
cution was successful.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 42

 3. SOAP Signature Validation

Table 18: SOAP Signature Field Attributes (continued)

Name Data Type Value Description

SIGNFLD_VERIFIED_DATETIME DateTime In case of a time-based signature

validation DIGIPASS Application.
Returned if the used
DIGIPASS authenticator has the
timebase algorithm enabled for the
signature application and if for the
used policy the Online Signature
mode is enabled.
SIGNFLD_ VERIFIED_ EVENT_ Unsigned Integer In case of an event-based signature
VALUE validation DIGIPASS Application.
SIGNFLD_STATUS_MESSAGE String Reason for failure.

Only returned if signature validation

is not successful.
SIGNFLD_AUXILIARY_MESSAGE String The serialized errorstack.

Only returned if signature validation

SIGNFLD_SVR_PUBLIC_KEY
SIGNFLD_PASSWORD
SIGNFLD_VIRTUAL_SIGNATURE_
REQUEST_IDENTIFIER
SIGNFLD_TRANSACTION_TITLE
is not successful.
String Up to 1024 hexadecimal char- Parameter used as a challenge
acters diversifier to prevent man-in-the-
middle (MITM) attacks.
String The combined password string
(password format defaults to
cleartext combined), provided by
the end user required to generate a
virtual signature.
String
String The title of a signature validation
transaction.

Applies if Secure Channel is sup-

ported.

3.1. authSignature

The authSignature command performs a signature validation operation on the IDENTIKEY Authentication
Server. For more information about signature validation with EMV-CAP, refer to 4. SOAP EMV-CAP Authentication.

Table 19: authSignature Command Attributes

Attribute Name Input/Output Optional?
SIGNFLD_USERID I/O Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 43

 3. SOAP Signature Validation

Table 19: authSignature Command Attributes (continued)

Attribute Name Input/Output Optional?

SIGNFLD_DOMAIN I/O Optional

SIGNFLD_ORGANIZATIONAL_UNIT O
SIGNFLD_SERIAL_NO I Optional
SIGNFLD_COMPONENT_TYPE I Mandatory
SIGNFLD_REQUEST_CONFIRM_CODE I Optional
SIGNFLD_REQUEST_KEY I Optional

Cannot be used in combination with SIGNFLD_DATA_FIELD_1

.

Applies if Secure Channel is supported.

SIGNFLD_DATA_FIELD_1 I Optional

Cannot be used in combination with SIGNFLD_REQUEST_

KEY.
SIGNFLD_DATA_FIELD_2 I Optional
SIGNFLD_DATA_FIELD_3 I Optional
SIGNFLD_DATA_FIELD_4 I Optional
SIGNFLD_DATA_FIELD_5 I Optional
SIGNFLD_DATA_FIELD_6 I Optional
SIGNFLD_DATA_FIELD_7 I Optional
SIGNFLD_DATA_FIELD_8 I Optional
SIGNFLD_DEFERRED_DATETIME I Optional
SIGNFLD_DEFERRED_EVENT_VALUE I Optional
SIGNFLD_SIGNATURE I Mandatory
SIGNFLD_CONFIRM_CODE O
SIGNFLD_VERIFIED_DATETIME O Optional
SIGNFLD_VERIFIED_EVENT_VALUE O Optional
SIGNFLD_STATUS_MESSAGE O
SIGNFLD_AUXILIARY_MESSAGE O

3.2. genSignature

The genSignature command requests IDENTIKEY Authentication Server to generate a virtual signature based
on a number of input fields and to send it to the user via the respective delivery method configured in Message
Delivery Component (MDC).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 44

 3. SOAP Signature Validation

Table 20: genSignature Command Attributes

Attribute Name Input/Output Optional?
SIGNFLD_USERID I/O Mandatory
SIGNFLD_DOMAIN I/O Mandatory
SIGNFLD_ORGANIZATIONAL_UNIT O Mandatory
SIGNFLD_SERIAL_NO I/O Optional
SIGNFLD_COMPONENT_TYPE I Mandatory
SIGNFLD_REQUEST_CONFIRM_CODE I Optional
SIGNFLD_DATA_FIELD_1 I Mandatory
SIGNFLD_DATA_FIELD_2 I Optional
SIGNFLD_DATA_FIELD_3 I Optional
SIGNFLD_DATA_FIELD_4 I Optional
SIGNFLD_DATA_FIELD_5 I Optional
SIGNFLD_DATA_FIELD_6 I Optional
SIGNFLD_DATA_FIELD_7 I Optional
SIGNFLD_DATA_FIELD_8 I Optional
SIGNFLD_DEFERRED_DATETIME I Optional
SIGNFLD_DEFERRED_EVENTCNT I Optional
SIGNFLD_SIGNATURE I Optional
SIGNFLD_CONFIRM_CODE O
SIGNFLD_VERIFIED_DATETIME O
SIGNFLD_DEFERRED_EVENT_VALUE O
SIGNFLD_STATUS_MESSAGE O

SIGNFLD_AUXILIARY_MESSAGE O
SIGNFLD_PASSWORD I Mandatory

3.3. genRequest

The genRequest command requests IDENTIKEY Authentication Server to generate a request message, which
can be used to initiate a signature validation transaction using the Secure Channel feature.

Table 21: genRequest Command Attributes

Attribute Name Input Output Remarks
SIGNFLD_USERID Mandatory Mandatory
SIGNFLD_DOMAIN Optional Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 45

 3. SOAP Signature Validation

Table 21: genRequest Command Attributes (continued)

Attribute Name Input Output Remarks
SIGNFLD_ORGANIZATIONAL_UNIT Optional
SIGNFLD_SERIAL_NO Optional Mandatory
SIGNFLD_COMPONENT_TYPE Mandatory
SIGNFLD_REQUEST_BODY Optional This field cannot be used in combination with
SIGNFLD_TRANSACTION_TITLE and a data field list.
SIGNFLD_TRANSACTION_TITLE Optional This field cannot be used in combination with
SIGNFLD_REQUEST_BODY.
SIGNFLD_REQUEST_KEY Mandatory
SIGNFLD_REQUEST_MESSAGE Mandatory

You can define the transaction fields either with SIGNFLD_REQUEST_BODY or with a data field list and SIGNFLD_
TRANSACTION_TITLE. If you decide to use a data field list, you need to define keys and values for each data field.

Example
With SIGNFLD_TRANSACTION_TITLE, the dataFieldList element is required and may be specified as follows:
<dataFieldList>

<dataFields>

<key>key1</key>

<value>value1</value>

</dataFields>

<dataFields>

<key>key2</key>

<value>value2</value>

</dataFields>

<dataFields>

<key>key3</key>

<value>value3</value>

</dataFields>

</dataFieldList>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 46

 4. SOAP EMV-CAP Authentication

4. SOAP EMV-CAP Authentication

The AUTHUSER_ EMVCAP command requests EMV- CAP authentication from the IDENTIKEY Authentication
Server. This command is supported in the SOAP EMV-CAP Authentication scenario and the relevant *.wsdl file.

The AUTHUSER_EMVCAP command supports the following command attributes:

Table 22: SOAP EMV-CAP Authentication: AuthUser_EMVCAP command attributes

Attribute Name Input/Output Optional?

EMVCAPFLD_USERID I/O Mandatory

EMVCAPFLD_DOMAIN I/O Optional

EMVCAPFLD_ORGANIZATIONAL_ O
UNIT

EMVCAPFLD_COMPONENT_TYPE I Mandatory

EMVCAPFLD_SECURECODE I Mandatory

EMVCAPFLD_MODE I Mandatory

EMVCAPFLD_CHALLENGE I Optional for Mode 1

Not supported for Mode 2

Mandatory for Mode 3

EMVCAPFLD_TRANSACTION_ I Optional
AMOUNT
Mode 1 only

EMVCAPFLD_TRANSACTION_ I Optional - Mode 1 only

CURRENCY

EMVCAPFLD_TDS_FIELD_1 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_2 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_3 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_4 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_5 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_6 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_7 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_8 I Optional - Mode 2 only

EMVCAPFLD_TDS_FIELD_9 I Optional - Mode 2 only

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 47

 4. SOAP EMV-CAP Authentication

Table 22: SOAP EMV-CAP Authentication: AuthUser_EMVCAP command attributes (con-

tinued)
Attribute Name Input/Output Optional?

EMVCAPFLD_TDS_FIELD_10 I Optional - Mode 2 only

EMVCAPFLD_SERIAL_NO I/O Optional

EMVCAPFLD_AUXILIARY_ O Optional
MESSAGE

EMVCAPFLD_STATUS_MESSAGE O Optional

The following field attributes are available for SOAP EMV-CAP Authentication commands:

Table 23: SOAP EMV-CAP authentication field attributes

Attribute Name Data Value Description
Type

EMVCAPFLD_USERID String Up to 255 The UserID, in whatever form the calling applic-
chars. ation provides it (no specific format is required).

As output, the resolved UserID will be specified.

EMVCAPFLD_DOMAIN String Up to 255 As output, the user's resolved domain will be spe-
chars. cified.

EMVCAPFLD_ORGANIZATIONAL_UNIT String Up to 255 Indicates the user's resolved organizational unit.

chars.

EMVCAPFLD_COMPONENT_TYPE String SOAP client application identifier.

EMVCAPFLD_SECURECODE String The dynamic code displayed by the smartcard

reader.

EMVCAPFLD_MODE String Supported

input values:

“Mode1”

“Mode2”

"Mode3”

EMVCAPFLD_CHALLENGE String Up to 8 chars

EMVCAPFLD_TRANSACTION_AMOUNT String Up to 12 chars The currency amount of the submitted trans-

action.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 48

 4. SOAP EMV-CAP Authentication

Table 23: SOAP EMV-CAP authentication field attributes (continued)

Attribute Name Data Value Description
Type

EMVCAPFLD_TRANSACTION_ String Up to 4 chars The currency in which the transaction is being

CURRENCY made. Uses ISO4217 numeric currency codes.
See http://en.wikipedia.org/wiki/ISO_
4217#Active_codes for more information.

EMVCAPFLD_TDS_FIELD_1 String Up to 10 Components of the transaction data to be used in

chars. the digital signature. Used in Mode 2 (Digital Sig-
nature) only.
EMVCAPFLD_TDS_FIELD_2 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_3 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_4 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_5 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_6 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_7 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_8 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_9 String Up to 10
chars.

EMVCAPFLD_TDS_FIELD_10 String Up to 10
chars.

EMVCAPFLD_SERIAL_NO String Exactly 10 As input, the serial number of the DIGIPASSto be

chars. self-assigned.

As output, the serial number of the DIGIPASS used

to login or the DIGIPASS that was assigned as a res-
ult of self- or auto-assignment.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 49

 5. SOAP Administration Overview

5. SOAP Administration Overview

The SOAP administration interface supports the commands listed in the following table.

Table 24: SOAP Administration Commands

Command Description

auditGetMessage Queries a single audit record (see 42.1. auditGetMessage).

backendExecute Perform a back-end command (see 22. backendExecute).

backendQuery Perform a back-end query (see 23. backendQuery).

componentExecute Perform a component command (see 20. componentExecute).

componentQuery Perform a component query (see 21. componentQuery).

digipassapplExecute Perform a DIGIPASS Application command (see 13. digipassapplExecute .

digipassapplQuery Perform a DIGIPASS Application query (see 14. digipassapplQuery.

digipassExecute Perform a DIGIPASS command (see 11. digipassExecute).

digipassQuery Perform a DIGIPASS query (see 12. digipassQuery).

domainExecute Perform a domain command (see 16. domainExecute).

domainQuery Perform a domain query (see 17. domainQuery).

dpxfileExecute Perform a DPX file command (see 15. dpxfileExecute).

dpxfileuploaddime Perform an upload of a DPX file using DIME (see 15.5. dpxfileuploaddime).

dpxfileuploadmime Perform an upload of a DPX file using MIME attachments (see 15.4. dpxfileuploadmime).

dpxfileuploadmtom Perform an upload of a DPX file using MTOM (see 15.6. dpxfileuploadmtom).

keyExecute Perform a cryptographickey command (see 36. keyExecute).

keyQuery Perform a cryptographic key query (see 37. keyQuery).

logoff Perform an administrative logoff (see 5.2. logoff ).

logon Perform an administrative logon to the IDENTIKEY Authentication Server (see 5.1. logon).

offlinedataExecute Perform a command related to a user's offline authentication data (see 10. offlinedataExecute).

orgunitExecute Perform an organizational unit command (see 18. orgunitExecute).

orgunitQuery Perform an organizational unit query (see 19. orgunitQuery).

policyExecute Perform a policy command (see 24. policyExecute).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 50

 5. SOAP Administration Overview

Table 24: SOAP Administration Commands (continued)

Command Description

policyQuery Perform a policy query (see 25. policyQuery).

replicationserverExecute Perform a replication command (see 30. replicationserverExecute).

replicationserverQuery Perform a replication query (see 31. replicationserverQuery ).

reportExecute Perform a report command (see 26. reportExecute).

reportfieldExecute Perform a report file command (see 33. reportfieldExecute ).

reportfieldQuery Perform a report field query (see 34. reportfieldQuery).

reportfiledownloadmtom Perform a download of a generated report using MTOM (see 26.7. reportfiledownloadmtom).

reportformatExecute Perform a report format command (see 28. reportformatExecute).

reportformatQuery Perform a report format query (see 29. reportformatQuery).

reportQuery Perform a report query (see 27. reportQuery).

sessionalive Perform a session alive check (see 5.3. sessionalive).

taskExecute Perform a scheduled task command (see 38. taskExecute).

taskQuery Perform a scheduled task query (see 39. taskQuery.

userattributeExecute Perform a user attribute command (see 8. userattributeExecute).

userattributeQuery Perform a user attribute query.

userExecute Perform a user command (see 6. userExecute).

userfileExecute Perform a user import file command (see 35. userfileExecute).

userQuery Perform a user query (see 7. userQuery).

5.1. logon

The administrative logon command supports the following command attributes:

Table 25: Logon Command Attributes (SOAP Administration)

Name Data I/O Optional? Values Description
Type

CREDFLD_ADMIN_PRIVILEGES Base64 O Base64 encoded string of

encoded assigned administrative privileges.
String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 51

 5. SOAP Administration Overview

Table 25: Logon Command Attributes (SOAP Administration) (continued)

Name Data I/O Optional? Values Description
Type

CREDFLD_AUXILIARY_MESSAGE String O The serialized errorstack.

Only specified if logon is not suc-

cessful.

CREDFLD_CESPR String

CREDFLD_CHALLENGE String I Optional Challenge used by the end-user to

generate the response for the C/R
authentication.

CREDFLD_CHALLENGE_KEY String I/O Optional Key used to refer to the challenge

generated by the IDENTIKEY
Authentication Server.

CREDFLD_CHALLENGE_MESSAGE String O Message to be displayed to the

end-user asking him to use the
returned challenge.

CREDFLD_CONTROLLER_TYPE String

CREDFLD_CURRENT_PIN String I Optional

CREDFLD_DOMAIN String I/O Optional Up to 255 chars. As output, the user's resolved
domain will be specified.

CREDFLD_DP_RESPONSE String I Optional DIGIPASS one-time password

(used in case of password format
4).

CREDFLD_HOST_CODE String O Specified as output attribute if

CREDFLD_REQUEST_HOST_
CODE has been specified as input
attribute in the request and set to
either Optional or Required.

CREDFLD_LAST_LOGON_TIME Date- O Mandatory xsd:dateTime value, The date and time of the last admin-
Time for example 2014- istrative logon.
02-
18T14:36:01Z

CREDFLD_LOGICAL_ADMIN_ String O For a list of possible Comma separated list of the

PRIVILEGES values, refer to assigned administrative privileges.
Chapter 2. Each administrative privilege is spe-
SOAP Authentication cified as follows:
.
<admin priv name> [true|false]

CREDFLD_NOTIFY_GRACE_ String
EXPIRE_DATE

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 52

 5. SOAP Administration Overview

Table 25: Logon Command Attributes (SOAP Administration) (continued)

Name Data I/O Optional? Values Description
Type

CREDFLD_NOTIFY_GRACE_ String
PERIOD_EXPIRED

CREDFLD_NOTIFY_PASSWORD_ String
RANDOMIZE

CREDFLD_NOTIFY_REQUIRE_PIN_ String
CHANGE

CREDFLD_NOTIFY_TOKEN_IS_ String
ASSIGNED

CREDFLD_ORGANIZATIONAL_UNIT String O Optional. Up to 255 chars. Indicates the user's resolved organ-
izational unit.

CREDFLD_PASSWORD String I Optional

CREDFLD_PASSWORD_FORMAT Unsigned I Mandatory Following values are supported:

Integer
n 0: cleartext combined
password format
n 4: different authen-
tication elements are
provided into separate
parameters in cleartext.

CREDFLD_PLATFORM String

CREDFLD_PRODUCT_NAME String

CREDFLD_PRODUCT_VERSION String

CREDFLD_REQUEST_HOST_CODE String I Optional Supported input val-

ues:

No

Optional

Required

CREDFLD_SERIAL_NO String I/O Optional Exactly 10 chars. Serial number of the admin-
istrator's DIGIPASS.

CREDFLD_SESSION_ID String O The administration session iden-

tifier.

CREDFLD_STATIC_PASSWORD String I Optional Up to 255 chars.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 53

 5. SOAP Administration Overview

Table 25: Logon Command Attributes (SOAP Administration) (continued)

Name Data I/O Optional? Values Description
Type

CREDFLD_STATUS_MESSAGE String O Reason of failure.

Only specified if logon is not suc-

cessful.

CREDFLD_STORAGE_TYPE String

CREDFLD_USERID String I/O Mandatory Up to 255 chars. The UserID, in whatever form the
calling application provides it (no
specific format is required).

As output, the resolved UserID will

be specified.

CREDFLD_USER_LOCATION String I/O Optional IP address The location (i.e. the IP address) of
the user's client device.

CREDFLD_SVR_PUBLIC_KEY String

5.2. logoff

The administrative logoff command supports the following command attributes:

Table 26: logoff Command Attributes (SOAP Administration)

Name Data I/O Optional? Values Description
Type

CREDFLD_SESSION_ID String I Mandatory Up to The sessionId returned as attribute

255 CREDFLD_SESSION_ID in the logon com-
chars. mand.

CREDFLD_STATUS_MESSAGE String O Reason of failure.

Only specified if logoff is not successful.

CREDFLD_AUXILIARY_MESSAGE String O The serialized errorstack.

Only specified if logoff is not successful.

5.3. sessionalive

The administrative sessionalive command supports the following command attributes:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 54

 5. SOAP Administration Overview

Table 27: sessionalive Command Attributes (SOAP Administration)

Name Data I/O Optional? Values Description
Type

CREDFLD_SESSION_ID String I Mandatory Up to The sessionId returned as attribute

255 CREDFLD_SESSION_ID in the logon com-
chars. mand.

CREDFLD_STATUS_MESSAGE String O Status of session

CREDFLD_AUXILIARY_MESSAGE String O The serialized errorstack.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 55

 6. userExecute

6. userExecute
The userExecute command supports executing following user-related administrative operations:

Table 28: userExecute Commands (SOAP Administration)

Command Description

USERCMD_COPY_PERMISSION For use during mass copy of administrative privileges (see 6.12. USERCMD_COPY_
PERMISSION).

USERCMD_CREATE Creates a new user account (see 6.1. USERCMD_CREATE).

USERCMD_DELETE Deletes a user account (see 6.5. USERCMD_DELETE).

USERCMD_DISABLE Disables the user account of the specified user (see 6.14. USERCMD_DISABLE).

USERCMD_ENABLE Enables the user account of the specified user (see 6.13. USERCMD_ENABLE).

USERCMD_GET_ADMIN_DOMAINS Displays the domains an administrator belongs to (see 6.3. USERCMD_ GET_
ADMIN_DOMAINS).

USERCMD_GET_DEPENDING_ For use during mass copy of administrative privileges.

PERMISSION

USERCMD_GET_PERMISSION Displays the administrative privileges that have been assigned a specified user (see
6.10. USERCMD_GET_PERMISSION).

USERCMD_LINK_USER Links a user to another user's DIGIPASS authenticator (see 6.7. USERCMD_LINK_
USER).

USERCMD_MOVE Moves a user to another location in the organizational structure (see 6.9. USERCMD_
MOVE).

USERCMD_RESET_LAST_AUTH_ Resets the date and time the user was last authorized (see 6.19. USERCMD_RESET_
TIME LAST_AUTH_TIME).

USERCMD_RESET_PASSWORD Resets the static password for the specified user (see 6.16. USERCMD_RESET_
PASSWORD).

USERCMD_SET_ADMIN_DOMAINS Adds an administrator to a list of domains (see 6.4. USERCMD_ SET_ ADMIN_
DOMAINS).

USERCMD_SET_EXPIRATION Sets the expiry date of a user account (see 6.18. USERCMD_SET_EXPIRATION).

USERCMD_SET_PASSWORD Sets the static password for the specified user (see 6.17. USERCMD_SET_
PASSWORD).

USERCMD_SET_PERMISSION Sets the administrative privileges for the specified user (see 6.11. USERCMD_SET_
PERMISSION).

USERCMD_UNLINK_USER Unlinks a user from another user's DIGIPASS authenticator (see 6.8. USERCMD_
UNLINK_USER).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 56

 6. userExecute

Table 28: userExecute Commands (SOAP Administration) (continued)

Command Description

USERCMD_UNLOCK Unlocks the user account of the specified user (see 6.15. USERCMD_UNLOCK).

USERCMD_UPDATE Updates a user account.

USERCMD_VIEW Displays user account information (see 6.2. USERCMD_VIEW).

Table 29: userExecute Global Command Attributes

Name Data I/O Description
Type

sessionID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon (see
5.1. logon).

cmd String I The user command to be executed (see Table 28: userExecute Com-
mands (SOAP Administration)).

attributeSet Set I Zero or more user attribute fields.

adminDomainInfoList Set I

results Set O Zero or more result fields.

Table 30: userExecute Field Attributes

Attribute Name Data Type Value Description

USERFLD_ASSIGNED_DIGIPASS String Output: Only specified in output if one or more

DIGIPASS have been assigned.

USERFLD_BACKEND_AUTH String Supported values:

n Default
n None
n If needed
n Always

USERFLD_CONFIRM_NEW_ String Up to 255 chars.

PASSWORD

USERFLD_CREATE_TIME DateTime The date and time the user account object was
created in the database.

USERFLD_DESCRIPTION String Up to 1024 chars.

USERFLD_DISABLED Boolean

USERFLD_DOMAIN String Up to 255 chars.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 57

 6. userExecute

Table 30: userExecute Field Attributes (continued)

Attribute Name Data Type Value Description

USERFLD_EMAIL String Up to 64 chars. Email address

USERFLD_EXPIRATION_TIME Datetime Date Time User will expire.

USERFLD_EXPIRED Boolean Indicates whether the user account has

expired.

USERFLD_GROUP_LIST String Up to 1024 chars. Reserved for future usage.

USERFLD_HAS_DP String Supported values:

n Assigned
n Unassigned

USERFLD_LAST_PASSWORD_ DateTime Time the password was last set.

SET_TIME

USERFLD_LASTAUTH_TIME DateTime Time of last successful authentication.

USERFLD_LASTAUTHREQ_TIME DateTime Time of last authentication request.

USERFLD_LDAP_DN String Distinguished Name

USERFLD_LOCAL_AUTH
String Supported values: Default: the value from the related policy is
used.
n Default
n None None: no local authentication is performed.
n Digipass Only
n DIGIPASS/Password Digipass Only: the user can only authenticate
n DIGIPASS or Pass- using their DIGIPASS.
word
DIGIPASS/Password: As long as the grace
period for the DIGIPASS authenticatorhas not
expired, the user can use either their authen-
ticator or their static password to log in. After
the grace period has expired, only authen-
tications with DIGIPASS can be performed.

DIGIPASS or Password: The user can use both

their DIGIPASS authenticator or their static
password for authentication, independent of
the grace period. Use of this authentication
mode is subject to licensing.

USERFLD_LOCK_COUNT Integer As part of the unlock procedure, the lock count

will by default be set to 0

USERFLD_LOCKED Boolean

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 58

 6. userExecute

Table 30: userExecute Field Attributes (continued)

Attribute Name Data Type Value Description

USERFLD_LOGICAL_ADMIN_ String For a list of possible values, Comma separated list of the assigned admin-
PRIVILEGES refer to Chapter 2. istrative privileges. Each administrative priv-
SOAP Authentication. ilege is specified as follows:

<admin priv name> [true|false]

USERFLD_MOBILE String Up to 64 chars. Mobile phone number

USERFLD_MODIFY_TIME DateTime DateTime of last user account update.

USERFLD_NEW_DOMAIN String

USERFLD_NEW_ String Up to 255 chars.

ORGANIZATIONAL_UNIT

USERFLD_NEW_PASSWORD String Up to 255 chars.

USERFLD_OFFLINE_AUTH_ String Supported values:

ENABLED
n Default
n Yes
n No

USERFLD_ORGANIZATIONAL_ String Up to 255 chars.

UNIT

USERFLD_PASSWORD String Up to 255 chars.

USERFLD_PHONE String Up to 64 chars. Phone Number

USERFLD_RELIANT_ADMIN_ String The list of administrative privileges depending

PRIVILEGES on a specific set of administrative privileges.

USERFLD_REQUIRED_ADMIN_ String The list of administrative privileges that a spe-

PRIVILEGES cific set of other administrative privileges
depend on.

Used for bulk administrative privilege assign-

ment.

USERFLD_SEARCH_DOWN_OU_ Boolean Used to search for users in the specified organ-

PATH izational unit and child organizational units.

USERFLD_STATUS Integer Reserved for future usage.

USERFLD_TO_DOMAIN String

USERFLD_TO_USERID String Used when searching for DIGIPASS in a range

from USERFLD_USERID to USERFLD_
TO_USERID

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 59

 6. userExecute

Table 30: userExecute Field Attributes (continued)

Attribute Name Data Type Value Description

USERFLD_UPN String

USERFLD_USE_DP_FROM_ String Up to 255 chars. Domain of user to link to.

USER_DOMAIN

USERFLD_USE_DP_FROM_ String Up to 255 chars. UserID of user to link to.

USER_ID

USERFLD_USE_DP_FROM_ String
USER_LDAP_DN

USERFLD_USERID String Up to 255 chars. The UserID, in whatever form the calling applic-
ation provides it

Input: no specific format is required

Output: the resolved UserID will be provided

USERFLD_USERNAME String Up to 64 chars. Full username

USERFLD_VDP_DELIVERY_ String Comma separated string of at The delivery method for Virtual DIGIPASS mes-
METHOD most two delivery methods. sages. This overrides the general delivery
method specified in the user policy.
Supported values:

n Email
n SMS
n Voice

USERFLD_VDP_MDC_PROFILE String The Message Delivery Component (MDC) pro-

file for Virtual DIGIPASS messages. This takes
precedence over the MDC profile specified in
the user policy.

USERFLD_VDP_SIGN_DELIVERY_ String Comma separated string of at The delivery method for virtual signature mes-
METHOD most two delivery methods. sages. This overrides the general delivery
method specified in the user policy.
Supported values:

n Email
n SMS
n Voice

USERFLD_VDP_SIGN_MDC_ String The Message Delivery Component (MDC) pro-

PROFILE file for virtual signature messages. This takes
precedence over the MDC profile specified in
the user policy.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 60

 6. userExecute

6.1. USERCMD_CREATE

The following attributes can be specified in the user input parameter of this command:

Table 31: USERCMD_CREATE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_ORGANIZATIONAL_UNIT Optional

USERFLD_USERNAME Optional

USERFLD_EMAIL Optional

USERFLD_PHONE Optional

USERFLD_MOBILE Optional

USERFLD_DESCRIPTION Optional

USERFLD_PASSWORD Optional

USERFLD_LOCAL_AUTH Mandatory

USERFLD_BACKEND_AUTH Mandatory

USERFLD_DISABLED Mandatory

USERFLD_LOCKED Mandatory

USERFLD_GROUP_LIST Optional

USERFLD_OFFLINE_AUTH_ENABLED Optional

The following user attributes will be specified in the results output parameter of USERCMD_CREATE:

Table 32: USERCMD_CREATE Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_USERNAME If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 61

 6. userExecute

Table 32: USERCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

USERFLD_HAS_DP Always

USERFLD_DISABLED Always

USERFLD_LOCKED Always

USERFLD_USE_DP_FROM_USER_ID If defined

USERFLD_USE_DP_FROM_USER_DOMAIN If defined

USERFLD_OFFLINE_AUTH_ENABLED If defined

USERFLD_STATUS Always

USERFLD_CREATE_TIME Always

USERFLD_MODIFY_TIME Always

USERFLD_GROUP_LIST If defined

USERFLD_BACKEND_AUTH If defined

USERFLD_LOCAL_AUTH If defined

6.2. USERCMD_VIEW

The following attributes can be specified in the user input parameter of this command:

Table 33: USERCMD_VIEW Input Parameters

Attribute Name Optional?

USERFLD_DOMAIN Mandatory

USERFLD_USERID Mandatory

The following user attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 62

 6. userExecute

Table 34: USERCMD_VIEW Output Parameters (resultAttribute)

Attribute Name Returned?

USERFLD_ASSIGNED_DIGIPASS If defined

USERFLD_BACKEND_AUTH If defined

USERFLD_CREATE_TIME Always

USERFLD_DESCRIPTION If defined

USERFLD_DISABLED Always

USERFLD_DOMAIN Always

USERFLD_EMAIL If defined

USERFLD_EXPIRED Always

USERFLD_GROUP_LIST If defined

USERFLD_HAS_DP Always

USERFLD_LASTAUTHREQ_TIME If defined

USERFLD_LOCAL_AUTH If defined

USERFLD_LOCK_COUNT If defined

USERFLD_LOCKED Always

USERFLD_MOBILE If defined

USERFLD_MODIFY_TIME Always

USERFLD_OFFLINE_AUTH_ENABLED If defined

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_PHONE If defined

USERFLD_STATUS Always

USERFLD_USE_DP_FROM_USER_DOMAIN If defined

USERFLD_USE_DP_FROM_USER_ID If defined

USERFLD_USERID Always

USERFLD_USERNAME If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 63

 6. userExecute

6.3. USERCMD_GET_ADMIN_DOMAINS

The following attributes can be specified in the user input parameter of this command:

Table 35: USERCMD_GET_ADMIN_DOMAINS Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

The same user attributes will always be returned by the results output parameter of this command. The
USERCMD_GET_ADMIN_DOMAINS command will fail if the user specified is:

n Not an administrator, or
n An administrator from the Master Domain

This command will only return a list of domains to which the administrator has access. This list will not include the
domain in which the administrator was created.

6.4. USERCMD_SET_ADMIN_DOMAINS

The following attributes can be specified in the user input parameter of this command:

Table 36: USERCMD_SET_ADMIN_DOMAINS Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

This command also requires a list of domains to which the administrator should be a member (other than the
domain where the administrator was created). Refer to the following example for the required format:

Example
An administrator was created in domainb and is already a member of domaind. The following domain list will
add that administrator to both domaina and domainc:
<adminDomainInfoList xmlns="">

<adminDomains>

<adminDomain>domaina</adminDomain>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 64

 6. userExecute

</adminDomains>

<adminDomains>

<adminDomain>domainc</adminDomain>

</adminDomains>

</adminDomainInfoList>

In this example, the administrator would become an administrator for the domains domaina , domainb , and
domainc, and will no longer be an administrator for domaind. The USERCMD_SET_ADMIN_DOMAINS com-
mand will fail under any of the following conditions:

n The user specified is not an administrator

n The user specified is an administrator from the Master Domain
n The administrator running the command does not have domain scope over any specified domain
n The administrator and user specified are the same

The same user attributes used in the input parameters will always be returned by the results output para-
meter of this command.

6.5. USERCMD_DELETE

The following attributes can be specified in the user input parameter of this command:

Table 37: USERCMD_DELETE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

No result user attributes will be returned by this command.

6.6. USERCMD_UPDATE

The following attributes can be specified in the user input parameter of this command:

Table 38: USERCMD_UPDATE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 65

 6. userExecute

Table 38: USERCMD_UPDATE Input Parameters (continued)

Attribute Name Optional?

USERFLD_DOMAIN Mandatory

USERFLD_USERNAME Optional

USERFLD_EMAIL Optional

USERFLD_PHONE Optional

USERFLD_MOBILE Optional

USERFLD_DESCRIPTION Optional

USERFLD_LOCAL_AUTH Optional

USERFLD_BACKEND_AUTH Optional

USERFLD_DISABLED Optional

USERFLD_LOCKED Optional

USERFLD_OFFLINE_AUTH_ENABLED Optional

USERFLD_VDP_DELIVERY_METHOD Optional

USERFLD_VDP_MDC_PROFILE Optional

USERFLD_VDP_SIGN_DELIVERY_METHOD Optional

USERFLD_VDP_SIGN_MDC_PROFILE Optional

The following user attributes will be specified in the results output parameter of this command:

Table 39: USERCMD_UPDATE Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 66

 6. userExecute

Table 39: USERCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

USERFLD_DESCRIPTION If defined

USERFLD_LOCAL_AUTH Always

USERFLD_BACKEND_AUTH Always

USERFLD_DISABLED Always

USERFLD_LOCKED Always

USERFLD_OFFLINE_AUTH_ENABLED If defined

USERFLD_LOCK_COUNT If defined

USERFLD_USE_DP_FROM_USER_ID If defined

USERFLD_USE_DP_FROM_USER_DOMAIN If defined

USERFLD_HAS_DP Always

USERFLD_ASSIGNED_DIGIPASS If defined

USERFLD_STATUS Always

USERFLD_CREATE_TIME Always

USERFLD_MODIFY_TIME Always

USERFLD_VDP_DELIVERY_METHOD Always

USERFLD_VDP_MDC_PROFILE If defined

USERFLD_VDP_SIGN_DELIVERY_METHOD Alway

USERFLD_VDP_SIGN_MDC_PROFILE If defined

6.7. USERCMD_LINK_USER

The following attributes can be specified in the user input parameter of this command:

Table 40: USERCMD_LINK_USER Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 67

 6. userExecute

Table 40: USERCMD_LINK_USER Input Parameters (continued)

Attribute Name Optional?

USERFLD_ORGANIZATIONAL_UNIT Optional

USERFLD_USE_DP_FROM_USER_ID Mandatory

USERFLD_USE_DP_FROM_USER_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 41: USERCMD_LINK_USER Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

USERFLD_LOCAL_AUTH Always

USERFLD_BACKEND_AUTH Always

USERFLD_DISABLED Always

USERFLD_LOCKED Always

USERFLD_LOCK_COUNT If defined

USERFLD_USE_DP_FROM_USER_ID Always

USERFLD_USE_DP_FROM_USER_DOMAIN Always

USERFLD_HAS_DP Always

USERFLD_ASSIGNED_DIGIPASS If defined

USERFLD_STATUS Always

USERFLD_CREATE_TIME Always

USERFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 68

 6. userExecute

6.8. USERCMD_UNLINK_USER

The following attributes can be specified in the user input parameter of this command:

Table 42: USERCMD_UNLINK_USER Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_ORGANIZATIONAL_UNIT Optional

The following user attributes will be specified in the results output parameter of this command:

Table 43: USERCMD_UNLINK_USER Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

USERFLD_LOCAL_AUTH Always

USERFLD_BACKEND_AUTH Always

USERFLD_DISABLED Always

USERFLD_LOCKED Always

USERFLD_LOCK_COUNT If defined

USERFLD_HAS_DP Always

USERFLD_ASSIGNED_DIGIPASS If defined

USERFLD_STATUS Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 69

 6. userExecute

Table 43: USERCMD_UNLINK_USER Output Parameters (continued)

Attribute Name Returned?

USERFLD_CREATE_TIME Always

USERFLD_MODIFY_TIME Always

6.9. USERCMD_MOVE

The following attributes can be specified in the user input parameter of this command:

Table 44: USERCMD_MOVE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_NEW_ORGANIZATIONAL_UNIT Optional

The following user attributes will be specified in the results output parameter of this command:

Table 45: USERCMD_MOVE Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_ORGANIZATIONAL_UNIT Always

6.10. USERCMD_GET_PERMISSION

The following attributes can be specified in the user input parameter of this command:

Table 46: USERCMD_GET_PERMISSION Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 70

 6. userExecute

Table 47: USERCMD_GET_PERMISSION Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_LOGICAL_ADMIN_PRIVILEGES Always

6.11. USERCMD_SET_PERMISSION

The following attributes can be specified in the user input parameter of this command:

Table 48: USERCMD_SET_PERMISSION Input Parameters]

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_LOGICAL_ADMIN_PRIVILEGES Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 49: USERCMD_SET_PERMISSION Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_DOMAIN Always

USERFLD_LOGICAL_ADMIN_PRIVILEGES Always

6.12. USERCMD_COPY_PERMISSION

The following attributes can be specified in the user input parameter of this command:

Table 50: USERCMD_COPY_PERMISSION Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_TO_USERID Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 71

 6. userExecute

Table 50: USERCMD_COPY_PERMISSION Input Parameters (continued)

Attribute Name Optional?

USERFLD_TO_DOMAIN Mandatory

There is no output for this command.

6.13. USERCMD_ENABLE

The following attributes can be specified in the user input parameter of this command:

Table 51: USERCMD_ENABLE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 52: USERCMD_ENABLE Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

6.14. USERCMD_DISABLE

The following attributes can be specified in the user input parameter of this command:

Table 53: USERCMD_DISABLE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 72

 6. userExecute

The following user attributes will be specified in the results output parameter of this command:

Table 54: USERCMD_DISABLE Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

6.15. USERCMD_UNLOCK

As part of the unlock procedure, the User Lock Count will be set to 0.

The following attributes can be specified in the user input parameter of this command:

Table 55: USERCMD_UNLOCK Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 56: USERCMD_UNLOCK Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 73

 6. userExecute

6.16. USERCMD_RESET_PASSWORD

The following attributes can be specified in the user input parameter of this command:

Table 57: USERCMD_RESET_PASSWORD Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 58: USERCMD_RESET_PASSWORD Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

6.17. USERCMD_SET_PASSWORD

The following attributes can be specified in the user input parameter of this command:

Table 59: USERCMD_SET_PASSWORD Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_NEW_PASSWORD Mandatory

USERFLD_CONFIRM_NEW_PASSWORD Mandatory

The following user attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 74

 6. userExecute

Table 60: USERCMD_SET_PASSWORD Output Parameters

Attribute Name Returned?

USERFLD_USERID Always

USERFLD_USERNAME If defined

USERFLD_EMAIL If defined

USERFLD_PHONE If defined

USERFLD_MOBILE If defined

USERFLD_DESCRIPTION If defined

6.18. USERCMD_SET_EXPIRATION

The following attributes can be specified in the user input parameter of this command:

Table 61: USERCMD_SET_EXPIRATION Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

USERFLD_EXPIRATION_TIME Mandatory

There is no output for this command.

To reset the expiration date and time, use the null attribute option described in 6.20. Attribute Options

6.19. USERCMD_RESET_LAST_AUTH_TIME

The following attributes can be specified in the user input parameter of this command:

Table 62: USERCMD_RESET_LAST_AUTH_TIME Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

There is no output for this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 75

 6. userExecute

6.20. Attribute Options

The following attribute options are available for each attribute listed below. They are used to change the state of
the attribute when required.

Table 63: userExecute attribute Options

Attribute Option Description
masked Used to mask the contents of visible attributes, such as passwords.
null Used to unset attributes

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 76

 7. userQuery

7. userQuery
The userQuery command allows querying user accounts matching specified search criteria.

7.1. Parameters

Table 64: userQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current administrative

session. The logon command returns this iden-
tifier after a successful logon (see 5.1. logon).

attributeSet UserAttributeSet Mandatory Specifies the user query search criteria (see 7.1.1.
UserAttributeSet).

fieldSet UserFieldSet Optional Specifies the user attribute fields to be returned for
all the user account records matching the search
criteria (see 7.1.2. UserFieldSet).

If fieldSet is omitted, all possible output para-

meters are returned. If a user attribute field is not
set in the database, it is not returned for that spe-
cific user account.

queryOptions UserQueryOptions Optional Options to determine what results should be

returned (see 7.1.3. UserQueryOptions).

Table 65: userQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

results UserQueryResults Mandatory Result structure containing return and status

codes and a list of the queried user account fields
(see 7.1.4. UserQueryResults).

7.1.1. UserAttributeSet

The user attributes specified in this attribute set define the user search criteria.

Search fields are interpreted as follows:

n Wildcards are only accepted when the USERFLD_TO_USERID and USERFLD_TO_DOMAIN attrib-
utes are not set.
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as the SQL
LIKE statement.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 77

 7. userQuery

n A list of comma separated values can be specified, in this case it will be interpreted as the logical OR of
the given values.
n Otherwise, the search will be done using the exact match of the given value.

Table 66: UserAttributeSet (Data Type)

Element Name Type Description

attributes UserAttribute Attributes specifying the user query search criteria (see Table 67: UserAttribute (Data
Type)).

Table 67: UserAttribute (Data Type)

Element Name Type Description

attributeOptions AttributeOptions Specifies how to handle the attribute value during request processing, where each
option is added as single element to attributeOptions, e.g.:

<negative>true</negative>

Supported values:

n negative. Indicates that the specified user attribute value should NOT be
equal to the one specified.
n null. Indicates that the specified attribute should be handled as zero-value.

value Any The attribute value. The data type has to be specified by setting the xsi:type
XML attribute.

attributeID UserAttributeIDEnum The attribute identifier (see Table 68: userQuery (Supported Input Attributes)).

Table 68: userQuery (Supported Input Attributes)

Attribute Name Optionality

USERFLD_ASSIGNED_DIGIPASS Optional

USERFLD_CREATE_TIME Optional

USERFLD_DESCRIPTION Optional

USERFLD_DISABLED Optional

USERFLD_DOMAIN Optional

USERFLD_EMAIL Optional

USERFLD_EXPIRED Optional

USERFLD_HAS_DP Optional

USERFLD_LAST_PASSWORD_SET_TIME Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 78

 7. userQuery

Table 68: userQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

USERFLD_LASTAUTH_TIME Optional

USERFLD_LOCKED Optional

USERFLD_MOBILE Optional

USERFLD_MODIFY_TIME Optional

USERFLD_ORGANIZATIONAL_UNIT Optional

USERFLD_PHONE Optional

USERFLD_TO_DOMAIN Optional

USERFLD_TO_USERID Optional

USERFLD_USE_DP_FROM_USER_DOMAIN Optional

USERFLD_USE_DP_FROM_USER_ID Optional

USERFLD_USERID Optional

USERFLD_USERNAME Optional

For more information about the specific attributes, refer to Table 30: userExecute Field Attributes.

7.1.2. UserFieldSet

The attributes specified in the fieldSet parameter specify the user attribute fields the IDENTIKEY Authentic-
ation Server should return for the users accounts matching the search criteria.

If fieldSet is omitted, all possible output parameters are returned. If an attribute field is not set in the data-
base, it is not returned for that specific record.

Table 69: UserFieldSet (Data Type)

Element Name Type Description

attributeID UserAttributeIDEnum The identifier of an attribute to return (see Table 70: userQuery (Supported Output
Attributes)).

Table 70: userQuery (Supported Output Attributes)

Attribute Name Returned?

USERFLD_ADMIN_PRIVILEGES If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 79

 7. userQuery

Table 70: userQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

USERFLD_ASSIGNED_DIGIPASS If defined

USERFLD_BACKEND_AUTH If defined

USERFLD_CREATE_TIME If defined

USERFLD_DESCRIPTION If defined

USERFLD_DISABLED If defined

USERFLD_DOMAIN If defined

USERFLD_EMAIL If defined

USERFLD_EXPIRED If defined

USERFLD_HAS_DP If defined

USERFLD_LAST_PASSWORD_SET_TIME If defined

USERFLD_LASTAUTH_TIME If defined

USERFLD_LASTAUTHREQ_TIME If defined

USERFLD_LOCAL_AUTH If defined

USERFLD_LOCKED If defined

USERFLD_MOBILE If defined

USERFLD_MODIFY_TIME If defined

USERFLD_OFFLINE_AUTH_ENABLED If defined

USERFLD_ORGANIZATIONAL_UNIT If defined

USERFLD_PHONE If defined

USERFLD_STATUS If defined

USERFLD_USE_DP_FROM_USER_DOMAIN If defined

USERFLD_USE_DP_FROM_USER_ID If defined

USERFLD_USERID If defined

USERFLD_USERNAME If defined

USERFLD_VDP_DELIVERY_METHOD If defined

USERFLD_VDP_MDC_PROFILE If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 80

 7. userQuery

Table 70: userQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

USERFLD_VDP_SIGN_DELIVERY_METHOD If defined

USERFLD_VDP_SIGN_MDC_PROFILE If defined

For more information about the specific attributes, refer to Table 30: userExecute Field Attributes.

7.1.3. UserQueryOptions

This determines what results should be returned.

Table 71: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 81

 7. userQuery

7.1.4. UserQueryResults

Table 72: UserQueryResults (Data Type)

Element Name Data Type Optionality Description

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

resultAttribute UserAttributeList Mandatory List containing the queried user attributes. Each
item of type UserAttributeSet.

resultCount Integer Mandatory The number of items in resultAttribute.

errorStack ErrorStack Mandatory The error stack, indicating that the command has
not completed successfully.

7.2. Example

Example
<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header/>

<SOAP-ENV:Body>

<adm:userQuery xmlns:adm= "http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration"

xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<sessionID>3JSK8cmRjw4E30wAA=0nUTL-~3fmifTO</sessionID>

<attributeSet>

<attributes>

<value xsi:type="xsd:string">jane.doe</value>

<attributeID>USERFLD_USERID</attributeID>

</attributes>

</attributeSet>

<fieldSet>

<attributeID>USERFLD_USERID</attributeID>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 82

 7. userQuery

<attributeID>USERFLD_DOMAIN</attributeID>

</fieldSet>

</adm:userQuery>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

7.3. Requirements

Required administration privileges:

n View User

7.4. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 83

 8. userattributeExecute

8. userattributeExecute
The userattributeExecute command supports executing following user related administrative oper-
ations:

Table 73: userattributeExecute Commands (SOAP Administration)

Command Description

USERATTRIBUTECMD_CREATE Creates a new user attribute for a specified user (see 8.1.
USERATTRIBUTECMD_CREATE ).

USERATTRIBUTECMD_VIEW Displays the values for a specified user attribute (see 8.2.
USERATTRIBUTECMD_VIEW).

USERATTRIBUTECMD_UPDATE Updates the specified user attribute (see 8.3. USERATTRIBUTECMD_

UPDATE).

USERATTRIBUTECMD_DELETE Deletes the specified user attribute (see 8.4. USERATTRIBUTECMD_DELETE).

Each userattributeExecute command should specify following command parameters:

Table 74: userattributeExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The user attribute command to be executed.

Commands are specified in the list above.

USERATTRIBUTE ATTRIBUTESET Set I Zero or more userattribute attribute fields.

RESULTSET Set O Zero or more userattribute result fields.

These field attributes are also available for userattributeExecute commands:

Table 75: userattributeExecute Field Attributes

Attribute Name Data Value Description
Type

UATTFLD_ATTR_GROUP String Up to 255 chars. Attribute Group to which the attribute belongs. This is
used to distinguish which attributes will be returned in
specific circumstances.

UATTFLD_CREATE_TIME DateTime The date and time the user attribute object was created
in the database.

UATTFLD_DOMAIN String Up to 255 chars. The domain to which the User record belongs.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 84

 8. userattributeExecute

Table 75: userattributeExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

UATTFLD_LDAP_DN String

UATTFLD_MODIFY_TIME DateTime The date and time of the last user attribute object
update.

UATTFLD_NAME String Up to 64 chars. The name of the attribute.

UATTFLD_SEQ_NO Integer Sequence number for the attribute. This is used to con-
catenate attributes into a string for Active Directory data
store.

UATTFLD_USAGE_QUALIFIER String Up to 64 chars. Usage qualifier specifies the type of attribute in use.

UATTFLD_USERID String Up to 255 chars. The UserID, in whatever form the calling application
provides it (no specific format is required).

UATTFLD_VALUE String Up to 255 chars. The value of the attribute.

UATTFLD_OPTIONS String

The UATTFLD_OPTIONS element specifies whether the attribute is of type SOAP or RADIUS, and whether the attrib-
ute value is encrypted or not. These two settings are expressed via the following values:

Table 76: UATTFLD_OPTIONS values and resulting attribute types

Value Resulting Attribute Type

0 Unencrypted SOAP attribute

1 Unencrypted RADIUS attribute

2 Encrypted SOAP attribute

3 Encrypted RADIUS attribute

8.1. USERATTRIBUTECMD_CREATE

The following attributes can be specified in the user input parameter of this command:

Table 77: USERATTRIBUTECMD_CREATE Input Parameters

Name Optional?

UATTFLD_USERID Mandatory

UATTFLD_DOMAIN Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 85

 8. userattributeExecute

Table 77: USERATTRIBUTECMD_CREATE Input Parameters (continued)

Name Optional?

UATTFLD_ATTR_GROUP Mandatory

UATTFLD_NAME Mandatory

UATTFLD_USAGE_QUALIFIER Mandatory

UATTFLD_VALUE Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 78: USERATTRIBUTECMD_CREATE Output Parameters

Name Returned?

UATTFLD_USERID Always

UATTFLD_DOMAIN Always

UATTFLD_ATTR_GROUP Always

UATTFLD_NAME Always

UATTFLD_USAGE_QUALIFIER Always

UATTFLD_VALUE Always

UATTFLD_SEQ_NO Always

UATTFLD_CREATE_TIME Always

UATTFLD_MODIFY_TIME Always

UATTFLD_OPTIONS Optional

8.2. USERATTRIBUTECMD_VIEW

The following attributes can be specified in the user input parameter of this command:

Table 79: USERATTRIBUTECMD_VIEW Input Parameters

Name Optional?

UATTFLD_USERID Mandatory

UATTFLD_DOMAIN Mandatory

UATTFLD_ATTR_GROUP Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 86

 8. userattributeExecute

Table 79: USERATTRIBUTECMD_VIEW Input Parameters (continued)

Name Optional?

UATTFLD_SEQ_NO Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 80: USERATTRIBUTECMD_VIEW Output Parameters

Name Returned?

UATTFLD_USERID Always

UATTFLD_DOMAIN Always

UATTFLD_ATTR_GROUP Always

UATTFLD_NAME Always

UATTFLD_USAGE_QUALIFIER Always

UATTFLD_VALUE Always

UATTFLD_SEQ_NO Always

UATTFLD_CREATE_TIME Always

UATTFLD_MODIFY_TIME Always

8.3. USERATTRIBUTECMD_UPDATE

The following attributes can be specified in the user input parameter of this command:

Table 81: USETATTRIBUTECMD_UPDATE Input Parameters

Name Optional?

UATTFLD_USERID Mandatory

UATTFLD_DOMAIN Mandatory

UATTFLD_ATTR_GROUP Mandatory

UATTFLD_SEQ_NO Mandatory

UATTFLD_NAME Optional

UATTFLD_VALUE Optional

UATTFLD_USAGE_QUALIFIER Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 87

 8. userattributeExecute

The following user attributes will be specified in the results output parameter of this command:

Table 82: USERATTRIBUTECMD_UPDATE Output Parameters

Name Returned?

UATTFLD_USERID Always

UATTFLD_DOMAIN Always

UATTFLD_ATTR_GROUP Always

UATTFLD_NAME Always

UATTFLD_USAGE_QUALIFIER Always

UATTFLD_VALUE Always

UATTFLD_SEQ_NO Always

UATTFLD_CREATE_TIME Always

UATTFLD_MODIFY_TIME Always

8.4. USERATTRIBUTECMD_DELETE

The following attributes can be specified in the user input parameter of this command:

Table 83: USETATTRIBUTECMD_DELETE Input Parameters

Name Optional?

UATTFLD_USERID Mandatory

UATTFLD_DOMAIN Mandatory

UATTFLD_ATTR_GROUP Mandatory

UATTFLD_SEQ_NO Mandatory

No result user attributes will be returned by the delete user attribute command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 88

 9. userSendNotification

9. userSendNotification
The userSendNotification command sends a notification message to a specified user.

9.1. Parameters

Table 84: userSendNotification Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current administrative

session. The logon command returns this iden-
tifier after a successful logon (see 5.1. logon).

user UserInput Mandatory Specifies the user to whom the message is sent.

message String Mandatory The message text.

deliveryMethod String Mandatory Indicates if the message is an email, SMS or voice

message.

Possible values:

n Email
n SMS
n Voice

destination String Optional The (mobile) phone number or email address of the
recipient. Overrides the returned value.

mdcProfile String Optional The MDC profile used for sending the message.

schedule ScheduleInput Optional Defines the date and time the message will be sent.

Table 85: userSendNotification Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

errorStack ErrorStack Optional The error stack, indicating that the command has not
completed successfully.

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

destination String Mandatory The returned (mobile) phone number or email

address of the recipient.

user UserOutput Mandatory The returned user information.

taskID String Optional The returned task ID in case of scheduled noti-

fications.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 89

 9. userSendNotification

9.1.1. UserInput

Table 86: UserInput (Data Type)

Element Name Type Description

userID String The ID of the user to whom the message is sent.

domain String The domain of the user to whom the message is sent.

9.1.2. ScheduleInput

Table 87: ScheduleInput (Data Type)

Element Name Type Description

time DateTime The date and time the message will be sent. Seconds are ignored by the scheduled task.

9.1.3. UserOutput

Table 88: UserOutput (Data Type)

Element Name Type Description

userID String The returned ID of the user to whom the message is sent.

domain String The returned domain of the user to whom the message is sent.

orgUnit String The returned organizational unit of the user to whom the message is sent.

9.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:adm="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration">

<soapenv:Header/>

<soapenv:Body>

<adm:userSendNotificationRequest>

<sessionID>bbhDR7=mI90R+Q1Kr_??~9IesbmtnVyQ</sessionID>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 90

 9. userSendNotification

<user>

<userID>Jane Doe</userID>

<domain>Master</domain>

</user>

<message>This is a message sent to Jane Doe.</message>

<deliveryMethod>Email</deliveryMethod>

<mdcProfile>Profile1</mdcProfile>

<schedule>

<time>2015-06-29T09:00:00</time>

</schedule>

</adm:userSendNotificationRequest>

</soapenv:Body>

</soapenv:Envelope>

9.3. Requirements

Required administration privileges:

n Send Notification

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 91

 10. offlinedataExecute

10. offlinedataExecute
The offlinedataExecute command performs the following user-related administrative operations:

Table 89: offlinedataExecute Commands (SOAP Administration)

Command Description

OFFLINEDATACMD_VIEW This command displays user account information (see 10.1. OFFLINEDATACMD_
VIEW).

OFFLINEDATACMD_DELETE This command deletes a user account (see 10.2. OFFLINEDATACMD_DELETE).

Each offlinedataExecute SOAP request can specify following command parameters:

Table 90: offlinedataExecute Command Attributes

Name Data Input/Output Description
Type

SESSION_ID String I The session identifier of the current administrative session.

The logon command returns this identifier after a suc-
cessful logon.

CMD String I The user command to be executed.

Commands are specified in the table above.

USERATTRIBUTESET Set I Zero or more user attribute fields.

RESULTSET Set O Zero or more result fields.

Table 91: offlinedataExecute Field Attributes

Attribute Name Data Value Description
Type

OFFLINEDATAFLD_COMPONENT_ String
LOCATION

OFFLINEDATAFLD_COMPONENT_ String
TYPE

OFFLINEDATAFLD_CREATE_TIME DateTime The date and time the user account object was cre-
ated in the database.

OFFLINEDATAFLD_DOMAIN String Up to 255 chars.

OFFLINEDATAFLD_END_TIME String

OFFLINEDATAFLD_EVENT_COUNTER String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 92

 10. offlinedataExecute

Table 91: offlinedataExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

OFFLINEDATAFLD_EVENT_WINDOW String

OFFLINEDATAFLD_MODIFY_TIME DateTime The date and time of the last user account object
update.

OFFLINEDATAFLD_PROTOCOL_ID String Specifies which protocol the request uses so that

protocol-specific data can be used when appro-
priate.

OFFLINEDATAFLD_SERIALNO String

OFFLINEDATAFLD_START_TIME String

OFFLINEDATAFLD_USERID String Up to 255 chars. Input: The UserID, in whatever form the calling
application provides it (no specific format is
required).

10.1. OFFLINEDATACMD_VIEW

The following attributes can be specified in the user input parameter of this command:

Table 92: OFFLINEDATACMD_VIEW Input Parameters

Attribute Name Optional?

OFFLINEDATAFLD_USERID Mandatory

OFFLINEDATAFLD_DOMAIN Mandatory

The following user attributes will be specified in the results output parameter of this command:

Table 93: OFFLINEDATACMD_VIEW Output Parameters

Attribute Name Optional?

OFFLINEDATAFLD_COMPONENT_TYPE

OFFLINEDATAFLD_COMPONENT_LOCATION

OFFLINEDATAFLD_DOMAIN

OFFLINEDATAFLD_USERID

OFFLINEDATAFLD_SERIALNO

OFFLINEDATAFLD_EVENT_WINDOW

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 93

 10. offlinedataExecute

Table 93: OFFLINEDATACMD_VIEW Output Parameters (continued)

Attribute Name Optional?

OFFLINEDATAFLD_EVENT_COUNTER

OFFLINEDATAFLD_START_TIME

OFFLINEDATAFLD_END_TIME

OFFLINEDATAFLD_CREATE_TIME Always

OFFLINEDATAFLD_MODIFY_TIME Always

10.2. OFFLINEDATACMD_DELETE

The following attributes can be specified in the user input parameter of this command:

Table 94: OFFLINEDATACMD_DELETE Input Parameters

Attribute Name Optional?

USERFLD_USERID Mandatory

USERFLD_DOMAIN Mandatory

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 94

 11. digipassExecute

11. digipassExecute
The digipassExecute command supports executing following DIGIPASS related administrative operations:

Table 95: digipassExecute Commands (SOAP Administration)

Command Description

DIGIPASSCMD_ADD_DEVICE Registers a new DIGIPASS device or instance (see 11.15.

DIGIPASSCMD_ADD_DEVICE ). In a Two-Step Activation scenario,
this constitutes the second activation step.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSCMD_ASSIGN Assigns a DIGIPASS authenticator to a user (see 11.5.

DIGIPASSCMD_ASSIGN).

DIGIPASSCMD_BIND_DEVICE Binds a DIGIPASS for Mobile device (see 11.12. DIGIPASSCMD_

BIND_DEVICE).

DIGIPASSCMD_DEACTIVATE Generates a deactivation message for a specific DIGIPASS instance

(see 11.16. DIGIPASSCMD_DEACTIVATE).

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE Decrypts the body of an information message with an encrypted

payload key created by a device compliant with Multi-Device Licens-
ing (see 11.3. DIGIPASSCMD_ DECRYPT_ INFORMATION_
MESSAGE).

DIGIPASSCMD_DELETE Deletes the specified DIGIPASS authenticator (see 11.4.

DIGIPASSCMD_DELETE).

DIGIPASSCMD_GENERATE_ACTIVATION_DATA Generates activation data for DIGIPASS for Mobile (see 11.10.
DIGIPASSCMD_GENERATE_ACTIVATION_DATA).

DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE Generates the first activation message for a specific DIGIPASS license
(see 11.14. DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE). In
a Two-Step Activation scenario, this constitutes the first activation
step.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSCMD_MOVE Moves the specified DIGIPASS authenticator to another domain

and/or organizational unit in the organizational structure (see 11.7.
DIGIPASSCMD_MOVE).

DIGIPASSCMD_RESET_ACTIVATION This command resets the activation information for the specified
DIGIPASS authenticator (see 11.9. DIGIPASSCMD_RESET_
ACTIVATION).

DIGIPASSCMD_SEND_ACTIVATION_DATA Sends activation data to DIGIPASS for Mobile (see 11.11.

DIGIPASSCMD_SEND_ACTIVATION_DATA).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 95

 11. digipassExecute

Table 95: digipassExecute Commands (SOAP Administration) (continued)

Command Description

DIGIPASSCMD_SET_EXPIRATION Sets the expiration and/or start date for the specified
DIGIPASS authenticator (see 11.8. DIGIPASSCMD_SET_
EXPIRATION).

DIGIPASSCMD_UNASSIGN Unassigns the specified DIGIPASS authenticator (see 11.6.

DIGIPASSCMD_UNASSIGN).

DIGIPASSCMD_UNBIND_DEVICE Uninds a DIGIPASS for Mobile device (see 11.13. DIGIPASSCMD_

UNBIND_DEVICE).

DIGIPASSCMD_UPDATE Updates the specified DIGIPASS information (see 11.2.

DIGIPASSCMD_UPDATE).

DIGIPASSCMD_VIEW Displays the DIGIPASS information for the specified DIGIPASS (see
11.1. DIGIPASSCMD_VIEW).

Each digipassExecute command should specify following command parameters:

Table 96: digipassExecute Input Parameters

Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon
(see 5.1. logon).

cmd String Mandatory The DIGIPASS command to be executed (see Table 95: digi-
passExecute Commands (SOAP Administration)).

attributeSet DigipassAttributeSet Mandatory Zero or more DIGIPASS attribute fields.

Table 97: digipassExecute Output Parameters

Name Data Type Optionality Description

results DigipassResults Mandatory Zero or more DIGIPASS result fields.

These field attributes are also available for digipassExecute commands:

Table 98: digipassExecute Field Attributes

Attribute Name Data Type Value

DIGIPASSFLD_ACTIV_COUNT Integer 0 or positive integer.

DIGIPASSFLD_ACTIV_LOCATIONS String Up to 1024 chars.

DIGIPASSFLD_ACTIVE_APPL_NAMES String Up to 255 chars.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 96

 11. digipassExecute

Table 98: digipassExecute Field Attributes (continued)

Attribute Name Data Type Value

DIGIPASSFLD_ACTIVE_APPL_TYPES String Up to 32 chars.

DIGIPASSFLD_APPL_NAME String The name of the DIGIPASS Application which can be used to validate the Activ-
ation Signature parameter.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_ASSIGN_STATUS String Supported values:

n Assigned
n Unassigned

DIGIPASSFLD_ASSIGNED_DATE DateTime

DIGIPASSFLD_ASSIGNED_USER_LDAP_ String
DN

DIGIPASSFLD_ASSIGNED_USER_ORG_ String Up to 255 chars.

UNIT

DIGIPASSFLD_ASSIGNED_USERID String Up to 255 chars.

DIGIPASSFLD_BACKUP_VDP_ENABLED String Up to 1024 chars

Supported values:

n Default
n No
n Yes – Permitted
n Yes – Required

DIGIPASSFLD_BACKUP_VDP_EXPIRES Date

DIGIPASSFLD_BACKUP_VDP_USES_LEFT Integer 0 or positive integer.

DIGIPASSFLD_BIND_STATUS String

DIGIPASSFLD_CREATE_TIME DateTime

DIGIPASSFLD_DELIVERY_METHOD String

DIGIPASSFLD_DERIVATION_CODE String

DIGIPASSFLD_DESTINATION String

DIGIPASSFLD_DEVICE_CODE String The device code generated by the DIGIPASS upon processing the first activation
message.

Applies to DIGIPASS compliant with Multi-Device Licensing

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 97

 11. digipassExecute

Table 98: digipassExecute Field Attributes (continued)

Attribute Name Data Type Value

DIGIPASSFLD_DEVICE_ID String The identifier which refers to a specific DIGIPASS device.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_DEVICE_TYPE String The device type of the DIGIPASS to be activated.

Applies to DIGIPASS compliant with Multi-Device Licensing.

Supported values:

n 0 – Hardware device
n 1 – Unknown software platform
n 3 – iOS
n 5 – Jailbroken iOS
n 7 – Android
n 9 – Rooted Android
n 11 – Windows Phone
n 13 – BlackBerry Native
n 15 – MIDP2 Platform or BlackBerry Java
n 17 – Windows
n 19 – Linux
n 21 - Mac
n 23 - RFU

DIGIPASSFLD_DIRECT_ASSIGN_ONLY Boolean

DIGIPASSFLD_DOMAIN String Up to 255 chars.

The domain the relevant DIGIPASS authenticator belongs to.

DIGIPASSFLD_DP_DESCRIPTION String Custom field used for identifying authenticators

DIGIPASSFLD_DPSOFT_PARAMS_ID String

DIGIPASSFLD_DPTYPE String Exactly 5 chars.

DIGIPASSFLD_EMVCAP_PAN String EMV-CAP PAN number

DIGIPASSFLD_EVENT_REACTIVATION_ String
COUNTER

DIGIPASSFLD_EXPIRATION_TIME DateTime The expiration date and time of the DIGIPASS authenticator. An expired
DIGIPASS authenticator is ignored when processing authentication, admin-
istrative logon, signature validation, and provisioning requests.

DIGIPASSFLD_EXPIRED Boolean Indicates whether the DIGIPASS authenticator has expired.

This attribute is only set, if the DIGIPASS authenticator is assigned to a user.

DIGIPASSFLD_FULL_ACTIVATION_DATA String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 98

 11. digipassExecute

Table 98: digipassExecute Field Attributes (continued)

Attribute Name Data Type Value

DIGIPASSFLD_GRACE_PERIOD_DAYS Integer 0 or positive integer.

Defines the grace period expiration date on the DIGIPASS when assigning.

DIGIPASSFLD_GRACE_PERIOD_EXPIRED Boolean Indicates whether the grace period for the DIGIPASS authenticator has ended.

This attribute is only set, if the DIGIPASS authenticator is assigned to a user.

DIGIPASSFLD_GRACE_PERIOD_EXPIRES Date

DIGIPASSFLD_INFORMATION_BODY String Up to 1024 hexadecimal characters.

In case of a successful operation, this parameter contains the clear information

body extracted from the information message.

DIGIPASSFLD_INFORMATION_MESSAGE String Contains the information message that has been generated by the DIGIPASS cli-
ent device. The string length must be a multiple of 2 with a maximum length of
1070 characters.

DIGIPASSFLD_LAST_ACTIV_TIME DateTime

DIGIPASSFLD_LDAP_DN String

DIGIPASSFLD_LICENSE_SERNO String The serial number or DIGIPASS license for which a DIGIPASS instance has been
activated.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_MAX_ACTIVATIONS Integer The maximum number of DIGIPASS activations which can be performed with a
DIGIPASS license.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_MDC_PROFILE String The specific Message Delivery Component (MDC) profile used to send activation
data via MDC. This takes precedence over the MDC profile specified in the user
profile.

Can be a null-value (via attributeOptions).

DIGIPASSFLD_MODIFY_TIME DateTime

DIGIPASSFLD_NEW_ ORGANIZATIONAL_ String Up to 255 chars.

UNIT

DIGIPASSFLD_NEW_DOMAIN String Up to 255 chars.

DIGIPASSFLD_ORGANIZATIONAL_UNIT String Up to 255 chars.

The organizational unit the relevant DIGIPASS authenticatorbelongs to.

DIGIPASSFLD_QR_CODE String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 99

 11. digipassExecute

Table 98: digipassExecute Field Attributes (continued)

Attribute Name Data Type Value

DIGIPASSFLD_REQUEST_KEY String The key which refers to the second activation message cached by IDENTIKEY
Authentication Server. In the response, DIGIPASSFLD_REQUEST_KEY needs to
go along with DIGIPASSFLD_APPL_NAME, i.e. both attributes are either present
or they are missing.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_REQUEST_MESSAGE String The activation message.

Applies to DIGIPASS compliant with Multi-Device Licensing

DIGIPASSFLD_RESULT_CODE String

DIGIPASSFLD_RESULT_MESSAGE String

DIGIPASSFLD_SEARCH_DOWN_OU_ Boolean
PATH

DIGIPASSFLD_SEARCH_UP_OU_PATH Boolean

DIGIPASSFLD_SECURE_CHANNEL Boolean If true, at least one DIGIPASS Application supports Secure Channel.

Applies to DIGIPASS compliant with Multi-Device Licensing.

DIGIPASSFLD_SERNO String Exactly 10 chars.

DIGIPASS Serial Number

DIGIPASSFLD_START_TIME DateTime The date and time the DIGIPASS authenticator becomes active and can effect-
ively be used (delayed activation).

It uses the following format:

<yyyy>-<MM>-<dd>T<HH>:<mm>:<ss>.<SSS>Z

DIGIPASSFLD_TO_EXPIRATION_TIME DateTime Used when searching within a range from DIGIPASSFLD_EXPIRATION_

TIME to DIGIPASSFLD_TO_EXPIRATION_TIME (using digi-
passQuery).

It uses the following format:

<yyyy>-<MM>-<dd>T<HH>:<mm>:<ss>.<SSS>Z

DIGIPASSFLD_TO_SERNO String Used when searching within a range from DIGIPASSFLD_SERNO to

DIGIPASSFLD_TO_SERNO (using digipassQuery).

DIGIPASSFLD_TO_START_TIME DateTime Used when searching within a range from DIGIPASSFLD_START_TIME

to DIGIPASSFLD_TO_START_TIME (using digipassQuery).

It uses the following format:

<yyyy>-<MM>-<dd>T<HH>:<mm>:<ss>.<SSS>Z

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 100

 11. digipassExecute

Table 98: digipassExecute Field Attributes (continued)

Attribute Name Data Type Value

DIGIPASSFLD_TOP_ORGANIZATIONAL_ String
UNIT

11.1. DIGIPASSCMD_VIEW

DIGIPASSCMD_VIEW displays the DIGIPASS information for the specified DIGIPASS authenticator.

11.1.1. Parameters

The following attributes can be specified in the attributeSet input parameter of this command:

Table 99: DIGIPASSCMD_VIEW Input Parameters

Attribute Name Optionality

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_SERNO Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 100: DIGIPASSCMD_VIEW Output Parameters (resultAttribute)

Attribute Name Returned

DIGIPASSFLD_ACTIV_COUNT If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIVE_APPL_NAMES Always

DIGIPASSFLD_ACTIVE_APPL_TYPES Always

DIGIPASSFLD_ASSIGN_STATUS Always

DIGIPASSFLD_ASSIGNED_DATE If defined

DIGIPASSFLD_ASSIGNED_USERID If defined

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_BACKUP_VDP_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_USES_LEFT If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 101

 11. digipassExecute

Table 100: DIGIPASSCMD_VIEW Output Parameters (resultAttribute) (continued)

Attribute Name Returned

DIGIPASSFLD_CREATE_TIME Always

DIGIPASSFLD_DEVICE_ID If defined

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DPTYPE Always

DIGIPASSFLD_EXPIRATION_TIME If defined

DIGIPASSFLD_EXPIRED Always

DIGIPASSFLD_GRACE_PERIOD_EXPIRED Always

DIGIPASSFLD_GRACE_PERIOD_EXPIRES If defined

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_LICENSE_SERNO If defined

DIGIPASSFLD_MAX_ACTIVATIONS If defined

DIGIPASSFLD_MODIFY_TIME Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_START_TIME If defined

11.1.2. Requirements

Required administration privileges:

n View DIGIPASS

11.2. DIGIPASSCMD_UPDATE

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 102

 11. digipassExecute

Table 101: DIGIPASSCMD_UPDATE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_GRACE_PERIOD_EXPIRES Optional

DIGIPASSFLD_BACKUP_VDP_ENABLED Optional

DIGIPASSFLD_BACKUP_VDP_EXPIRES Optional

DIGIPASSFLD_BACKUP_VDP_USES_LEFT Optional

DIGIPASSFLD_DIRECT_ASSIGN_ONLY Optional

The following attributes will be specified in the results output parameter of this command:

Table 102: DIGIPASSCMD_UPDATE Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_DPTYPE Always

DIGIPASSFLD_ACTIVE_APPL_NAMES Always

DIGIPASSFLD_ACTIVE_APPL_TYPES Always

DIGIPASSFLD_ASSIGN_STATUS Always

DIGIPASSFLD_ASSIGNED_USERID If defined

DIGIPASSFLD_ASSIGNED_DATE If defined

DIGIPASSFLD_GRACE_PERIOD_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_BACKUP_VDP_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_USES_LEFT If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIV_COUNT If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 103

 11. digipassExecute

Table 102: DIGIPASSCMD_UPDATE Output Parameters (continued)

Attribute Name Returned

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

DIGIPASSFLD_CREATE_TIME Always

DIGIPASSFLD_MODIFY_TIME Always

11.3. DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE

DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE decrypts the body of an information message with

an encrypted payload key generated by a device compliant with Multi-Device Licensing.

11.3.1. Parameters

The following attributes can be specified in the attributeSet input parameter of this command:

Table 103: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_ORGANIZATIONAL_UNIT Optional

DIGIPASSFLD_INFORMATION_MESSAGE Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 104: DIGIPASSCMD_DECRYPT_INFORMATION_MESSAGE Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_INFORMATION_BODY Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 104

 11. digipassExecute

11.3.2. Requirements

Required administration privileges:

n Decrypt DIGIPASS Information Message

11.4. DIGIPASSCMD_DELETE

Only the DIGIPASS attribute DIGIPASSFLD_SERNO can be specified in the attributeSet input para-
meter of this command. This attribute is mandatory.

No result attributes will be returned by this command.

11.5. DIGIPASSCMD_ASSIGN

DIGIPASSCMD_ASSIGN assigns a DIGIPASS authenticator (either a specific or automatically selected one) to

a user.

11.5.1. Parameters

The following attributes can be specified in the attributeSet input parameter of this command:

Table 105: DIGIPASSCMD_ASSIGN Input Parameters

Attribute Name Optionality

DIGIPASSFLD_ASSIGNED_USER_ORG_UNIT Optional

DIGIPASSFLD_ASSIGNED_USERID Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_EXPIRATION_TIME Optional

DIGIPASSFLD_GRACE_PERIOD_DAYS Mandatory

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_START_TIME Optional

The following attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 105

 11. digipassExecute

Table 106: DIGIPASSCMD_ASSIGN Output Parameters

Attribute Name Returned

DIGIPASSFLD_ACTIV_COUNT If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIVE_APPL_NAMES Always

DIGIPASSFLD_ACTIVE_APPL_TYPES Always

DIGIPASSFLD_ASSIGN_STATUS Always

DIGIPASSFLD_ASSIGNED_DATE Always

DIGIPASSFLD_ASSIGNED_USERID Always

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_BACKUP_VDP_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_USES_LEFT If defined

DIGIPASSFLD_CREATE_TIME Always

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DPTYPE Always

DIGIPASSFLD_EXPIRATION_TIME If defined

DIGIPASSFLD_GRACE_PERIOD_EXPIRES If defined

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_MODIFY_TIME Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_START_TIME If defined

11.5.2. Requirements

Required administration privileges:

n Assign DIGIPASS

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 106

 11. digipassExecute

11.6. DIGIPASSCMD_UNASSIGN

DIGIPASSCMD_ UNASSIGN unassigns the specified DIGIPASS authenticator. The start time
(DIGIPASSFLD_START_TIME) is reset.

11.6.1. Parameters

The following attributes can be specified in the attributeSet input parameter of this command:

Table 107: DIGIPASSCMD_UNASSIGN Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

The following attributes will be specified in the results output parameter of this command:

Table 108: DIGIPASSCMD_UNASSIGN Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_DPTYPE Always

DIGIPASSFLD_ACTIVE_APPL_NAMES Always

DIGIPASSFLD_ACTIVE_APPL_TYPES Always

DIGIPASSFLD_ASSIGN_STATUS Always

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIV_COUNT If defined

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 107

 11. digipassExecute

Table 108: DIGIPASSCMD_UNASSIGN Output Parameters (continued)

Attribute Name Returned

DIGIPASSFLD_CREATE_TIME Always

DIGIPASSFLD_MODIFY_TIME Always

11.6.2. Requirements

Required administration privileges:

n Unassign DIGIPASS

11.7. DIGIPASSCMD_MOVE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 109: DIGIPASSCMD_MOVE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_ORGANIZATIONAL_UNIT Optional

DIGIPASSFLD_NEW_DOMAIN Mandatory

DIGIPASSFLD_NEW_ ORGANIZATIONAL_UNIT Optional

No result DIGIPASS attributes will be returned by this command.

11.8. DIGIPASSCMD_SET_EXPIRATION

DIGIPASSCMD_SET_EXPIRATION sets the DIGIPASS expiration and/or start date.

11.8.1. Parameters

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 108

 11. digipassExecute

Table 110: DIGIPASSCMD_SET_EXPIRATION Input Parameters

Attribute Name Optionality

DIGIPASSFLD_DOMAIN Mandatory

DIGIPASSFLD_EXPIRATION_TIME Optional

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_START_TIME Optional

DIGIPASSFLD_EXPIRATION_TIME and DIGIPASSFLD_START_TIME are each optional, but either

DIGIPASSFLD_EXPIRATION_TIME, DIGIPASSFLD_START_TIME, or both must be specified.

The following attributes will be specified in the results output parameter of this command:

Table 111: DIGIPASSCMD_SET_EXPIRATION Output Parameters

Attribute Name Returned

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_EXPIRATION_TIME If defined

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_START_TIME If defined

11.8.2. Requirements

Required administration privileges:

n Set DIGIPASS Expiration

11.9. DIGIPASSCMD_RESET_ACTIVATION

The following attributes can be specified in the attributeSet input parameter of this command:

Table 112: DIGIPASSCMD_RESET_ACTIVATION Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 109

 11. digipassExecute

The following attributes will be specified in the results output parameter of this command:

Table 113: DIGIPASSCMD_RESET_ACTIVATION Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_DPTYPE Always

DIGIPASSFLD_ACTIVE_APPL_NAMES Always

DIGIPASSFLD_ACTIVE_APPL_TYPES Always

DIGIPASSFLD_ASSIGN_STATUS Always

DIGIPASSFLD_ASSIGNED_USERID If defined

DIGIPASSFLD_ASSIGNED_DATE If defined

DIGIPASSFLD_GRACE_PERIOD_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_BACKUP_VDP_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_USES_LEFT If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIV_COUNT If defined

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

DIGIPASSFLD_CREATE_TIME Always

DIGIPASSFLD_MODIFY_TIME Always

11.10. DIGIPASSCMD_GENERATE_ACTIVATION_DATA

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 110

 11. digipassExecute

Table 114: DIGIPASSCMD_GENERATE_ACTIVATION_DATA Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

The following attributes will be specified in the results output parameter of this command:

Table 115: DIGIPASSCMD_GENERATE_ACTIVATION_DATA Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_FULL_ACTIVATION_DATA If defined

DIGIPASSFLD_QR_CODE If defined

DIGIPASSFLD_EVENT_REACTIVATION_COUNTER If defined

11.11. DIGIPASSCMD_SEND_ACTIVATION_DATA

The following attributes can be specified in the attributeSet input parameter of this command:

Table 116: DIGIPASSCMD_SEND_ACTIVATION_DATA Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_DELIVERY_METHOD Mandatory (see below)

DIGIPASSFLD_DESTINATION Mandatory (see below)

DIGIPASSFLD_MDC_PROFILE Optional (see below)

DIGIPASSFLD_DELIVERY_METHOD and DIGIPASSFLD_DESTINATION are mandatory input fields

unless you are using the Tcl command line. In the case that you are using the Tcl command line, those fields can
be left blank, and the settings will be derived from the defaults specified in the User and Policy configuration.

If DIGIPASSFLD_MDC_PROFILE is not specified, DIGIPASSCMD_SEND_ACTIVATION_DATA uses

the MDC profile specified in the user profile. If the user profile has no explicit MDC profile specified, the MDC profile
specified in the effective policy is used (effective for the administrator currently logged on). If the effective policy

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 111

 11. digipassExecute

has no explicit MDC profile specified, MDC uses the default MDC profile order as configured in the
MDC configuration.

If DIGIPASSFLD_MDC_PROFILE is specified as null-value using attributeOptions (see Table 129:

DigipassAttribute (Data Type)), the default MDC profile order as configured in the MDC configuration is used. In this
case, any MDC profile settings specified in the user profile or the effective policy are ignored.

The following attributes will be specified in the results output parameter of this command:

Table 117: DIGIPASSCMD_SEND_ACTIVATION_DATA Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN If defined

DIGIPASSFLD_RESULT_CODE If defined

DIGIPASSFLD_RESULT_MESSAGE If defined

11.12. DIGIPASSCMD_BIND_DEVICE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 118: DIGIPASSCMD_BIND_DEVICE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_DERIVATION_CODE Mandatory

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

No result DIGIPASS attributes will be returned by this command.

11.13. DIGIPASSCMD_UNBIND_DEVICE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 119: DIGIPASSCMD_UNBIND_DEVICE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 112

 11. digipassExecute

No result DIGIPASS attributes will be returned by this command.

11.14. DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 120: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

The following attributes will be specified in the results output parameter of this command:

Table 121: DIGIPASSCMD_GENERATE_ACTIVATION_MESSAGE Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_REQUEST_MESSAGE Always

11.15. DIGIPASSCMD_ADD_DEVICE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 122: DIGIPASSCMD_ADD_DEVICE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

DIGIPASSFLD_DEVICE_CODE Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 123: DIGIPASSCMD_ADD_DEVICE Output Parameters

Attribute Name Returned Remarks

DIGIPASSFLD_SERNO Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 113

 11. digipassExecute

Table 123: DIGIPASSCMD_ADD_DEVICE Output Parameters (continued)

Attribute Name Returned Remarks

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_DEVICE_TYPE Always

DIGIPASSFLD_REQUEST_KEY If defined DIGIPASSFLD_REQUEST_KEY needs

to go along with DIGIPASSFLD_APPL_
NAME, i.e. both attributes are either
present (Secure Channel support) or
they are missing (no Secure Channel
support).

DIGIPASSFLD_APPL_NAME If defined DIGIPASSFLD_APPL_NAME needs to

go along with DIGIPASSFLD_
REQUEST_KEY, i.e. both attributes
are either present (Secure Channel
support) or they are missing (no
Secure Channel support).

DIGIPASSFLD_REQUEST_MESSAGE Always

11.16. DIGIPASSCMD_DEACTIVATE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 124: DIGIPASSCMD_DEACTIVATE Input Parameters

Attribute Name Optionality

DIGIPASSFLD_SERNO Mandatory

DIGIPASSFLD_DOMAIN Optional

The following attributes will be specified in the results output parameter of this command:

Table 125: DIGIPASSCMD_DEACTIVATE Output Parameters

Attribute Name Returned

DIGIPASSFLD_SERNO Always

DIGIPASSFLD_DOMAIN Always

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_REQUEST_MESSAGE Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 114

 12. digipassQuery

12. digipassQuery
The digipassQuery command allows the querying of DIGIPASS matching specified search criteria.

12.1. Parameters

Table 126: digipassQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current admin-

istrative session. The logon command returns
this identifier after a successful logon (see 5.1.
logon).

attributeSet DigipassAttributeSet Mandatory Specifies the DIGIPASS query search criteria (see
12.1.1. DigipassAttributeSet).

fieldSet DigipassFieldSet Optional Specifies the DIGIPASS attribute fields to be

returned for all the DIGIPASS records matching
the search criteria (see 12.1.2. DigipassFieldSet).

If fieldSet is omitted, all possible output para-

meters are returned. If a DIGIPASS attribute field
is not set in the database, it is not returned for
that specific DIGIPASS record.

queryOptions DigipassQueryOptions Optional Options to determine what results should be

returned (see 12.1.3. DigipassQueryOptions).

Table 127: digipassQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

results DigipassQueryResults Mandatory Result structure containing return and status

codes and a list of the queried DIGIPASS record
fields (see 12.1.4. DigipassQueryResults).

12.1.1. DigipassAttributeSet

The DIGIPASS attributes specified in this attribute set define the DIGIPASS search criteria.

Search fields are interpreted as follows:

n Wildcards are only accepted when the DIGIPASSFLD_TO_SERNO attribute is not set.
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as the SQL
LIKE statement.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 115

 12. digipassQuery

n A list of comma separated values can be specified, in this case it will be interpreted as the logical OR of
the given values.
n Otherwise, the search will be done using the exact match of the given value.

Table 128: DigipassAttributeSet (Data Type)

Element Name Type Description

attributes DigipassAttribute Attributes specifying the DIGIPASS query search criteria (see Table 129: Digi-
passAttribute (Data Type)).

Table 129: DigipassAttribute (Data Type)

Element Name Type Description

attributeOptions AttributeOptions Specifies how to handle the attribute value during request processing, where each
option is added as single element to attributeOptions, e.g.:

<negative>true</negative>

Supported values:

n negative. Indicates that the specified user attribute value should NOT
be equal to the one specified.
n null. Indicates that the specified attribute should be handled as zero-
value.

value Any The attribute value. The data type has to be specified by setting the xsi:type
XML attribute.

attributeID DigipassAttributeIDEnum The attribute identifier (see Table 130: digipassQuery (Supported Input
Attributes)).

Table 130: digipassQuery (Supported Input Attributes)

Attribute Name Optionality

DIGIPASSFLD_ACTIVE_APPL_NAMES Optional

DIGIPASSFLD_ACTIVE_APPL_TYPES Optional

DIGIPASSFLD_ASSIGN_STATUS Optional

DIGIPASSFLD_ASSIGNED_USER_ORG_UNIT Optional

DIGIPASSFLD_ASSIGNED_USERID Optional

DIGIPASSFLD_DEVICE_ID Optional

DIGIPASSFLD_DIRECT_ASSIGN_ONLY Optional

DIGIPASSFLD_DOMAIN Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 116

 12. digipassQuery

Table 130: digipassQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

DIGIPASSFLD_DPTYPE Optional

DIGIPASSFLD_EXPIRATION_TIME Optional 1)

DIGIPASSFLD_EXPIRED Optional

DIGIPASSFLD_GRACE_PERIOD_EXPIRED Optional

DIGIPASSFLD_GRACE_PERIOD_EXPIRES Optional

DIGIPASSFLD_LICENSE_SERNO Optional

DIGIPASSFLD_ORGANIZATIONAL_UNIT Optional

DIGIPASSFLD_SEARCH_DOWN_OU_PATH Optional

DIGIPASSFLD_SEARCH_UP_OU_PATH Optional

DIGIPASSFLD_SERNO Optional

DIGIPASSFLD_START_TIME Optional

DIGIPASSFLD_TO_EXPIRATION_TIME Optional

DIGIPASSFLD_TO_SERNO Optional

DIGIPASSFLD_TO_START_TIME Optional 2)

DIGIPASSFLD_TOP_ORGANIZATIONAL_UNIT Optional

For more information about the specific attributes, refer to Table 98: digipassExecute Field Attributes.

12.1.2. DigipassFieldSet

The attributes specified in the fieldSet parameter specify the DIGIPASS attribute fields the IDENTIKEY
Authentication Server should return for the DIGIPASS accounts matching the search criteria.

If fieldSet is omitted, all possible output parameters are returned. If an attribute field is not set in the data-
base, it is not returned for that specific record.

1)Querying for explicit values is not supported, if Active Directory is used as data store.
2)Querying for explicit values is not supported, if Active Directory is used as data store.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 117

 12. digipassQuery

Table 131: DigipassFieldSet (Data Type)

Element Name Type Description

attributeID DigipassAttributeIDEnum The identifier of an attribute to return (see Table 132: digipassQuery (Supported Output
Attributes)).

Table 132: digipassQuery (Supported Output Attributes)

Attribute Name Returned?

DIGIPASSFLD_ACTIV_COUNT If defined

DIGIPASSFLD_ACTIV_LOCATIONS If defined

DIGIPASSFLD_ACTIVE_APPL_NAMES If defined

DIGIPASSFLD_ACTIVE_APPL_TYPES If defined

DIGIPASSFLD_ASSIGN_STATUS If defined

DIGIPASSFLD_ASSIGNED_DATE If defined

DIGIPASSFLD_ASSIGNED_USER_ORG_UNIT If defined

DIGIPASSFLD_ASSIGNED_USERID If defined

DIGIPASSFLD_BACKUP_VDP_ENABLED If defined

DIGIPASSFLD_BACKUP_VDP_EXPIRES If defined

DIGIPASSFLD_BACKUP_VDP_USES_LEFT If defined

DIGIPASSFLD_DEVICE_ID If defined

DIGIPASSFLD_DIRECT_ASSIGN_ONLY If defined

DIGIPASSFLD_DOMAIN If defined

DIGIPASSFLD_DPSOFT_PARAMS_ID If defined

DIGIPASSFLD_DPTYPE If defined

DIGIPASSFLD_EXPIRATION_TIME If defined

DIGIPASSFLD_EXPIRED Always

DIGIPASSFLD_GRACE_PERIOD_EXPIRED Always

DIGIPASSFLD_GRACE_PERIOD_EXPIRES If defined

DIGIPASSFLD_LAST_ACTIV_TIME If defined

DIGIPASSFLD_LICENSE_SERNO If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 118

 12. digipassQuery

Table 132: digipassQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

DIGIPASSFLD_ORGANIZATIONAL_UNIT If defined

DIGIPASSFLD_SERNO If defined

DIGIPASSFLD_START_TIME If defined

For more information about the specific attributes, refer to Table 98: digipassExecute Field Attributes.

12.1.3. DigipassQueryOptions

This determines what results should be returned.

Table 133: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 119

 12. digipassQuery

12.1.4. DigipassQueryResults

Table 134: DigipassQueryResults (Data Type)

Element Name Data Type Optionality Description

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

For more information, refer to the IDENTIKEY

Authentication Server SDK Programmer's Guide,
Section "Error and Status Codes".

resultAttribute DigipassAttributeList Mandatory List containing the queried DIGIPASS attributes.

Each item of type
DigipassAttributeSet.

resultCount Integer Mandatory The number of items in resultAttribute.

errorStack ErrorStack Mandatory The error stack, indicating that the command has
not completed successfully.

12.2. Example

Example
<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header/>

<SOAP-ENV:Body>

<adm:digipassQuery xmlns:adm= "http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration"

xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<sessionID>3JSK8cmRjw4E30wAA=0nUTL-~3fmifTO</sessionID>

<attributeSet>

<attributes>

<value xsi:type="xsd:string">VDS0000001</value>

<attributeID>DIGIPASSFLD_SERNO</attributeID>

</attributes>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 120

 12. digipassQuery

</attributeSet>

<fieldSet>

<attributeID>DIGIPASSFLD_SERNO</attributeID>

<attributeID>DIGIPASSFLD_ASSIGNED_USERID</attributeID>

</fieldSet>

</adm:digipassQuery>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

12.3. Requirements

Required administration privileges:

n View DIGIPASS

12.4. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 121

 13. digipassapplExecute

13. digipassapplExecute
The digipassapplExecute command performs administrative operations for DIGIPASS Applications.

Table 135: digipassapplExecute Commands (SOAP Administration)

Command Description

DIGIPASSAPPLCMD_CREATE Create a new DIGIPASS Application (see 13.1. DIGIPASSAPPLCMD_CREATE).

DIGIPASSAPPLCMD_CREATE_EMVCAP Generate a DIGIPASS record for an EMV-CAP card reader (see 13.21. DIGIPASSAPPLCMD_
CREATE_EMVCAP).

DIGIPASSAPPLCMD_DELETE Delete the specified DIGIPASS Application (see 13.4. DIGIPASSAPPLCMD_DELETE).

DIGIPASSAPPLCMD_DISABLE_PIN Disable the use of a Server PIN for the specified DIGIPASS Application (see 13.10.
DIGIPASSAPPLCMD_DISABLE_PIN).

DIGIPASSAPPLCMD_ENABLE_PIN Enable the use of a Server PIN for the specified DIGIPASS Application (see 13.9.
DIGIPASSAPPLCMD_ENABLE_PIN).

DIGIPASSAPPLCMD_FORCE_PIN_ Update the specified DIGIPASS Application to force a PIN change at next application usage
CHANGE (see 13.14. DIGIPASSAPPLCMD_FORCE_PIN_CHANGE).

DIGIPASSAPPLCMD_GEN_VOTP Generate and send a valid OTP to a mobile phone or email address via the Message Deliv-
ery Component (MDC) configured in the IDENTIKEY Authentication Server (see 13.13.
DIGIPASSAPPLCMD_GEN_VOTP).

DIGIPASSAPPLCMD_GENERATE_ Generate activation data for DIGIPASS for Mobile (see 13.22. DIGIPASSAPPLCMD_
ACTIVATION_DATA GENERATE_ACTIVATION_DATA).

DIGIPASSAPPLCMD_GETINFO Return the application information for the specified DIGIPASS Application (see 13.12.
DIGIPASSAPPLCMD_GETINFO).

DIGIPASSAPPLCMD_RESET_APPL Reset the specified DIGIPASS Application (see 13.6. DIGIPASSAPPLCMD_RESET_APPL).

DIGIPASSAPPLCMD_RESET_ERROR_ Reset the error count for the specified DIGIPASS Application (see 13.16.
COUNT DIGIPASSAPPLCMD_RESET_ERROR_COUNT).

DIGIPASSAPPLCMD_RESET_PIN Reset the Server PIN for the specified DIGIPASS Application (see 13.7.
DIGIPASSAPPLCMD_RESET_PIN).

DIGIPASSAPPLCMD_SET_EVENT_ Set the event counter for the specified DIGIPASS Application (see 13.15.
COUNTER DIGIPASSAPPLCMD_SET_EVENT_COUNTER).

DIGIPASSAPPLCMD_SET_PIN Set the Server PIN for the specified DIGIPASS Application (see 13.8. DIGIPASSAPPLCMD_
SET_PIN).

DIGIPASSAPPLCMD_TEST_EMVCAP_ Test the EMV-CAP Mode 1 for a specific DIGIPASS smartcard reader (see 13.18.
MODE1 DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1).

DIGIPASSAPPLCMD_TEST_EMVCAP_ Test the EMV-CAP Mode 2 for a specific DIGIPASS smartcard reader (see 13.19.
MODE2 DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 122

 13. digipassapplExecute

Table 135: digipassapplExecute Commands (SOAP Administration) (continued)

Command Description

DIGIPASSAPPLCMD_TEST_EMVCAP_ Test the EMV-CAP Mode 3 for a specific DIGIPASS smartcard reader (see 13.20.
MODE3 DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3).

DIGIPASSAPPLCMD_TEST_OTP Test validation of an OTP for a specified DIGIPASS Application (see 13.5.
DIGIPASSAPPLCMD_TEST_OTP).

DIGIPASSAPPLCMD_TEST_ Signature validation test for the specified DIGIPASS Application (see 13.17.
SIGNATURE DIGIPASSAPPLCMD_TEST_SIGNATURE).

DIGIPASSAPPLCMD_UNLOCK Unlock the specified DIGIPASS Application (see 13.11. DIGIPASSAPPLCMD_UNLOCK).

DIGIPASSAPPLCMD_UPDATE Modify the specified DIGIPASS Application (see 13.3. DIGIPASSAPPLCMD_UPDATE).

DIGIPASSAPPLCMD_VIEW Display the application information for a specified DIGIPASS Application (see 13.2.
DIGIPASSAPPLCMD_VIEW).

Each digipassapplExecute command should specify the following command parameters:

Table 136: digipassapplExecute Input Parameters

Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current administrative session.
The logon command returns this identifier after a suc-
cessful logon (see 5.1. logon).

cmd String Mandatory The DIGIPASS Application command to be executed (see

Table 135: digipassapplExecute Commands (SOAP Admin-
istration)).

attributeSet DigipassApplAttributeSet Mandatory Zero or more DIGIPASS Application attribute fields (see
Table 138: digipassapplExecute Field Attributes).

Table 137: digipassapplExecute Output Parameters

Name Data Type Optionality Description

results DigipassApplResults Mandatory Zero or more DIGIPASS Application result fields.

The following field attributes are also available for digipassapplExecute commands:

Table 138: digipassapplExecute Field Attributes

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_ACTIVE Boolean An indicator whether DIGIPASS application is active. True if

enabled.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 123

 13. digipassapplExecute

Table 138: digipassapplExecute Field Attributes (continued)

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_APPL_NAME String The DIGIPASS Application name. Up to 12 characters.

DIGIPASSAPPLFLD_APPL_NO Integer A sequence number assigned during import which should be

unique per DIGIPASS.

DIGIPASSAPPLFLD_APPL_TYPE String The type of DIGIPASS Application selected. Supported values:

n RO
n CR
n SG
n MM
n UL
n MA

DIGIPASSAPPLFLD_BLOB String The DIGIPASS Application BLOB. Exactly 248 characters.

DIGIPASSAPPLFLD_CARD_AID String EMV-CAP Application Identifier

ASCII hex values

DIGIPASSAPPLFLD_CARD_AIP String EMV-CAP Application Interchange Protocol

ASCII hex values

DIGIPASSAPPLFLD_CARD_ATC String EMV-CAP Application Transaction Counter

ASCII hex values

DIGIPASSAPPLFLD_CARD_CARDDATA String EMV-CAP Card Data

ASCII hex values

DIGIPASSAPPLFLD_CARD_CDOL1 String EMV-CAP Card Risk Management Data Object List

ASCII hex values

DIGIPASSAPPLFLD_CARD_CID String EMV-CAP Cryptogram Information Data

ASCII hex values

DIGIPASSAPPLFLD_CARD_IAD String EMV-CAP Issuer Application Data

ASCII hex values

DIGIPASSAPPLFLD_CARD_IAF String EMV-CAP Internet Authentication Flags

ASCII hex values

DIGIPASSAPPLFLD_CARD_IIPB String EMV-CAP Issuer Internet Proprietary Bitmap

ASCII hex values

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 124

 13. digipassapplExecute

Table 138: digipassapplExecute Field Attributes (continued)

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_CHALLENGE String The challenge generated by a DIGIPASS Application supporting

a challenge/response scheme.

DIGIPASSAPPLFLD_CONFIRM_CODE The host code which can be used by the client to validate the
command was executed on the correct server.

Only returned in case requested in the input and the command

execution was successful. Up to 17 numeric or hexadecimal
characters.

DIGIPASSAPPLFLD_CREATE_TIME DateTime The date and time the DIGIPASS Application object was created
in the database.

DIGIPASSAPPLFLD_DATA_FIELD_1 String The signature data fields (limited by the DIGIPASS Application,
maximum 8) used to generate the electronic signature.

Components of the transaction data to be used in the digital sig-

nature. Used in Mode 2 (Digital Signature) only.

DIGIPASSAPPLFLD_DATA_FIELD_2 String

DIGIPASSAPPLFLD_DATA_FIELD_3 String

DIGIPASSAPPLFLD_DATA_FIELD_4 String

DIGIPASSAPPLFLD_DATA_FIELD_5 String

DIGIPASSAPPLFLD_DATA_FIELD_6 String

DIGIPASSAPPLFLD_DATA_FIELD_7 String

DIGIPASSAPPLFLD_DATA_FIELD_8 String

DIGIPASSAPPLFLD_DATA_FIELD_9 String

DIGIPASSAPPLFLD_DATA_FIELD_10 String

DIGIPASSAPPLFLD_DEFERRED_DATETIME DateTime The deferred signature datetime attribute should be specified

in a full date/time format.

DIGIPASSAPPLFLD_DEFERRED_EVENT_VALUE Integer The deferred event counter of the DIGIPASS Application used
for the generating the signature.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 125

 13. digipassapplExecute

Table 138: digipassapplExecute Field Attributes (continued)

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_DELIVERY_METHOD String The method used to deliver the Virtual DIGIPASS to the selected
user:

• Default - Use the settings of the parent policy

• Email - Deliver the OTP via email. Requires an email address

to be set up for the user.

• SMS - Deliver the OTP via SMS. The DIGIPASS user account
must have a mobile phone number.

• Voice - Deliver the OTP via voice channel (i.e. dictated over a
phone line). The DIGIPASS user account must have a mobile
phone number.

This field also allows you to specify a combination of delivery

methods, specifically:

• Email and SMS

• SMS and Voice

• Email and Voice

DIGIPASSAPPLFLD_DOMAIN String Domain where the DIGIPASSis registered. Input: If domain is

required but not specified, the domain will be defaulted to the
master domain.

Up to 255 characters.

DIGIPASSAPPLFLD_DPTYPE String The type of DIGIPASS.

DIGIPASSAPPLFLD_EMAIL String Email address of the user, a maximum of 63 characters can be

entered here.

DIGIPASSAPPLFLD_EMV_TYPE String EMV-CAP Scheme Type – defined by VACMAN Controller

ASCII hex values

DIGIPASSAPPLFLD_EVENT_COUNTER String The event counter for the DIGIPASS Application.

This parameter is used to synchronize the DIGIPASS event

counter between the authenticator and IDENTIKEY Authentic-
ation Server.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 126

 13. digipassapplExecute

Table 138: digipassapplExecute Field Attributes (continued)

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_EVENT_REACTIVATION_COUNTER String This is the encrypted Event Reactivation Counter returned to

the user during reactivation.

This parameter will be returned if a DIGIPASS is alreadyre-

gistered, however it has an event counter larger than 0. This
parameter holds either the event reactivation counter (ERC) (in
case of offline mode) or the encrypted event reactivation
counter (XERC) (in case of online mode).

DIGIPASSAPPLFLD_FULL_ACTIVATION_DATA String The Activation Code encapsulated in an XML envelope.

The parameter is returned to the user to activate his software

DIGIPASS.

DIGIPASSAPPLFLD_HOST_CODE String Host code returned by the VACMAN library.

DIGIPASSAPPLFLD_KEY_KCV String Key Check Value of HSM key label

ASCII hex values

DIGIPASSAPPLFLD_KEY_LABEL String HSM key label

ASCII hex values

DIGIPASSAPPLFLD_LDAP_DN String LDAP Distinguished Name

DIGIPASSAPPLFLD_NEW_PIN String The new DIGIPASS Application PIN when setting a new PIN.

DIGIPASSAPPLFLD_NEW_PIN_CONF String The confirmation of the new DIGIPASS Application PIN when set-
ting a new PIN

DIGIPASSAPPLFLD_MDC_PROFILE String The specific Message Delivery Component (MDC) profile used
to send a virtual one-time password (OTP) via MDC. This takes
precedence over the MDC profile specified in the user profile.

Can be a null-value (via attributeOptions).

DIGIPASSAPPLFLD_MOBILE String Mobile number of the user. Must contain a phone number that
consists of only numbers, spaces and brackets () {} []. There
may also be a + at the beginning of the number. A maximum of
20 characters can be entered here.

DIGIPASSAPPLFLD_MODIFY_TIME DateTime The date and time of the last DIGIPASS application object
update.

DIGIPASSAPPLFLD_ORGANIZATIONAL_UNIT String The organizational unit where the DIGIPASS is located.

DIGIPASSAPPLFLD_REQUEST_KEY String The key which refers to a request message cached by

IDENTIKEY Authentication Server.

Applies if Secure Channel is supported.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 127

 13. digipassapplExecute

Table 138: digipassapplExecute Field Attributes (continued)

Attribute Name Data Description
Type

DIGIPASSAPPLFLD_RESPONSE String The response of challenge for a DIGIPASS Application sup-

porting a challenge/response scheme.

DIGIPASSAPPLFLD_RESULT_CODE String The corresponding error code to DIGIPASSAPPLFLD_RESULT_

MESSAGE.

DIGIPASSAPPLFLD_RESULT_MESSAGE String The error message if a validation has failed.

DIGIPASSAPPLFLD_SECURE_CHANNEL_SUPPORT Boolean If true, the DIGIPASS application supports Secure Channel.

Supported values:

n True
n False

DIGIPASSAPPLFLD_SERNO String Exactly 10 characters.

DIGIPASSAPPLFLD_SIGNATURE String The electronic signature.

Up to 17 numeric or hexadecimal characters.

DIGIPASSAPPLFLD_SYNCHRONISE String Flag that indicates if the application created should overwrite
existing ones.

DIGIPASSAPPLFLD_TRANSACTION_AMOUNT String The currency amount of the submitted transaction.

DIGIPASSAPPLFLD_TRANSACTION_CURRENCY The currency in which the transaction is being made. Uses

String ISO4217 numeric currency codes.

DIGIPASSAPPLFLD_UNLOCK_CHAL String When unlocking a DIGIPASS an unlock challenge will be gen-

erated when the DIGIPASS is turned on again after it has been
locked.

DIGIPASSAPPLFLD_UNLOCK_CODE String The challenge code has to be inserted to generate an unlock

code from IDENTIKEY Authentication Server to unlock a
DIGIPASS

DIGIPASSAPPLFLD_VERIFIED_DATETIME DateTime In case of a time-based signature validation DIGIPASS Applic-

ation.

Returned if the used DIGIPASS authenticator has the timebase

algorithm enabled for the signature application and if for the
used policy the Online Signature mode is enabled.

DIGIPASSAPPLFLD_VERIFIED_EVENT_VALUE Interger In case of an event-based signature validation DIGIPASS Applic-

ation.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 128

 13. digipassapplExecute

13.1. DIGIPASSAPPLCMD_CREATE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 139: DIGIPASSAPPLCMD_CREATE Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_APPL_NO Mandatory

DIGIPASSAPPLFLD_APPL_TYPE Mandatory

DIGIPASSAPPLFLD_BLOB Mandatory

DIGIPASSAPPLFLD_ACTIVE Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 140: DIGIPASSAPPLCMD_CREATE Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.2. DIGIPASSAPPLCMD_VIEW

The following attributes can be specified in the attributeSet input parameter of this command:

Table 141: DIGIPASSAPPLCMD_VIEW Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 129

 13. digipassapplExecute

Table 141: DIGIPASSAPPLCMD_VIEW Input Parameters (continued)

Attribute Name Optionality

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 142: DIGIPASSAPPLCMD_VIEW Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

DIGIPASSAPPLFLD_SECURE_CHANNEL_SUPPORT Always

13.3. DIGIPASSAPPLCMD_UPDATE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 143: DIGIPASSAPPLCMD_UPDATE Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_ACTIVE Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 144: DIGIPASSAPPLCMD_UPDATE Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 130

 13. digipassapplExecute

Table 144: DIGIPASSAPPLCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_BLOB Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.4. DIGIPASSAPPLCMD_DELETE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 145: DIGIPASSAPPLCMD_DELETE Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

No result attributes will be returned by this command.

13.5. DIGIPASSAPPLCMD_TEST_OTP

The following attributes can be specified in the attributeSet input parameter of this command:

Table 146: DIGIPASSAPPLCMD_TEST_OTP Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_RESPONSE Mandatory

DIGIPASSAPPLFLD_REQUEST_HOST_CODE Optional

The following attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 131

 13. digipassapplExecute

Table 147: DIGIPASSAPPLCMD_TEST_OTP Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_CHALLENGE Always

DIGIPASSAPPLFLD_RESULT_CODE Always

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

DIGIPASSAPPLFLD_CONFIRM_CODE If defined; Only provided if

DIGIPASSAPPLFLD_
REQUEST_HOST_CODE has
been specified in the request
input and its value has been
set either 'Required' or
'Optional'.

13.6. DIGIPASSAPPLCMD_RESET_APPL

The following attributes can be specified in the attributeSet input parameter of this command:

Table 148: DIGIPASSAPPLCMD_RESET_APPL Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 149: DIGIPASSAPPLCMD_RESET_APPL Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 132

 13. digipassapplExecute

Table 149: DIGIPASSAPPLCMD_RESET_APPL Output Parameters (continued)

Attribute Name Returned?

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.7. DIGIPASSAPPLCMD_RESET_PIN

The following attributes can be specified in the attributeSet input parameter of this command:

Table 150: DIGIPASSAPPLCMD_RESET_PIN Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 151: [DIGIPASSAPPLCMD_RESET_PIN Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.8. DIGIPASSAPPLCMD_SET_PIN

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 133

 13. digipassapplExecute

Table 152: DIGIPASSAPPLCMD_SET_PIN Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_NEW_PIN Mandatory

DIGIPASSAPPLFLD_NEW_PIN_CONF Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 153: DIGIPASSAPPLCMD_SET_PIN Output Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

13.9. DIGIPASSAPPLCMD_ENABLE_PIN

The following attributes can be specified in the attributeSet input parameter of this command:

Table 154: DIGIPASSAPPLCMD_ENABLE_PIN Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

13.10. DIGIPASSAPPLCMD_DISABLE_PIN

This command disables use of a Server PIN for the specified DIGIPASS Application.

The following attributes can be specified in the attributeSet input parameter of this command:

Table 155: DIGIPASSAPPLCMD_DISABLE_PIN Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 134

 13. digipassapplExecute

Table 156: DIGIPASSAPPLCMD_DISABLE_PIN Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN_NAME Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.11. DIGIPASSAPPLCMD_UNLOCK

The following attributes can be specified in the attributeSet input parameter of this command:

Table 157: DIGIPASSAPPLCMD_UNLOCK Input Parameters

Attribute Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_UNLOCK_CHAL Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 158: DIGIPASSAPPLCMD_UNLOCK Output Parameters

Attribute Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_UNLOCK_CODE Always

13.12. DIGIPASSAPPLCMD_GETINFO

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 135

 13. digipassapplExecute

Table 159: DIGIPASSAPPLCMD_GETINFO Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 160: DIGIPASSAPPLCMD_GETINFO Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

In the SOAP response that is provided when DIGIPASSAPPLCMD_GETINFO is executed, a result infoset XML
element attribute is returned. This XML element, DIGIPASSAPPL-
TYPES:DigipassApplDPInfoItem lists the DIGIPASS Application information. The following fields, con-
tained in the DIGIPASSAPPLFLD_BLOB field attribute, can be returned :

Table 161: DIGIPASSAPPL-TYPES:DigipassApplDPInfoItem List Items

Name Type Values Description

Amount Supported Boolean Yes or No Applies only to EMV-CAP (TokenType= DPEMV), and
only for SafeNet HSM . Indicates whether the DIGIPASS
Application supports the use of the transaction amount
data for validation.

Code Word String 8 hexadecimal characters The application code word. The code word provides
information on the algorithm used by the DIGIPASS
Application.

Current Event Value UINT32 10 digits, 0000000000 to For event-based algorithms: the current event value
4294967294 stored in the DIGIPASS Application BLOB. This value
indicates the greatest event value that has been
received for a valid verification, not necessarily of the
latest valid verification performed (for non-sequential
signature presentation).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 136

 13. digipassapplExecute

Table 161: DIGIPASSAPPL-TYPES:DigipassApplDPInfoItem List Items (continued)

Name Type Values Description

Error Count UINT32 3 digits The error counter value.

Event Based Algorithm Boolean Yes or No Indicates whether the DIGIPASS Application has an
event-based algorithm.

IMK Label String Up to 15 characters Applies only to EMV-CAP (TokenType= DPEMV), and
only for SafeNet HSM .The label of the EMV CAP Issuer
Master Key (IMK) the DIGIPASS Application uses.

KCV Type String Up to 8 characters Applies only to EMV-CAP (TokenType= DPEMV), and
only for SafeNet HSM .

Last Response Type String Up to 8 characters The last valid response type. Possible values:

n PRIMARY
n BACKUP

Last Time Shift INT32 6 signed digits, +/- seconds The shift between the host and the DIGIPASS clock in
seconds.

Last Time Used DATETIME YYYY/MM/DD HH:MM:SS The date and time of the last successful authentication.

Last Verification Event UINT32 10 digits, 0000000000 to For event-based algorithms; the event value of the last
Value 4294967294 valid verification (used for non-sequential signature
presentation).

Maximum Input Fields UINT32 1 digit, 0 to 8 Maximum number of challenges or data fields.

PIN Change Forced Boolean Yes or No Indicates whether the server PIN has to be changed at
the next attempt to log on.

PIN Change On Boolean Yes or No Indicates whether the user can change their server PIN.

PIN Enabled Boolean Yes or No Indicates whether the Server PIN feature is enabled.

PIN Length UINT32 2 digits, 00 to 08 Current length of the server PIN.

PIN Minimum Length UINT32 2 digits, 00 to 08 The permitted minimum length for a server PIN.

PIN Supported Boolean Yes or No Indicates whether the DIGIPASS Application supports
the Server PIN feature.

Primary Token Enabled Boolean Yes or No Indicates whether the primary authenticator is enabled.

Response Checksum Boolean Yes or No Indicates whether the response contains a checksum.

Response Length UINT32 2 digits, 02 to 16 The length of the response.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 137

 13. digipassapplExecute

Table 161: DIGIPASSAPPL-TYPES:DigipassApplDPInfoItem List Items (continued)

Name Type Values Description

Response Type String 3 characters; HEX or DEC The type of response. Possible types:

n Decimal
n Hexadecimal

Sync Window Reset Boolean Yes or No Indicates whether the initial synchronization window
will be used to perform the next validation for this
DIGIPASS instance.

Time Based Algorithm Boolean Yes or No Indicates whether the DIGIPASS Application has a time-
based algorithm.

Time Step Used UINT32 6 digits, 000000 to 262144 Decimal value of the time step in seconds for time-
based applications.

Token Model String 5 characters The type of DIGIPASS, e.g. DIGIPASS 300,
DIGIPASS 700 etc.

Triple DES Boolean Yes or No Indicates if the application uses the Triple DES (3DES)
algorithm.

Unlock Supported Boolean Yes or No Indicates whether the DIGIPASS Application supports
the Unlock feature.

Use Count UINT32 6 digits: The number of successful authentications, capped to a

maximum number in case the authenticator is used
000000 to 032767 for more than a defined number of times (032767 for
EMV CAP authenticators, EMV CAP authenticators, 999999 for all other types of
authenticators).
000000 to 999999 for other types of
authenticators.

Virtual Token Enabled Boolean Yes or No Indicates whether the virtual authenticator is enabled.

Virtual Token Grace String 24 characters; format: Indicates the date and time when the virtual authen-
Period Expiry Date ticator expires; the string contains the following inform-
Ddd Mmm DD HH:MM:SS YYYY ation:

n Day of the week - Ddd

n Month - Mmm
n Day - DD
n Hour - HH
n Minute - MM
n Seconds - SS
n Year - YYYY

Virtual Token Remain- UINT32 3 digits, 000 to 255 Remaining times the virtual authenticator can be used.
ing Use Count

Virtual Token Sup- Boolean Yes or No Indicates whether the use of a virtual authenticator is
ported supported.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 138

 13. digipassapplExecute

Table 161: DIGIPASSAPPL-TYPES:DigipassApplDPInfoItem List Items (continued)

Name Type Values Description

Virtual Token Type String Up to 7 characters Indicates which type of virtual authenticator is sup-
ported. Possible types:

n PRIMARY
n BACKUP
n NA

13.13. DIGIPASSAPPLCMD_GEN_VOTP

This command generates a one-time password (OTP) for the specified DIGIPASS Application, and sends it to a
mobile phone or email address via the Message Delivery Component configured in IDENTIKEY Authentication
Server.

The following attributes can be specified in the attributeSet input parameter of this command:

Table 162: DIGIPASSAPPLCMD_GEN_VOTP Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_DELIVERY_METHOD Mandatory

DIGIPASSAPPLFLD_MDC_PROFILE Optional (see below)

DIGIPASSAPPLFLD_MOBILE Mandatory if
DIGIPASSAPPLFLD_
DELIVERY_METHOD = SMS

DIGIPASSAPPLFLD_EMAIL Mandatory if
DIGIPASSAPPLFLD_
DELIVERY_METHOD = Email

If DIGIPASSAPPLFLD_MDC_PROFILE is not specified, DIGIPASSAPPLCMD_GEN_VOTP uses the

MDC profile specified in the user profile. If the user profile has no explicit MDC profile specified, the MDC profile spe-
cified in the effective policy is used (effective for the administrator currently logged on). If the effective policy has
no explicit MDC profile specified, MDC uses the default MDC profile order as configured in the MDC configuration.

If DIGIPASSAPPLFLD_MDC_PROFILE is specified as null-value using attributeOptions (see Table

185: DigipassApplAttribute (Data Type)), the default MDC profile order as configured in the MDC configuration is
used. In this case, any MDC profile settings specified in the user profile or the effective policy are ignored.

The following attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 139

 13. digipassapplExecute

Table 163: DIGIPASSAPPLCMD_GEN_VOTP Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_RESULT_CODE Always

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

13.14. DIGIPASSAPPLCMD_FORCE_PIN_CHANGE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 164: DIGIPASSAPPLCMD_FORCE_PIN_CHANGE Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 165: DIGIPASSAPPLCMD_FORCE_PIN_CHANGE Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.15. DIGIPASSAPPLCMD_SET_EVENT_COUNTER

The following attributes can be specified in the attributeSet input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 140

 13. digipassapplExecute

Table 166: DIGIPASSAPPLCMD_SET_EVENT_COUNTER Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_EVENT_COUNTER Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 167: DIGIPASSAPPLCMD_SET_EVENT_COUNTER Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.16. DIGIPASSAPPLCMD_RESET_ERROR_COUNT

This command resets the error count for the specified DIGIPASS Application. If the DIGIPASS Applicationhas been
locked, the DIGIPASSAPPLCMD_UNLOCK command will be needed to unlock it.

The following attributes can be specified in the attributeSet input parameter of this command:

Table 168: DIGIPASSAPPLCMD_RESET_ERROR_COUNT Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

The following attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 141

 13. digipassapplExecute

Table 169: DIGIPASSAPPLCMD_RESET_ERROR_COUNT Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_ACTIVE Always

DIGIPASSAPPLFLD_CREATE_TIME Always

DIGIPASSAPPLFLD_MODIFY_TIME Always

13.17. DIGIPASSAPPLCMD_TEST_SIGNATURE

The following attributes can be specified in the attributeSet input parameter of this command:

Table 170: DIGIPASSAPPLCMD_TEST_SIGNATURE Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_DOMAIN Optional

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_DATA_FIELD_1 Mandatory

DIGIPASSAPPLFLD_DATA_FIELD_2 Optional

DIGIPASSAPPLFLD_DATA_FIELD_3 Optional

DIGIPASSAPPLFLD_DATA_FIELD_4 Optional

DIGIPASSAPPLFLD_DATA_FIELD_5 Optional

DIGIPASSAPPLFLD_DATA_FIELD_6 Optional

DIGIPASSAPPLFLD_DATA_FIELD_7 Optional

DIGIPASSAPPLFLD_DATA_FIELD_8 Optional

DIGIPASSAPPLFLD_SIGNATURE Mandatory

DIGIPASSAPPLFLD_DEFERRED_DATE_TIME Optional

DIGIPASSAPPLFLD_DEFERRED_EVENT_VALUE Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 142

 13. digipassapplExecute

Table 170: DIGIPASSAPPLCMD_TEST_SIGNATURE Input Parameters (continued)

Name Optionality

DIGIPASSAPPLFLD_REQUEST_CONFIRM_CODE Optional

DIGIPASSAPPLFLD_REQUEST_KEY Optional

The following attributes will be specified in the results output parameter of this command:

Table 171: DIGIPASSAPPLCMD_TEST_SIGNATURE Output Parameters

Name Returned? Remarks

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN Always

DIGIPASSAPPLFLD_ORGANIZATIONAL_UNIT Optional

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_APPL_NO Always

DIGIPASSAPPLFLD_APPL_TYPE Always

DIGIPASSAPPLFLD_VERIFIED_DATE_TIME Optional In case of a time-based signature application.

DIGIPASSAPPLFLD_VERIFIED_EVENT_VALUE Optional In case of an event-based signature applic-

ation.

DIGIPASSAPPLFLD_CONFIRM_CODE Optional In case DIGIPASSAPPLCMD_REQUEST_

CONFIRM_CODE has been specified in the
input and was set to either Required or
Optional.

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

DIGIPASSAPPLFLD_RESULT_CODE Always

13.18. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1

The following attributes can be specified in the attributeSet input parameter of this command:

Table 172: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 143

 13. digipassapplExecute

Table 172: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 Input Parameters (continued)

Name Optionality

DIGIPASSAPPLFLD_DOMAIN Optional

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_RESPONSE Mandatory

DIGIPASSAPPLFLD_CHALLENGE Optional

DIGIPASSAPPLFLD_TRANSACTION_AMOUNT Optional

DIGIPASSAPPLFLD_TRANSACTION_CURRENCY Optional

The following attributes will be specified in the results output parameter of this command:

Table 173: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE1 Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_RESULT_CODE Always

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

13.19. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2

The following attributes can be specified in the attributeSet input parameter of this command:

Table 174: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_DOMAIN Optional

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_RESPONSE Mandatory

DIGIPASSAPPLFLD_DATA_FIELD_1 Mandatory

DIGIPASSAPPLFLD_DATA_FIELD_2 Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 144

 13. digipassapplExecute

Table 174: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 Input Parameters (continued)

Name Optionality

DIGIPASSAPPLFLD_DATA_FIELD_3 Optional

DIGIPASSAPPLFLD_DATA_FIELD_4 Optional

DIGIPASSAPPLFLD_DATA_FIELD_5 Optional

DIGIPASSAPPLFLD_DATA_FIELD_6 Optional

DIGIPASSAPPLFLD_DATA_FIELD_7 Optional

DIGIPASSAPPLFLD_DATA_FIELD_8 Optional

DIGIPASSAPPLFLD_DATA_FIELD_9 Optional

DIGIPASSAPPLFLD_DATA_FIELD_10 Optional

The following attributes will be specified in the results output parameter of this command:

Table 175: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE2 Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_RESULT_CODE Always

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

13.20. DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3

The following attributes can be specified in the attributeSet input parameter of this command:

Table 176: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_DOMAIN Optional

DIGIPASSAPPLFLD_APPL_NAME Mandatory

DIGIPASSAPPLFLD_RESPONSE Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 145

 13. digipassapplExecute

Table 176: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 Input Parameters (continued)

Name Optionality

DIGIPASSAPPLFLD_CHALLENGE Mandatory

The following attributes will be specified in the results output parameter of this command:

Table 177: DIGIPASSAPPLCMD_TEST_EMVCAP_MODE3 Output Parameters

Name Returned?

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN Always

DIGIPASSAPPLFLD_APPL_NAME Always

DIGIPASSAPPLFLD_RESULT_CODE Always

DIGIPASSAPPLFLD_RESULT_MESSAGE Always

13.21. DIGIPASSAPPLCMD_CREATE_EMVCAP

The following attributes can be specified in the attributeSet input parameter of this command:

Table 178: DIGIPASSAPPLCMD_CREATE_EMVCAP Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_DOMAIN Mandatory

DIGIPASSAPPLFLD_ACTIVE Mandatory

DIGIPASSAPPLFLD_CARD_AID Optional

DIGIPASSAPPLFLD_CARD_AIP Mandatory

DIGIPASSAPPLFLD_CARD_ATC Optional

DIGIPASSAPPLFLD_CARD_CARDDATA Optional

DIGIPASSAPPLFLD_CARD_CDOL1 Optional

DIGIPASSAPPLFLD_CARD_CID Optional

DIGIPASSAPPLFLD_CARD_IAD Mandatory

DIGIPASSAPPLFLD_CARD_IAF Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 146

 13. digipassapplExecute

Table 178: DIGIPASSAPPLCMD_CREATE_EMVCAP Input Parameters (continued)

Name Optionality

DIGIPASSAPPLFLD_CARD_IIPB Mandatory

DIGIPASSAPPLFLD_EMV_TYPE Mandatory

DIGIPASSAPPLFLD_KEY_LABEL Mandatory

DIGIPASSAPPLFLD_KEY_KCV Mandatory

DIGIPASSAPPLFLD_ORGANIZATIONAL_UNIT Optional

The following attributes will be specified in the results output parameter of this command:

Table 179: DIGIPASSAPPLCMD_CREATE_EMVCAP Output Parameters

Name Returned? Remarks

DIGIPASSAPPLFLD_SERNO Always

DIGIPASSAPPLFLD_DOMAIN Always

DIGIPASSAPPLFLD_APPL_NAME Always Application Name will be EMV.

DIGIPASSAPPLFLD_APPL_NO Application Number will be 1.

DIGIPASSAPPLFLD_APPL_TYPE Application Type will be MM.

DIGIPASSAPPLFLD_BLOB

DIGIPASSAPPLFLD_CREATE_TIME

DIGIPASSAPPLFLD_MODIFY_TIME

DIGIPASSAPPLFLD_ACTIVE

13.22. DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA

The following attributes can be specified in the attributeSet input parameter of this command:

Table 180: DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA Input Parameters

Name Optionality

DIGIPASSAPPLFLD_SERNO Mandatory

DIGIPASSAPPLFLD_DOMAIN Mandatory

DIGIPASSAPPLFLD_APPL_NAME Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 147

 13. digipassapplExecute

The following attributes will be specified in the results output parameter of this command:

Table 181: DIGIPASSAPPLCMD_GENERATE_ACTIVATION_DATA Output Parameters

Name Returned?

DIGIPASSAPPLFLD_EVENT_REACTIVATION_COUNTER Always

DIGIPASSAPPLFLD_FULL_ACTIVATION_DATA Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 148

 14. digipassapplQuery

14. digipassapplQuery
The digipassapplQuery command allows the querying of DIGIPASSapplications matching specified search
criteria. This command requires the following command parameters:

14.1. Parameters

Table 182: digipassapplQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current admin-

istrative session. The logon command returns
this identifier after a successful logon (see 5.1.
logon).

attributeSet DigipassApplAttributeSet Optional Specifies the DIGIPASS application query search

criteria (see 14.1.1. DigipassApplAttributeSet

fieldSet DigipassApplFieldSet Optional Specifies the DIGIPASS application attribute fields

to be returned for all the DIGIPASS records match-
ing the search criteria (see 14.1.2. Digi-
passApplFieldSet).

If fieldSet is omitted, all possible output para-

meters are returned. If a DIGIPASS application
attribute field is not set in the database, it is not
returned for that specific DIGIPASS record.

queryOptions Query Options Optional Options to determine what results should be

returned (see 14. digipassapplQuery)

Table 183: digipassapplQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

results DigipassApplQuery Res- Mandatory Result structure containing return and status codes
ults and a list of the queried DIGIPASS record fields (see
14.1.4. DigipassApplQueryResults).

14.1.1. DigipassApplAttributeSet

The DIGIPASS application attributes specified in this attribute set define the DIGIPASS application search criteria.
The following options can be applied to a DIGIPASS application attribute:

n NEGATIVE: used to indicate that the specified DIGIPASS attribute value should NOT be equal to the one spe-
cified.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 149

 14. digipassapplQuery

n Search fields are interpreted as follows:

n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

Table 184: DigipassApplAttributeSet (Data Type)

Element Name Type Description

attributes DigipassApplAttribute Attributes specifying the DIGIPASS application query

search criteria (see 14. digipassapplQuery).

Table 185: DigipassApplAttribute (Data Type)

Element Name Type Description

attributeOptions AttributeOptions Specifies how to handle the attribute value during

request processing, where each option is added as
single element to attributeOptions, e.g.:

<negative>true</negative>

Supported values:

n negative. Indicates that the specified user

attribute value should NOT be equal to the
one specified.
n null. Indicates that the specified attribute
should be handled as zero-value.

value Any The attribute value. The data type has to be specified by
setting the xsi:type XML attribute.

attributeID DigipassApplAttributeIDEnum The attribute identifier (see 14. digipassapplQuery

Table 186: digipassapplQuery (Supported Input Attributes)

Attribute Name Optionality

DIGIPASSAPPLFLD_APPL_NAME Optional

DIGIPASSAPPLFLD_APPL_TYPE Optional

DIGIPASSAPPLFLD_DOMAIN Optional

DIGIPASSAPPLFLD_SECURE_CHANNEL_SUPPORT Optional

DIGIPASSAPPLFLD_SERNO Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 150

 14. digipassapplQuery

14.1.2. DigipassApplFieldSet

The attributes specified in the fieldSet parameter specify the DIGIPASS application attribute fields IDENTIKEY
Authentication Server should return for the DIGIPASS applications matching the search criteria.

If fieldSet is omitted, all possible output parameters are returned. If an attribute field is not set in the data-
base, it is not returned for that specific record.

Table 187: DigipassApplFieldSet (Data Type)

Element Name Type Description

attributeID DigipassApplAttributeIDEnum The identifier of an attribute to return (see14. digipassapplQuery).

Table 188: digipassapplQuery (Supported Output Attributes)

Attribute Name Returned?

DIGIPASSAPPLFLD_ACTIVE If defined

DIGIPASSAPPLFLD_APPL_NAME If defined

DIGIPASSAPPLFLD_APPL_NO If defined

DIGIPASSAPPLFLD_APPL_TYPE If defined

DIGIPASSAPPLFLD_BLOB If defined

DIGIPASSAPPLFLD_CREATE_TIME If defined

DIGIPASSAPPLFLD_DOMAIN If defined

DIGIPASSAPPLFLD_MODIFY_TIME If defined

DIGIPASSAPPLFLD_SECURE_CHANNEL_SUPPORT If defined

DIGIPASSAPPLFLD_SERNO If defined

14.1.3. DigipassApplQueryOptions

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 151

 14. digipassapplQuery

Table 189: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

14.1.4. DigipassApplQueryResults

Table 190: DigipassApplQueryResults

Element Name Data Type Optionality Description

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

For more information, refer to the IDENTIKEY

Authentication Server SDKProgrammer's Guide,
Section "Error and Status Codes".

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 152

 14. digipassapplQuery

Table 190: DigipassApplQueryResults (continued)

Element Name Data Type Optionality Description

resultAttribute DigipassAttributeList Mandatory List containing the queried DIGIPASS attributes.

Each item of type
DigipassAttributeSet.

resultCount Integer Mandatory The number of items in resultAttribute.

errorStack ErrorStack Mandatory The error stack, indicating that the command has
not completed successfully.

14.2. Example

Example
<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header/>

<SOAP-ENV:Body>

<adm:digipassapplQuery xmlns:adm="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<sessionID>kR|+E+zwa#RrFptoIL4Il|N3t]]Qzxuj</sessionID>

<attributeSet>

<attributes>

<value xsi:type="xsd:string">0097123456</value>

<attributeID>DIGIPASSAPPLFLD_SERNO</attributeID>

</attributes>

</attributeSet>

<fieldSet>

<attributeID>DIGIPASSAPPLFLD_SERNO</attributeID>

<attributeID>DIGIPASSAPPLFLD_APPL_NAME</attributeID>

<attributeID>DIGIPASSAPPLFLD_APPL_TYPE</attributeID>

</fieldSet>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 153

 14. digipassapplQuery

</adm:digipassapplQuery>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

14.3. Requirements

Required administration privileges:

n View DIGIPASS

14.4. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 154

 15. dpxfileExecute

15. dpxfileExecute
The dpxfileExecute command executes the following DPX file-related administrative operations:

Table 191: dpxfileExecute Commands (SOAP Administration)

Command Description

DPXFILECMD_IMPORT_ This command starts the the actual server import processing of a previously uploaded DPX file
FILE (see 15.1. DPXFILECMD_IMPORT_FILE ).

The DPXfile should be uploaded first using one of the 3 supported upload commands:

n DPXFileUploadMIME
n DPXFileUploadDIME
n DPXFileUploadMTOM

DPXFILECMD_QUERY_ This command requests the import status for a previously started DPX file import (see 15.2.
STATUS DPXFILECMD_QUERY_STATUS).

DPXFILECMD_STOP_ This command stops a previously started DPX file import (see 15.3. DPXFILECMD_STOP_
IMPORT IMPORT).

Each dpxfileExecute command should specify following command parameters:

Table 192: dpxfileExecute Command Attributes

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The logon
command returns this identifier after a successful logon.

CMD String I The DPXFileExecute command to be executed. Commands are

specified in the previous table.

ATTRIBUTESET Set I Zero or more DPX File attribute fields.

RESULTS Set O Zero or more DPXFile result fields.

These field attributes are also available for userExecute commands:

Table 193: dpxfileExecute Field Attributes

Attribute Name Data Type Description

DPXFILEFLD_ACTIVE Boolean The initial state of the DIGIPASS to be imported

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 155

 15. dpxfileExecute

Table 193: dpxfileExecute Field Attributes (continued)

Attribute Name Data Type Description

DPXFILEFLD_APPL_LIST String Comma separated list of DIGIPASS application names and asso-
ciated types to be imported from the uploaded DPXFile.

Each application is listed in the following format:

<DIGIPASS Application Name>:<DIGIPASS Application Type>

DPXFILEFLD_APPLS_FAILED Unsigned Total number of DIGIPASS Application import failures.

Integer

DPXFILEFLD_APPLS_IMPORTED Unsigned Total number of DIGIPASS Application instances already impor-

Integer ted.

DPXFILEFLD_APPLS_READ Unsigned Total number of DIGIPASS Application instances already

Integer handled.

DPXFILEFLD_CACHE_ID String Unique Identifier of an already uploaded DPXFile.

DPXFILEFLD_DIRECT_ASSIGN_ONLY Boolean Flag indicating if the DIGIPASS to be imported should be

reserved for direct assignment only.

DPXFILEFLD_DOMAIN String The domain where the DIGIPASS have to be imported.

DPXFILEFLD_DPX_FILE_NAME String The filename of the DPXFile to be uploaded.

DPXFILEFLD_ORGANIZATIONAL_UNIT String The organizational unit where the DIGIPASS have to be impor-
ted.

DPXFILEFLD_SYNCHRONISE String Indicates if the existing DIGIPASS should be upgraded with

activation codes from this new DPX file. Accepted values are
yes or no.

DPXFILEFLD_DP_TOTAL Integer Total number of DIGIPASS

DPXFILEFLD_SCHEDULE Boolean

DPXFILEFLD_SHEDULE_NOTIFY String

DPXFILEFLD_DPX_FILE_KEY String The transportkey for the DPXFile to be uploaded.

DPXFILEFLD_RETURN_ERROR Boolean If specified, any errors encountered will be returned in addition

to import statistics.

15.1. DPXFILECMD_IMPORT_FILE

The following attributes can be specified in the DPXFile input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 156

 15. dpxfileExecute

Table 194: DPXFILECMD_IMPORT_FILE Input Parameters

Attribute Name Optional?

DPXFILEFLD_CACHE_ID Mandatory

DPXFILEFLD_APPL_LIST Mandatory

DPXFILEFLD_ACTIVE Mandatory

DPXFILEFLD_DOMAIN Mandatory

DPXFILEFLD_ORGANIZATIONAL_UNIT Optional

DPXFILEFLD_DIRECT_ASSIGN_ONLY Optional

DPXFILEFLD_SYNCHRONISE Optional

DPXFILEFLD_SCHEDULE Optional

DPXFILEFLD_SCHED_NOTIFY Optional

No result attributes will be returned by this command.

15.2. DPXFILECMD_QUERY_STATUS

Only the DPXFILEFLD_CACHE_ID attribute can be specified in the DPXFile attribute set input parameter of this com-
mand. This attribute is mandatory.

The following attributes will be specified in the results output parameter of this command:

Table 195: DPXFILECMD_QUERY_STATUS Input Parameters

Attribute Name Optional?

DPXFILEFLD_CACHE_ID Always

DPXFILEFLD_RETURN_ERROR Optional

Table 196: DPXFILECMD_QUERY_STATUS Output Parameters

Attribute Name Optional?

DPXFILEFLD_APPLS_READ Always

DPXFILEFLD_APPLS_IMPORTED Always

DPXFILEFLD_APPLS_FAILED Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 157

 15. dpxfileExecute

15.3. DPXFILECMD_STOP_IMPORT

Only the DPXFILEFLD_CACHE_ID attribute can be specified in the DPXFile attribute set input parameter of this com-
mand. This attribute is mandatory.

No result attributes will be returned by this command.

15.4. dpxfileuploadmime

The dpxfileuploadmime command uploads a DPX file using MIME encoding. This command should specify
the following command parameters:

Table 197: dpxfileuploadmime Command Attributes

Name Data Input/Output Description
Type

SESSION_ID String I The session identifier of the current administrative session.

The logon command returns this identifier after a suc-
cessful logon.

ATTRIBUTESET Set I Zero or more DPXFile attribute fields.

RESULTSET Set O Zero or more DPXFIle result fields.

DPXFILE MIME I MIME encoded attachment

encoded

The following attributes can be specified in the DPXFile input parameter of this command:

Table 198: dpxfileuploadmimie Input Parameters

Attribute Name Data Optional? Comments
Type

DPXFILEFLD_DPX_FILE_NAME String Mandatory The filename of the DPXFile to be uploaded.

DPXFILEFLD_DPX_FILE_KEY String Mandatory The transportkey for the DPXFile to be uploaded.

The following DPXFile attributes will be specified in the results output parameter of this command:

Table 199: dpxfileuploadmime Output Parameters

Attribute Name Data Type Returned? Comments

DPXFILEFLD_DPX_FILE_NAME String Always The internal filename of the uploaded DPXFile.

DPXFILEFLD_CACHE_ID String Always Unique Identifier of an already uploaded DPXFile.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 158

 15. dpxfileExecute

Table 199: dpxfileuploadmime Output Parameters (continued)

Attribute Name Data Type Returned? Comments

DPXFILEFLD_APPLS_READ unsignedInt Always Total number of DIGIPASS Application found in the

uploaded DPXFile.

DPXFILEFLD_APPL_LIST String Always Comma separated list of DIGIPASS Application names

and associated types found int the uploaded DPXFile.

Each application is listed in the following format:

<DIGIPASS Application Name>:<DIGIPASS Application

Type>

DPXFILEFLD_APPLS_FAILED unsignedInt Always Total number of DIGIPASS Application import failures.

DPXFILEFLD_DP_TOTAL unsignedInt Always Total number of DIGIPASS found in the DPX file.

15.5. dpxfileuploaddime

The dpxfileuploaddime command uploads a DPX file using DIME encoding. This command should specify
the following parameters:

Table 200: dpxfileuploaddime Command Attributes

Name Data Input/Output Description
Type

SESSION_ID String I The session identifier of the current administrative session.

The logon command returns this identifier after a suc-
cessful logon.

ATTRIBUTESET Set I Zero or more DPXFile attribute fields.

RESULTSET Set O Zero or more DPXFIle result fields.

DPXFILE DIME I DIME encoded attachment

encoded

The following attributes can be specified in the DPXFile input parameter of this command:

Table 201: dpxfileuploaddime Input Parameters

Attribute Name Data Optional? Comments
Type

DPXFILEFLD_DPX_FILE_NAME String Mandatory The filename of the DPXFile to be uploaded.

DPXFILEFLD_DPX_FILE_KEY String Mandatory The transportkey for the DPXFile to be uploaded.

The following DPXFile attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 159

 15. dpxfileExecute

Table 202: dpxfileuploaddime Output Parameters

Attribute Name Data Type Returned? Comments

DPXFILEFLD_DPX_FILE_NAME String Always The internal filename of the uploaded DPXFile.

DPXFILEFLD_CACHE_ID String Always Unique Identifier of an already uploaded DPXFile.

DPXFILEFLD_APPLS_READ unsignedInt Always Total number of DIGIPASS Applications found in the

uploaded DPXFile.

DPXFILEFLD_APPL_LIST String Always Comma separated list of DIGIPASS Application names

and associated types found int the uploaded DPXFile.

Each application is listed in the following format:

<DIGIPASS Application Name>:<DIGIPASS Application

Type>

DPXFILEFLD_APPLS_FAILED unsignedInt Always Total number of DIGIPASS Application import failures.

DPXFILEFLD_DP_TOTAL unsignedInt Always Total number of DIGIPASS found in the DPX file.

15.6. dpxfileuploadmtom

The dpxfileuploadmtom command uploads a DPX file using MTOM encoding. This command should spe-
cify following command parameters:

Table 203: dpxfileuploadmtom Command Attributes

Name Data Input/Output Description
Type

SESSION_ID String I The session identifier of the current administrative session.

The logon command returns this identifier after a suc-
cessful logon.

ATTRIBUTESET Set I Zero or more DPXFile attribute fields.

DPXFILEDATA MTOM I MTOM encoded attachment

encoded

The following attributes can be specified in the DPXFile input parameter of this command:

Table 204: dpxfileuploadmtom Input Parameters

Attribute Name Data Optional? Comments
Type

DPXFILEFLD_DPX_FILE_NAME String Mandatory The name of the file into which the DPX file will be
loaded.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 160

 15. dpxfileExecute

Table 204: dpxfileuploadmtom Input Parameters (continued)

Attribute Name Data Optional? Comments
Type

DPXFILEFLD_DPX_FILE_KEY String Mandatory The transportkey for the DPXFile to be uploaded.

The following DPXFile attributes will be specified in the results output parameter of this command:

Table 205: dpxfileuploadmtom Output Parameters

Attribute Name Data Type Optional? Comments

DPXFILEFLD_DPX_FILE_NAME String Always The internal filename of the uploaded DPXFile.

DPXFILEFLD_CACHE_ID String Always Unique Identifier of an already uploaded DPXFile.

DPXFILEFLD_APPLS_READ unsignedInt Always Total number of DIGIPASS Applications found in the

uploaded DPXFile.

DPXFILEFLD_APPL_LIST String Always Comma separated list of DIGIPASS Application names

and associated types found int the uploaded DPXFile.

Each application is listed in the following format:

<DIGIPASS Application Name>:<DIGIPASS Application

Type>

DPXFILEFLD_APPLS_FAILED unsignedInt Always Total number of DIGIPASS Application import failures.

DPXFILEFLD_DP_TOTAL unsignedInt Always Total number of DIGIPASS found in the DPX file.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 161

 16. domainExecute

16. domainExecute
The domainExecute command executes the following domain-related administrative operations:

Table 206: domainExecute Commands (SOAP Administration)

Command Description

DOMAINCMD_CREATE This command creates a domain entry in the organizational structure (see 16.1. DOMAINCMD_
CREATE).

DOMAINCMD_VIEW This command displays the settings for the specified domain (see 16.2. DOMAINCMD_VIEW).

DOMAINCMD_UPDATE This command updates the specified domain (see 16.3. DOMAINCMD_UPDATE).

DOMAINCMD_DELETE This command deletes the specified domain (see 16.4. DOMAINCMD_DELETE).

Each domainExecute command should specify following command parameters:

Table 207: domainExecute Command Attributes

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The domain command to be executed.

Commands are specified in the table above.

DOMAINATTRIBUTESET Set I Zero or more domain attribute fields.

RESULTSET Set O Zero or more domain result fields.

These field attributes are also available for domainExecute commands:

Table 208: domainExecute Field Attributes

Attribute Name Data Type Value

DOMAINFLD_DOMAIN String Up to 255 chars.

DOMAINFLD_DESCRIPTION String Up to 1024 chars.

DOMAINFLD_MASTERDOMAIN Boolean Indicates if the specified

domain is the master
domain.

DOMAINFLD_CREATE_TIME DateTime

DOMAINFLD_MODIFY_TIME DateTime

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 162

 16. domainExecute

16.1. DOMAINCMD_CREATE

The following attributes can be specified in the domain input parameter of this command:

Table 209: DOMAINCMD_CREATE Input Parameters

Attribute Name Optional?

DOMAINFLD_DOMAIN Mandatory

DOMAINFLD_DESCRIPTION Optional

The following domain attributes will be specified in the results output parameter of this command:

Table 210: DOMAINCMD_CREATE Output Parameters

Attribute Name Returned?

DOMAINFLD_DOMAIN Always

DOMAINFLD_DESCRIPTION If defined

DOMAINFLD_MASTERDOMAIN Always

DOMAINFLD_CREATE_TIME Always

DOMAINFLD_MODIFY_TIME Always

16.2. DOMAINCMD_VIEW

Only the DOMAINFLD_DOMAIN attribute can be specified in the domain attribute set input parameter of this com-
mand. This attribute is mandatory.

The following domain attributes will be specified in the results output parameter of this command:

Table 211: DOMAINCMD_VIEW Output Parameters

Attribute Name Returned?

DOMAINFLD_DOMAIN Always

DOMAINFLD_DESCRIPTION If defined

DOMAINFLD_MASTERDOMAIN Always

DOMAINFLD_CREATE_TIME Always

DOMAINFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 163

 16. domainExecute

16.3. DOMAINCMD_UPDATE

The following attributes can be specified in the domain input parameter of this command:

Table 212: DOMAINCMD_UPDATE Input Parameters

Attribute Name Optional?

DOMAINFLD_DOMAIN Mandatory

DOMAINFLD_DESCRIPTION Optional

The following domain attributes will be specified in the results output parameter of this command:

Table 213: DOMAINCMD_UPDATE Output Parameters

Attribute Name Returned?

DOMAINFLD_DOMAIN Always

DOMAINFLD_DESCRIPTION If defined

DOMAINFLD_MASTERDOMAIN Always

DOMAINFLD_CREATE_TIME Always

DOMAINFLD_MODIFY_TIME Always

16.4. DOMAINCMD_DELETE

Only the DOMAINFLD_DOMAIN attribute can be specified in the domain attribute set input parameter of this com-
mand. This attribute is mandatory.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 164

 17. domainQuery

17. domainQuery
The domainQuery command queries domains matching specified search criteria. To perform a domain query,
the following domainQuery command parameters must be specified:

Table 214: domainQuery Parameters (SOAP Administration)

Parameter Name Data Type I/O Optional? Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more domain attributes. These attributes

specify the domain query search criteria.

FIELDSET Set I Optional Zero or more domain attribute identifiers.

These identifiers specify the domain fields to be

returned for all the domain records matching the
search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT domainQuery O Zero or more query result fields.

Results

17.1. Attribute Set

The domain attributes specified in this attribute set define the domain search criteria. The following attribute
options can be applied to a domain attribute:

n NEGATIVE: used to indicate that the specified domain attribute value should NOT be equal to the one spe-
cified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The domain attributes specified in the FIELDSET attribute specify the domain fields the IDENTIKEY Authentication
Server should return for the domains matching the search criteria.

17.2. Query Options

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 165

 17. domainQuery

Table 215: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

17.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 166

 18. orgunitExecute

18. orgunitExecute
The orgunitExecute command supports executing following organizational unit related administrative oper-
ations:

Table 216: orgunitExecute Commands (SOAP Administration)

Command Description

ORGUNITCMD_ This command creates a organizational unit entry in the organizational structure (see 18.1.
CREATE ORGUNITCMD_CREATE).

ORGUNITCMD_VIEW This command displays the settings for the specified organizational unit (see 18.2. ORGUNITCMD_
VIEW).

ORGUNITCMD_ This command updates the specified organizational unit (see 18.3. ORGUNITCMD_UPDATE).
UPDATE

ORGUNITCMD_ This command deletes the specified organizational unit (see 18.4. ORGUNITCMD_DELETE).
DELETE

Each orgunitExecute command should specify following command parameters:

Table 217: orgunitExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The orgunit command to be executed.

Commands are specified in the list above.

ORGUNIT ATTRIBUTESET Set I Zero or more orgunit attribute fields.

RESULTSET Set O Zero or more orgunit result fields.

These field attributes are also available for orgunitExecute commands:

Table 218: orgunitExecute Field Attributes

Attribute Name Data Value Description
Type

ORGUNITFLD_ORGANIZATIONAL_UNIT String Up to 255 chars. Name of the organizational unit.

ORGUNITFLD_DOMAIN String Up to 255 chars. Domain in which the organizational unit belongs.

ORGUNITFLD_PARENT_ String Up to 255 chars.

ORGANIZATIONAL_UNIT

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 167

 18. orgunitExecute

Table 218: orgunitExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

ORGUNITFLD_DESCRIPTION String Up to 1024 Organizational unit description

chars.

ORGUNITFLD_CREATE_TIME DateTime The date and time the organizational unit object
was created in the database.

ORGUNITFLD_MODIFY_TIME DateTime The date and time of the last organizational unit
object update.

ORGUNITFLD_SEARCH_DOWN_OU_ Boolean
PATH

18.1. ORGUNITCMD_CREATE

The following attributes can be specified in the orgunit input parameter of this command:

Table 219: ORGUNITCMD_CREATE Input Parameters

Attribute Name Optional? Description

ORGUNITFLD_ORGANIZATIONAL_UNIT Mandatory Name of the organizational unit to be created.

ORGUNITFLD_DOMAIN Mandatory

ORGUNITFLD_PARENT_ORGANIZATIONAL_UNIT Optional

ORGUNITFLD_DESCRIPTION Optional Organizational unit description

The following orgunit attributes will be specified in the results output parameter of this command:

Table 220: ORGUNITCMD_CREATE Output Parameters

Name Required?

ORGUNITFLD_ORGANIZATIONAL_UNIT Always

ORGUNITFLD_DOMAIN Always

ORGUNITFLD_PARENT_ORGANIZATIONAL_UNIT If defined

ORGUNITFLD_DESCRIPTION If defined

ORGUNITFLD_CREATE_TIME Always

ORGUNITFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 168

 18. orgunitExecute

18.2. ORGUNITCMD_VIEW

The following attributes can be specified in the orgunit input parameter of this command:

Table 221: ORGUNITCMD_VIEW Input Parameters

Name Optional? Description

ORGUNITFLD_ORGANIZATIONAL_UNIT Mandatory Name of the organizational unit to be viewed.

ORGUNITFLD_DOMAIN Mandatory

The following orgunit attributes will be specified in the results output parameter of this command:

Table 222: ORGUNITCMD_VIEW Output Parameters

Name Returned?

ORGUNITFLD_ORGANIZATIONAL_UNIT Always

ORGUNITFLD_DOMAIN Always

ORGUNITFLD_PARENT_ORGANIZATIONAL_UNIT If defined

ORGUNITFLD_DESCRIPTION If defined

ORGUNITFLD_CREATE_TIME Always

ORGUNITFLD_MODIFY_TIME Always

18.3. ORGUNITCMD_UPDATE

The following attributes can be specified in the orgunit input parameter of this command:

Table 223: ORGUNITCMD_UPDATE Input Parameters

Name Optional? Description

ORGUNITFLD_ORGANIZATIONAL_UNIT Mandatory Name of the organizational unit to be updated.

ORGUNITFLD_DOMAIN Mandatory

ORGUNITFLD_DESCRIPTION Optional Organizational unit description

The following orgunit attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 169

 18. orgunitExecute

Table 224: ORGUNITCMD_UPDATE Output Parameters

Name Returned?

ORGUNITFLD_ORGANIZATIONAL_UNIT Always

ORGUNITFLD_DOMAIN Always

ORGUNITFLD_PARENT_ORGANIZATIONAL_UNIT If defined

ORGUNITFLD_DESCRIPTION If defined

ORGUNITFLD_CREATE_TIME Always

ORGUNITFLD_MODIFY_TIME Always

18.4. ORGUNITCMD_DELETE

The following attributes can be specified in the orgunit input parameter of this command:

Table 225: ORGUNITCMD_DELETE Input Parameters

Name Input Description

ORGUNITFLD_ORGANIZATIONAL_UNIT Mandatory Name of the organizational unit to be deleted.

ORGUNITFLD_DOMAIN Mandatory

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 170

 19. orgunitQuery

19. orgunitQuery
The orgunitQuery command queries organizational units matching specified search criteria. To use this com-
mand, the following orgunitQuery command parameters must be specified:

Table 226: orgunitQuery Parameters

Name Data Type I/O Optional? Description

SESSIONID String I Mandatory The sessiond identifier of the current administrative

session.

ATTRIBUTESET Set I Optional Zero or more orgunit attributes. These attributes

specify the orgunit query search criteria.

FIELDSET Set I Optional Zero or more orgunit attribute identifiers.

These identifiers specify the orgunit fields to be

returned for all the orgunit records matching the
search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

19.1. Attribute Set

The orgunit attributes specified in this attribute set define the orgunit search criteria. The following attribute
options can be applied to a domain attribute:

n NEGATIVE: used to indicate that the specified orgunit attribute value should NOT be equal to the one spe-
cified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The orgunit attributes specified in the FIELDSET attribute specify the orgunit fields the IDENTIKEY Authentication
Server should return for the orgunits matching the search criteria.

19.2. Query Options

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 171

 19. orgunitQuery

Table 227: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

19.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 172

 20. componentExecute

20. componentExecute
The componentExecute command executes the following component-related administrative operations:

Table 228: componentExecute Commands (SOAP Administration)

Command Description

COMPONENTCMD_ Registers a new component (see 20.1. COMPONENTCMD_CREATE).

CREATE

COMPONENTCMD_ Deletes the specified back-end server entry (see 20.4. COMPONENTCMD_DELETE).
DELETE

COMPONENTCMD_ Updates the server settings for the specified back-end server (see 20.3.
UPDATE COMPONENTCMD_UPDATE).

COMPONENTCMD_VIEW Displays the server settings for the specified back-end server (see 20.2.
COMPONENTCMD_VIEW).

Each componentExecute command should specify following command parameters:

Table 229: componentExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The component command to be executed.

Commands are specified in the table above.

COMPONENT ATTRIBUTESET Set I Zero or more component attribute fields.

RESULTSET Set O Zero or more component result fields.

The following field attributes are also available for componentExecute commands:

Table 230: componentExecute Field Attributes

Name Data Type Value

COMPONENTFLD_COMPONENT_LOCATION String Up to 255 chars.

COMPONENTFLD_COMPONENT_TYPE String Up to 80 chars.

COMPONENTFLD_CREATE_TIME DateTime

COMPONENTFLD_ENABLED Boolean

COMPONENTFLD_LICENSE_KEY String Up to 1024 chars.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 173

 20. componentExecute

Table 230: componentExecute Field Attributes (continued)

Name Data Type Value

COMPONENTFLD_MODIFY_TIME DateTime Date and time of last Policy

entry update.

COMPONENTFLD_POLICY_ID String Up to 80 chars.

COMPONENTFLD_PROTOCOL_ID String Up to 32 chars.

COMPONENTFLD_RADIUS_SHARED_SECRET String Up to 255 chars.

COMPONENTFLD_REQUEST_FORWARDING Boolean

COMPONENTFLD_TCP_PORT Integer 1 to 65535

COMPONENTFLD_VASCO_PUBLIC_KEY String Up to 1024 chars.

COMPONENTFLD_CHARACTER_ENCODING String

20.1. COMPONENTCMD_CREATE

The following attributes can be specified in the component input parameter of this command:

Table 231: COMPONENTCMD_CREATE Input Parameters

Attribute Name Optional?

COMPONENTFLD_CHARACTER_ENCODING Optional

COMPONENTFLD_COMPONENT_LOCATION Mandatory

COMPONENTFLD_COMPONENT_TYPE Mandatory

COMPONENTFLD_ENABLED Optional

COMPONENTFLD_LICENSE_KEY Optional

COMPONENTFLD_POLICY_ID Mandatory

COMPONENTFLD_PROTOCOL_ID Optional

COMPONENTFLD_RADIUS_SHARED_SECRET Optional

COMPONENTFLD_REQUEST_FORWARDING Optional

COMPONENTFLD_TCP_PORT Optional

COMPONENTFLD_VASCO_PUBLIC_KEY Optional

The following component attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 174

 20. componentExecute

Table 232: COMPONENTCMD_CREATE Output Parameters

Name Required?

COMPONENTFLD_CHARACTER_ENCODING If defined

COMPONENTFLD_COMPONENT_LOCATION Always

COMPONENTFLD_COMPONENT_TYPE Always

COMPONENTFLD_CREATE_TIME Always

COMPONENTFLD_ENABLED Optional

COMPONENTFLD_LICENSE_KEY If defined

COMPONENTFLD_MODIFY_TIME Always

COMPONENTFLD_POLICY_ID Always

COMPONENTFLD_PROTOCOL_ID If defined

COMPONENTFLD_RADIUS_SHARED_SECRET If defined

COMPONENTFLD_REQUEST_FORWARDING Optional

COMPONENTFLD_TCP_PORT If defined

COMPONENTFLD_VASCO_PUBLIC_KEY If defined

20.2. COMPONENTCMD_VIEW

The following attributes can be specified in the component input parameter of this command:

Table 233: COMPONENTCMD_VIEW Input Parameters

Attribute Name Optional?

COMPONENTFLD_COMPONENT_LOCATION Mandatory

COMPONENTFLD_COMPONENT_TYPE Mandatory

The following component attributes will be specified in the results output parameter of this command:

Table 234: COMPONENTCMD_VIEW Output Parameters

Attribute Name Required?

COMPONENTFLD_CHARACTER_ENCODING If defined

COMPONENTFLD_COMPONENT_LOCATION Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 175

 20. componentExecute

Table 234: COMPONENTCMD_VIEW Output Parameters (continued)

Attribute Name Required?

COMPONENTFLD_COMPONENT_TYPE Always

COMPONENTFLD_CREATE_TIME Always

COMPONENTFLD_ENABLED Always

COMPONENTFLD_LICENSE_KEY If defined

COMPONENTFLD_MODIFY_TIME Always

COMPONENTFLD_POLICY_ID Always

COMPONENTFLD_PROTOCOL_ID If defined

COMPONENTFLD_RADIUS_SHARED_SECRET If defined

COMPONENTFLD_REQUEST_FORWARDING Always

COMPONENTFLD_TCP_PORT If defined

COMPONENTFLD_VASCO_PUBLIC_KEY If defined

20.3. COMPONENTCMD_UPDATE

The following attributes can be specified in the component input parameter of this command:

Table 235: COMPONENTCMD_UPDATE Input Parameters

Attribute Name Optional?

COMPONENTFLD_CHARACTER_ENCODING Optional

COMPONENTFLD_COMPONENT_LOCATION Mandatory

COMPONENTFLD_COMPONENT_TYPE Mandatory

COMPONENTFLD_ENABLED Optional

COMPONENTFLD_LICENSE_KEY Optional

COMPONENTFLD_POLICY_ID Optional

COMPONENTFLD_PROTOCOL_ID Optional

COMPONENTFLD_RADIUS_SHARED_SECRET Optional

COMPONENTFLD_REQUEST_FORWARDING Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 176

 20. componentExecute

Table 235: COMPONENTCMD_UPDATE Input Parameters (continued)

Attribute Name Optional?

COMPONENTFLD_TCP_PORT Optional

COMPONENTFLD_VASCO_PUBLIC_KEY Optional

The following component attributes will be specified in the results output parameter of this command:

Table 236: COMPONENTCMD_UPDATE Output Parameters

Attribute Name Required?

COMPONENTFLD_CHARACTER_ENCODING If defined

COMPONENTFLD_COMPONENT_LOCATION Always

COMPONENTFLD_COMPONENT_TYPE Always

COMPONENTFLD_CREATE_TIME Always

COMPONENTFLD_ENABLED Always

COMPONENTFLD_LICENSE_KEY If defined

COMPONENTFLD_MODIFY_TIME Always

COMPONENTFLD_POLICY_ID If defined

COMPONENTFLD_PROTOCOL_ID If defined

COMPONENTFLD_RADIUS_SHARED_SECRET If defined

COMPONENTFLD_REQUEST_FORWARDING Always

COMPONENTFLD_TCP_PORT If defined

COMPONENTFLD_VASCO_PUBLIC_KEY If defined

20.4. COMPONENTCMD_DELETE

The following attributes can be specified in the component input parameter of this command:

Table 237: COMPONENTCMD_DELETE Input Parameters

Attribute Name Optional?

COMPONENTFLD_COMPONENT_TYPE Always

COMPONENTFLD_COMPONENT_LOCATION Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 177

 20. componentExecute

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 178

 21. componentQuery

21. componentQuery
The componentQuery command retrieves component records matching specific search criteria. To use this
command, the following componentQuery command parameters must be specified:

Table 238: componentQuery Parameters

Parameter Name Data Type I/O Optional? Description

SESSIONID String I Mandatory The sessiond identifier of the current administrative

session.

ATTRIBUTESET Set I Optional Zero or more component attributes. These attrib-

utes specify the component query search criteria.

FIELDSET Set I Optional Zero or more component attribute identifiers.

These identifiers specify the component fields to be

returned for all the component records matching
the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

21.1. Attribute Set

The user attributes specified in this attribute set define the user search criteria. The following options can be
applied to a user attribute:

n NEGATIVE: used to indicate that the specified user attribute value should NOT be equal to the one spe-
cified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The user attributes specified in the FIELDSET attribute specify the DIGIPASS fields the IDENTIKEY Authentication
Server should return for the DIGIPASS matching the search criteria.

21.2. Query Options

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 179

 21. componentQuery

Table 239: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

21.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 180

 22. backendExecute

22. backendExecute
The backendExecute command executes the following report-related administrative operations:

Table 240: backendExecute Commands

Command Description

BACKENDCMD_CREATE Registers a new back-end server (see 22.1. BACKENDCMD_CREATE).

BACKENDCMD_DELETE Deletes the specified back-end server entry (see 22.4. BACKENDCMD_DELETE).

BACKENDCMD_UPDATE Updates the server settings for the specified back-end server (see 22.3. BACKENDCMD_UDPATE).

BACKENDCMD_VIEW Displays the server settings for the specified back-end server (see 22.2. BACKENDCMD_VIEW).

Each backendExecute command should specify following command parameters:

Table 241: backendExecute Command Parameters

Name Data Input/Output Description
Type

sessionID String I The session identifier of the current administrative session. The logon
command returns this identifier after a successful logon (see 5.1. logon).

cmd String I The back-end command to be executed (see Table 240: backendExecute
Commands).

attributeSet Set I Zero or more back-end attribute fields.

results Set O Zero or more back-end result fields.

These field attributes are also available for backendExecute commands:

Table 242: backendExecute Field Attributes

Attribute Name Data Type Description

BACKENDFLD_AUTH_IP_ String Valid IPv4 address.

ADDRESS

BACKENDFLD_AUTH_PORT Integer Supported values: 1 – 65535

BACKENDFLD_AUTH_PORT_ Integer SSL Authentication port

SSL

BACKENDFLD_BACKEND_ String Communication protocol identifier.

PROTOCOL_ID
Up to 32 characters.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 181

 22. backendExecute

Table 242: backendExecute Field Attributes (continued)

Attribute Name Data Type Description

BACKENDFLD_BACKEND_ String Unique back-end server identifier.

SERVER_ID
Up to 80 characters.

BACKENDFLD_CHARACTER_ String
ENCODING

BACKENDFLD_CREATE_TIME DateTime The date and time the back-end server entry was created in the database.

BACKENDFLD_DIRECTORY_ String Reserved for future use

AUTH

BACKENDFLD_DIRECTORY_ String
BASE_DN

BACKENDFLD_DOMAIN String Up to 255 characters.

BACKENDFLD_EMAIL_ String The LDAP attribute name to use as user's email address for DUR user inform-
ATTRIBUTE ation synchronization.

Up to 64 characters.

BACKENDFLD_MOBILE_ String The LDAP attribute name to use as user's mobile phone number for DUR user
ATTRIBUTE information synchronization.

Up to 64 characters.

BACKENDFLD_MODIFY_TIME DateTime The date and time of the last back-end server entry update.

BACKENDFLD_PHONE_ String The LDAP attribute name to use as user's landline phone number for DUR user
ATTRIBUTE information synchronization.

Up to 64 characters.

BACKENDFLD_PRIORITY Integer

BACKENDFLD_RADIUS_ACCT_ String Valid IPv4 address.

IP_ADDRESS

BACKENDFLD_RADIUS_ACCT_ Integer Supported values: 1 – 65535

PORT

BACKENDFLD_RADIUS_AUTH_ String Valid IPv4 address.

IP_ADDRESS

BACKENDFLD_RADIUS_AUTH_ Integer Supported values: 1 – 65535

PORT

BACKENDFLD_RADIUS_ Integer Supported values: 0 – 9

RETRIES

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 182

 22. backendExecute

Table 242: backendExecute Field Attributes (continued)

Attribute Name Data Type Description

BACKENDFLD_RADIUS_ String Up to 255 characters.

SHARED_SECRET

BACKENDFLD_RADIUS_ Integer Supported values: 1 – 999

TIMEOUT

BACKENDFLD_RETRIES Integer Supported values: 0 – 9

BACKENDFLD_SECURITY_ String DN of an administrator account to use when sending a query to an LDAP back-
PRINCIPAL_DN end authenticator.

BACKENDFLD_SECURITY_ String Password for the Security_Principle account.

PRINCIPAL_PASSWORD

BACKENDFLD_TIMEOUT Integer Supported values: 1 – 999

BACKENDFLD_USER_ID_ String
ATTRIBUTE

BACKENDFLD_USER_OBJECT_ String
CLASS

BACKENDFLD_USERNAME_ String The LDAP attribute name to use as user's display name for DUR user inform-
ATTRIBUTE ation synchronization.

Up to 64 characters.

22.1. BACKENDCMD_CREATE

The following attributes can be specified in the back-end input parameter of this command:

Table 243: BACKENDCMD_CREATE Input Parameters

Attribute Name Optional?

BACKENDFLD_AUTH_IP_ADDRESS Optional

BACKENDFLD_AUTH_PORT Optional

BACKENDFLD_AUTH_PORT_SSL Optional

BACKENDFLD_BACKEND_PROTOCOL_ID Mandatory

BACKENDFLD_BACKEND_SERVER_ID Mandatory

BACKENDFLD_CHARACTER_ENCODING Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 183

 22. backendExecute

Table 243: BACKENDCMD_CREATE Input Parameters (continued)

Attribute Name Optional?

BACKENDFLD_DIRECTORY_AUTH Optional

BACKENDFLD_DIRECTORY_BASE_DN Optional

BACKENDFLD_DOMAIN Optional

BACKENDFLD_EMAIL_ATTRIBUTE Optional

BACKENDFLD_MOBILE_ATTRIBUTE Optional

BACKENDFLD_PHONE_ATTRIBUTE Optional

BACKENDFLD_PRIORITY Optional

BACKENDFLD_RADIUS_ACCT_IP_ADDRESS Optional

BACKENDFLD_RADIUS_ACCT_PORT Optional

BACKENDFLD_RADIUS_SHARED_SECRET Optional

BACKENDFLD_RETRIES Optional

BACKENDFLD_SECURITY_PRINCIPAL_DN Optional

BACKENDFLD_SECURITY_PRINCIPAL_PASSWORD Optional

BACKENDFLD_TIMEOUT Optional

BACKENDFLD_USERNAME_ATTRIBUTE Optional

The following back-end attributes will be specified in the results output parameter of this command:

Table 244: BACKENDCMD_CREATE Output Parameters

Attribute Name Returned?

BACKENDFLD_BACKEND_PROTOCOL_ID Always

BACKENDFLD_BACKEND_SERVER_ID Always

BACKENDFLD_CHARACTER_ENCODING If defined

BACKENDFLD_DOMAIN If defined

BACKENDFLD_EMAIL_ATTRIBUTE If defined

BACKENDFLD_MOBILE_ATTRIBUTE If defined

BACKENDFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 184

 22. backendExecute

Table 244: BACKENDCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

BACKENDFLD_MODIFY_TIME Always

BACKENDFLD_PHONE_ATTRIBUTE If defined

BACKENDFLD_PRIORITY If defined

BACKENDFLD_RADIUS_ACCT_IP_ADDRESS If defined

BACKENDFLD_RADIUS_ACCT_PORT If defined

BACKENDFLD_RADIUS_AUTH_IP_ADDRESS If defined

BACKENDFLD_RADIUS_AUTH_PORT If defined

BACKENDFLD_RADIUS_RETRIES If defined

BACKENDFLD_RADIUS_SHARED_SECRET If defined

BACKENDFLD_RADIUS_TIMEOUT If defined

BACKENDFLD_USERNAME_ATTRIBUTE If defined

22.2. BACKENDCMD_VIEW

Only the BACKENDFLD_BACKEND_SERVER_ID attribute can be specified in the back-end attribute set
input parameter of this command. This attribute is mandatory.

The following back-end attributes will be specified in the results output parameter of this command:

Table 245: BACKENDCMD_VIEW Output Parameters

Attribute Name Returned?

BACKENDFLD_AUTH_IP_ADDRESS If defined

BACKENDFLD_AUTH_PORT If defined

BACKENDFLD_BACKEND_PROTOCOL_ID If defined

BACKENDFLD_BACKEND_SERVER_ID Always

BACKENDFLD_CHARACTER_ENCODING If defined

BACKENDFLD_DOMAIN If defined

BACKENDFLD_EMAIL_ATTRIBUTE If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 185

 22. backendExecute

Table 245: BACKENDCMD_VIEW Output Parameters (continued)

Attribute Name Returned?

BACKENDFLD_MOBILE_ATTRIBUTE If defined

BACKENDFLD_MODIFY_TIME Always

BACKENDFLD_MODIFY_TIME Always

BACKENDFLD_PHONE_ATTRIBUTE If defined

BACKENDFLD_PRIORITY If defined

BACKENDFLD_RADIUS_ACCT_IP_ADDRESS If defined

BACKENDFLD_RADIUS_ACCT_PORT If defined

BACKENDFLD_RADIUS_SHARED_SECRET If defined

BACKENDFLD_RETRIES If defined

BACKENDFLD_TIMEOUT If defined

BACKENDFLD_USERNAME_ATTRIBUTE If defined

22.3. BACKENDCMD_UDPATE

The following attributes can be specified in the back-end input parameter of this command:

Table 246: BACKENDCMD_UDPATE Input Parameters

Attribute Name Optional?

BACKENDFLD_AUTH_IP_ADDRESS Optional

BACKENDFLD_AUTH_PORT Optional

BACKENDFLD_BACKEND_PROTOCOL_ID Mandatory

BACKENDFLD_BACKEND_SERVER_ID Mandatory

BACKENDFLD_CHARACTER_ENCODING Optional

BACKENDFLD_DOMAIN Optional

BACKENDFLD_EMAIL_ATTRIBUTE Optional

BACKENDFLD_MOBILE_ATTRIBUTE Optional

BACKENDFLD_PHONE_ATTRIBUTE Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 186

 22. backendExecute

Table 246: BACKENDCMD_UDPATE Input Parameters (continued)

Attribute Name Optional?

BACKENDFLD_PRIORITY Optional

BACKENDFLD_RADIUS_ACCT_IP_ADDRESS Optional

BACKENDFLD_RADIUS_ACCT_PORT Optional

BACKENDFLD_RADIUS_SHARED_SECRET Optional

BACKENDFLD_RETRIES Optional

BACKENDFLD_TIMEOUT Optional

BACKENDFLD_USERNAME_ATTRIBUTE Optional

The following back-end attributes will be specified in the results output parameter of this command:

Table 247: BACKENDCMD_UDPATE Output Parameters

Attribute Name Returned?

BACKENDFLD_AUTH_IP_ADDRESS If defined

BACKENDFLD_AUTH_PORT If defined

BACKENDFLD_BACKEND_PROTOCOL_ID If defined

BACKENDFLD_BACKEND_SERVER_ID Always

BACKENDFLD_CHARACTER_ENCODING If defined

BACKENDFLD_DOMAIN_NAME If defined

BACKENDFLD_EMAIL_ATTRIBUTE If defined

BACKENDFLD_MOBILE_ATTRIBUTE If defined

BACKENDFLD_MODIFY_TIME Always

BACKENDFLD_MODIFY_TIME Always

BACKENDFLD_PHONE_ATTRIBUTE If defined

BACKENDFLD_PRIORITY If defined

BACKENDFLD_RADIUS_ACCT_IP_ADDRESS If defined

BACKENDFLD_RADIUS_ACCT_PORT If defined

BACKENDFLD_RADIUS_SHARED_SECRET If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 187

 22. backendExecute

Table 247: BACKENDCMD_UDPATE Output Parameters (continued)

Attribute Name Returned?

BACKENDFLD_RETRIES If defined

BACKENDFLD_TIMEOUT If defined

BACKENDFLD_USERNAME_ATTRIBUTE If defined

22.4. BACKENDCMD_DELETE

Only the BACKENDFLD_BACKEND_SERVER_ID attribute can be specified in the back-end attribute set
input parameter of this command. This attribute is mandatory, and serves as a unique back-end server identifier.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 188

 23. backendQuery

23. backendQuery
The backendQuery command queries back-end server records matching specified search criteria. To use this
command, the following backendQuery command parameters must be specified:

Table 248: backendQuery Parameters

Parameter Name Data Type I/O Optional? Description

SESSIONID String I Mandatory The sessiond identifier of the current administrative

session.

ATTRIBUTESET Set I Optional Zero or more backend attributes. These attributes

specify the backend query search criteria.

FIELDSET Set I Optional Zero or more backend attribute identifiers.

These identifiers specify the backend server fields

to be returned for all the backend server records
matching the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

23.1. Attribute Set

The user attributes specified in this attribute set define the user search criteria. The following options can be
applied to a user attribute:

n NEGATIVE: used to indicate that the required attribute value should NOT be equal to the one specified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The user attributes specified in the FIELDSET attribute specify the DIGIPASS fields the IDENTIKEY Authentication
Server should return for the users matching the search criteria.

23.2. Query Options

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 189

 23. backendQuery

Table 249: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

23.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 190

 24. policyExecute

24. policyExecute
The policyExecute command executes following policy-related administrative operations:

Table 250: policyExecute Commands (SOAP administration)

Command Description

POLICYCMD_CREATE Creates a new policy record (see 24.1. POLICYCMD_CREATE).

POLICYCMD_DELETE Deletes a policy record (see 24.4. POLICYCMD_DELETE).

POLICYCMD_GET_EFFECTIVE_ Get all effective policy settings for a specific policy, taking into account all set-
POLICY tings from parent policies wherever the default option is used.(see 24.5.
POLICYCMD_GET_EFFECTIVE_POLICY).

POLICYCMD_UPDATE Modifies an existing policy (see 24.3. POLICYCMD_UPDATE).

POLICYCMD_VIEW Displays settings for a particular policy (see 24.2. POLICYCMD_VIEW).

Each policyExecute command should specify following command parameters:

Table 251: policyExecute Command Parameters

Name Data Input/ Description
Type Output

sessionID String I The session identifier of the current administrative session. The logon com-
mand returns this identifier after a successful logon (see 5.1. logon).

cmd String I The policy command to be executed (see Table 250: policyExecute Commands
(SOAP administration)).

attributeSet Set I Zero or more policy attribute fields.

results Set O Zero or more policy result fields.

These field attributes are also available for policyExecute commands:

Table 252: policyExecute Field Attributes

Attribute Name Data Type Description

POLICYFLD_ACCEPTED_ String A comma separated list of domains for which user authentication and signature
DOMAIN validation requests are accepted.

POLICYFLD_ACT_MSG_ Integer The number of days before the first activation message expires.
VALIDITY
Applies if Secure Channel is supported.

POLICYFLD_ACTIVATION_ Integer Determines whether a notification should be sent to the user when a delayed
COMPLETED_NOTIFICATION DIGIPASS activation completes (delayed activation).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 191

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_ACTIVATION_ Integer Determines whether a notification should be sent to the user when a DIGIPASS
DELAYED_NOTIFICATION activation is delayed (delayed activation).

POLICYFLD_ACTIVATION_ String Specifies the default delivery method when sending notifications for delayed
NOTIFICATION_DELIVERY_ activation.
METHOD
Supported values:

n Default
n Email
n SMS
n Voice

POLICYFLD_APPL_NAMES String Comma-separated list of DIGIPASS Applications which may be used.

Up to 255 chars.

POLICYFLD_APPL_TYPE String Comma-separated list of types of DIGIPASS Application which may be used.

Supported values:

n Default
n No restriction
n Response Only
n Challenge/Response
n Signature
n Multi-Mode

POLICYFLD_ASSIGN_MODE String Specifies the method of automated DIGIPASS Assignment that will be used for
this Policy, if any.

Supported values:

n Default
n Auto-Assignment
n Self-Assignment
n Neither

POLICYFLD_ASSIGN_SEARCH_ String Controls the search scope for an available DIGIPASS for Auto-Assignment or Pro-
UP_OU_PATH visioning Registration, or for a specific DIGIPASS for Self-Assignment. Search
the current organizational unit and up the tree as high as possible.

Supported values:

n Default
n No
n Yes

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 192

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_AUTOLEARN String Specifies whether the Password Autolearn feature is enabled for the Policy.

Supported values:

n Default
n No
n Yes

POLICYFLD_BACKEND_AUTH String Specifies whether authentication requests using the Policy will be handled by
the IDENTIKEY Authentication Server using Back-End Authentication.

Supported values:

n Default
n None
n If Needed
n Always

POLICYFLD_BACKEND_ String Specifies the protocol to be used for Back-End Authentication.

PROTOCOL_ID
Up to 32 chars.

Supported values:

n Windows
n RADIUS
n e-Directory
n Active Directory
n Tivoli

POLICYFLD_BACKUP_VDP_ String Supported values:

ENABLED
n Default
n No
n Yes – Permitted
n Yes – Required

POLICYFLD_BACKUP_VDP_ String Supported values: 0 to 30

MAX_DAYS

POLICYFLD_BACKUP_VDP_ Integer Supported values: 0 to 99 999

MAX_USES

POLICYFLD_BACKUP_VDP_
REQUEST_KEYWORD
String The method by which a User has to request a Backup Virtual DIGIPASSlogin.
The 'request' is made in the password field during login. The request will be
ignored if the User does not have a DIGIPASS assigned that is activated for the
Backup Virtual DIGIPASS feature, or if other Policy or DIGIPASS settings do not
permit Backup Virtual DIGIPASS use.

Up to 16 chars

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 193

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_BACKUP_VDP_ String Specifies whether and how the Backup Virtual DIGIPASS feature can be used
REQUEST_METHOD when this Policy is effective. For the Backup Virtual DIGIPASS feature to func-
tion, it must also be activated in the DPX file for the associated DIGIPASS.

Supported values:

n None
n Default
n Keyword
n Password
n KeywordPassword
n PasswordKeyword

POLICYFLD_CHALLENGE_ String Defines the Keyword that a User must enter to request a 2-step Chal-
REQUEST_KEYWORD lenge/Response login. Used where POLICYFLD_CHALLENGE_REQUEST_
METHOD is set to Keyword, KeywordPassword or PasswordKeyword.

Up to 16 chars

May be blank.

POLICYFLD_CHALLENGE_ String The method by which a User has to request a 2-step Challenge/Response login.
REQUEST_METHOD
This is the only mode of Challenge/Response available in a RADIUS environment.

The 'request' is made in the password field during login. The request will fail if
the User does not have a Challenge/Response-capable DIGIPASS assigned. This
includes DIGIPASS Applications of Type CR, SG and MM.

Supported values:

n None
n Default
n Keyword
n Password
n KeywordPassword
n PasswordKeyword

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 194

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_CHECKCHALLENGE Integer This setting is for advanced control over time-based Challenge/Response
authentication.

The value 1 should be used for standard RADIUS Challenge/Response. This is

the inbuilt default value if the setting is not specified at all.

Supported values:

n 0 - No check is made. Required for 1-step Challenge/Response.

n 1 - The challenge presented for verification must be the last one that
was generated specifically for that DIGIPASS. Normal mode of oper-
ation for 2-step Challenge/Response.
n 2 - The challenge presented for verification is ignored; the last one
generated specifically for that DIGIPASS is used.
n 3 - Only one verification is permitted per time step. This option only
applies to time-based Challenge/Response.
n 4 - If the same challenge and response are presented for verification
twice in a row during the same time step, they are rejected.

POLICYFLD_CHG_WIN_PWD_ String
ENABLED

POLICYFLD_CHG_WIN_PWD_ Integer
LENGTH

POLICYFLD_CHKINACTDAYS Integer

POLICYFLD_CLIENT_GROUP_ String
LIST

POLICYFLD_CLIENT_GROUP_ String
MODE

POLICYFLD_CREATE_TIME DateTime Date and time the policy object was created in the database. Always part of the
policy commands output (except the delete operation).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 195

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_CUSTOM_ String If true, transaction fields in the signing request can be defined using SIGNFLD_
REQUEST_BODY REQUEST_BODY instead of a data field list.

Applies if Secure Channel Signature is supported.

Supported values:

n Default
n No
n Yes

POLICYFLD_DCR String

POLICYFLD_DEFAULT_DOMAIN String The default Domain in which the IDENTIKEY Authentication Server should look
for and create DIGIPASS user accounts, if a Domain is not specified by the user
credentials.

Up to 255 chars.

POLICYFLD_DELAYED_ Unsigned Integer The delayed activation period (in hours), i.e. the time span after activation until
ACTIVATION_PERIOD an activated (software) DIGIPASS authenticator can effectively be used for
authentication and signature operations.

Possible values: 0 to 4,294,967,295 (UInt32.MaxValue)

POLICYFLD_DESCRIPTION String Policy description.

POLICYFLD_DIGIPASS_TYPES String Comma-separated list of DIGIPASS models which may be used. The Type field
in your DIGIPASS records will display the model number of each
DIGIPASS authenticator loaded.

Example values:

n DPEMV
n DIGIPASS 300
n DIGIPASS GO 7

Up to 255 chars.

POLICYFLD_DP_EXPIRATION_ Integer Number of days until a DIGIPASS authenticator expires by default.

PERIOD

POLICYFLD_DUR String Specifies whether the Dynamic User Registration (DUR) feature is enabled for
the Policy.

Supported values:

n Default
n No
n Yes

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 196


Table 252: policyExecute Field Attributes (continued)
Attribute Name
POLICYFLD_EVENTWINDOW
POLICYFLD_GRACE_PERIOD
POLICYFLD_GROUP_CHECK_
MODE
POLICYFLD_GROUP_LIST
POLICYFLD_ITHRESHOLD
POLICYFLD_ITIMEWINDOW
IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference
24. policyExecute
Data Type Description
Integer Controls the maximum number of events' variation allowable between a
DIGIPASS and the IDENTIKEY Authentication Server during login. This only
applies to event-based DIGIPASS Applications. It always applies when verifying a
one-time password, but for Signature validation, it depends on the Online Sig-
nature Level setting whether the Event Window is used or not.
Default value: 20
Integer This is the default period (in days) between Auto-Assignment of a
DIGIPASS authenticator and the date for users to start using their authenticator
to log in (if applicable).
String Specifies whether and how the Windows Group Check feature is to be used.
Supported values:
n Default
n No Check
n Pass Back
n Reject
n Back-End
String List of the names of the Windows Groups to be checked according to the spe-
cified value for the policy attribute POLICYFLD_GROUP_CHECK_MODE.
There are some important limitations of this check:
n Certain built-in Active Directory groups such as Domain Users and
Everyone will not be checked. The check is intended to be used with
a new group created specifically for this purpose.
n Nested group membership will not be detected by the check.
n There is no Domain qualifier for a group. The named group must be
created in each Domain where User accounts exist that need to be
added to the group.
A local machine group can be used also.
Comma separated list of Windows group names.
Up to 1024 chars.
Integer Specifies the number of consecutive failed authentication attempts allowed
before the DIGIPASS Application is locked from future authentication attempts.
Once the DIGIPASS Application is locked, the DIGIPASSApplCmd_
Unlock command is required to unlock it for further authentication.
Integer Controls the maximum number of time steps' variation allowable between a
DIGIPASS and the IDENTIKEY Authentication Server during login. This only
applies to time-based DIGIPASS Applications when verifying a one-time pass-
word.
Default value: 20
197
 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_LOCAL_AUTH String Specifies whether authentication requests using the policy will be handled by
IDENTIKEY Authentication Server using local authentication.

Supported values:

n Default: the value from the parent policy is used.

n None: no local authentication is performed.
n Digipass Only: the user can only authenticate using their DIGIPASS.
n DIGIPASS/Password: As long as the grace period for the
DIGIPASS authenticator has not expired, the user can use either their
authenticator or their static password to log in. After the grace period
has expired, only authentications with DIGIPASS can be performed.
n DIGIPASS or Password: The user can use both their
DIGIPASS authenticator or their static password for authentication,
independent of the grace period. Use of this authentication mode is
subject to licensing.

POLICYFLD_LOCK_DURATION_ Integer The multiplier factor to increase the lock duration (initial value specified by
MULTIPLIER POLICYFLD_MIN_LOCK_DURATION) after each unsuccessful authen-
tication. The value is given in percent. For example, a value of 200 effectively
doubles the lock duration after each unsuccessful authentication.

Applies only if user auto- unlock is enabled, effectively by setting

POLICYFLD_MAX_UNLOCK_TRIES.

Possible values: 100 – 500

POLICYFLD_MAX_UNLOCK_ Integer The maximum number of attempts to unlock a locked DIGIPASS user account
TRIES during authentication (user auto-unlock) before it is permanently locked. A
locked DIGIPASS user account with no unlock attempts left, can only be
unlocked manually by an administrator.

Setting this value to 0 effectively disables user auto-unlock.

Possible values: 0 – 999

POLICYFLD_MIN_APP_ Integer The DIGIPASS Application version number required to parse the request mes-
VERSION sage.

Applies if Secure Channel Signature and Authentication are supported.

Possible values: 0 to 3

POLICYFLD_MIN_LOCK_ Integer The time span a locked DIGIPASS user account remains locked before a user
DURATION can try to authenticate again and unlock it using user auto-unlock. The value is
given in minutes.

Applies only if user auto- unlock is enabled, effectively by setting

POLICYFLD_MAX_UNLOCK_TRIES.

Possible values: 0 – 99999

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 198

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_MODIFY_TIME DateTime Date and time of the last policy object update . Always part of the policy com-
mands output (except the delete operation).

POLICYFLD_MULTI_DP_APPL_ String Determines whether IDENTIKEY Authentication Server should authenticate a

VALIDATION_MODE user if multiple DIGIPASS applications are assigned.

Supported values:

n Default
n Multiple DIGIPASS Applications Allowed
n Single DIGIPASS Applications Alllowed

POLICYFLD_OFFLINE_AUTH_ String
ENABLED

POLICYFLD_OFFLINE_MAX_ Integer
EVENTS

POLICYFLD_OFFLINE_TIME_ Integer
INTERVAL

POLICYFLD_ONE_STEP_ String A check digit may be added to the generated challenge. This allows the
CHAL_CHECKDIGIT DIGIPASS to identify invalid Challenges more quickly.

Supported values:

n Default
n No
n Yes

POLICYFLD_ONE_STEP_ Integer Specifies the length of the challenge (excluding a check digit set in POLICYFLD_
CHAL_LENGTH ONE_STEP_CHAL_CHECKDIGIT) which should be generated for 1-step Chal-
lenge/Response logins.

Possible values: 0 to 16

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 199

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_ONE_STEP_ String Controls whether 1-step Challenge/Response logins will be enabled for the cur-
CHAL_RESP rent Policy and, if so, where the challenge should originate.

IPOLICYFLD_CHECKCHALLENGE must be included and set to 0 in order for this

to work.

Not available in a RADIUS environment.

Supported values:

n Default
n No
n Yes - Server Challenge
n Yes - Any Challenge

POLICYFLD_ONLINESG Integer This setting is for advanced control of Signature validation.

The value 0 can be used for DIGIPASS Applications that are neither time- nor
event-based. This is the inbuilt default value if the setting is not specified at all.

n 0 - The signature is validated in offline mode. This is useful when the

signatures may not be validated in the same sequence as they were
generated by the user. It is also useful when there may be some
delay after the signature is generated by the user, before the sig-
nature is validated.
n 1 - The signature is validated in online mode. This is useful when the
signatures are expected or required to be validated immediately after
they are generated.
n 2 - The signature is validated in strict online mode. This is useful for
time-based signatures when you want to prevent more than one sig-
nature from the same time step from being validated. Otherwise, this
mode is the same as online mode.
n 3 - The signature is validated using the Deferred Event Count. This
mode only applies to event-based signatures. For each signature val-
idation request, the Deferred Event Count must be supplied as a
parameter.

POLICYFLD_PARENT_POLICY_ String Specifies the parent policy. Settings set to Default or left blank will use settings
ID from the parent policy.

Cannot be the same as POLICYFLD_POLICY_ID, i.e. a policy cannot

inherit from itself.

Up to 60 chars.

POLICYFLD_PIN_CHANGE_ String Supported values:

ALLOWED
n Default
n No
n Yes

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 200

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_POLICY_ID String Unique policy identifier.

The following characters are not allowed: /\:;,|'"<>[]&@=+*?#.

Up to 60 chars.

POLICYFLD_PRIMARY_VDP_ String Defines the Keyword that a User must enter to request a Primary Virtual
REQUEST_KEYWORD DIGIPASS login.

Up to 16 chars

May be blank.

POLICYFLD_PRIMARY_VDP_ String The method by which a User has to request a Primary Virtual DIGIPASS login.
REQUEST_METHOD The 'request' is made in the password field during login. The request will be
ignored if the User does not have a Primary Virtual DIGIPASS assigned.

Supported values:

n None
n Default
n Keyword
n Password
n KeywordPassword
n PasswordKeyword

POLICYFLD_ PRIVILEGED_ String Determines whether users who have administrative privileges assigned are
USERS allowed to authenticate or no.

Supported values:

n Default
n Accept
n Reject
n Require

POLICYFLD_RADIUS_ String List of RADIUS protocols which may be used for authentication requests.Only
ALLOWED_PROTOCOLS attributes belonging to the listed groups will be returned via this Policy.

Comma-separated list.

Supported values:

POLICYFLD_RADIUS_REP_ String Flags whether IDENTIKEY Authentication Server should return RADIUS attrib-
ATTR_ENABLED utes from a User account when it returns an Access-Accept.

Supported values:

n Default
n Enabled
n Disabled

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 201

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_RADIUS_REP_ String
ATTR_GROUP_LIST
Comma-separated list of Attribute Groups.

POLICYFLD_RADIUS_ String List of the names of the Windows groups that is to be checked according to the
SESSION_GROUP_LIST specified value for the policy attribute.

Comma-separated list of group names, up to 1024 characters.

POLICYFLD_RADIUS_ 32-bit Unsigned The lifetime of the RADIUS session in seconds.

SESSION_LIFETIME Integer

POLICYFLD_RADIUS_ 32-bit Unsigned

SESSION_TICKET_LIFETIME Integer

POLICYFLD_RADIUS_ 32-bit Unsigned

SESSION_TICKET_REUSE Integer

POLICYFLD_SECOND_OTP_ String
SYNC_ENABLED

POLICYFLD_SECURE_CHAL_ Integer Selects the font table in case of multiple font tables implemented in the
FONT_INDEX DIGIPASS.

Applies if Secure Channel Authentication is supported.

0 to 3

POLICYFLD_SECURE_CHAL_ String If true, the DIGIPASS must verify the PIN before generating the response.
REQ_PIN
Applies if Secure Channel Authentication is supported.

Supported values:

n Default
n No
n Yes

POLICYFLD_SECURE_CHAL_ Integer Selects the template in the DIGIPASS which specifies the layout of a page with
TEMPLATE_NO transaction data.

Applies if Secure Channel Authentication is supported.

0 to 15

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 202

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_SECURE_ String Determines whether DIGIPASS Applications which support Secure Channel
CHANNEL may be used.

Supported values:

n Default
n No
n Yes - Permitted
n Yes - Required

POLICYFLD_SECURE_SIGN_ Integer Selects the font table in case of multiple font tables implemented in the
FONT_INDEX DIGIPASS.

Applies if Secure Channel Signature is supported.

0 to 3

POLICYFLD_SECURE_SIGN_ String If true, the DIGIPASS must verify the PIN before generating the response.
REQ_PIN
Applies if Secure Channel Signature is supported.

Supported values:

n Default
n No
n Yes

POLICYFLD_SECURE_SIGN_ String If true, the response will be displayed on the DIGIPASS.

SHOW_RESPONSE
Applies if Secure Channel Signature is supported.

Supported values:

n Default
n No
n Yes

POLICYFLD_SECURE_SIGN_ String If true, a pre-loaded warning will be shown on the DIGIPASS.

SHOW_WARNING
Applies if Secure Channel Signature is supported.

Supported values:

n Default
n No
n Yes

POLICYFLD_SECURE_SIGN_ Integer Selects the template in the DIGIPASS which specifies the layout of a page with
TEMPLATE_NO transaction data.

Applies if Secure Channel Signature is supported.

0 to 15

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 203

 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_SELF_ASSIGN_ String The character (or short sequence of characters) that will be included at the end
SEPARATOR of the DIGIPASS Serial Number during a Self-Assignmentlogin.

Up to 8 chars.

POLICYFLD_STATIC_PWD_ Integer The static password must be different than the number of previous static pass-
DIFF_TO_PREV words indicated here.

POLICYFLD_STATIC_PWD_ Unsigned Integer The period (in days) before a static password expires and the end user must be
EXPIRATION_NOTIFICATION notified to update their static password. Applies to the local authentication mode
DIGIPASS or Password only.

Default value: 8 days.

Possible values: 0-9999 days. If the value for this field is set to 0, this effectively
means that the Notify before Expiration feature of the static password is not
used.

POLICYFLD_STATIC_PWD_ Unsigned Integer This indicates the maximum amount of time in days during which a static pass-
MAX_AGE word is valid. After this time, the password expires. Applies to the local authen-
tication mode DIGIPASS or Password only.

Default value: 42 days.

Possible values: 0-9999 days. If the value for this field is set to 0, this effectively
means that the Maximum Age feature of the static password is not used.

POLICYFLD_STATIC_PWD_ Unsigned Integer This indicates the minimum amount of time in days a static password must be
MIN_AGE used before it can be changed. Applies to the local authentication mode
DIGIPASS or Password only.

Default value: 1 day.

POLICYFLD_STATIC_PWD_ Integer The minimum number of characters the static password must have.
MIN_LENGTH

POLICYFLD_STATIC_PWD_ Integer The minimum number of lowercase alphabetic characters the static password
MIN_LOWER_ALPHA must have.

POLICYFLD_STATIC_PWD_ Integer The minimum number of numeric characters the static password must have.
MIN_NUMBER

POLICYFLD_STATIC_PWD_ Integer The minimum number of symbolic characters the static password must have.
MIN_SYMBOL

POLICYFLD_STATIC_PWD_ Integer The minimum number of uppercase alphabetic characters the static password
MIN_UPPER_ALPHA must have.

POLICYFLD_STATIC_PWD_ Integer
NOT_USERID_BASED

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 204


Table 252: policyExecute Field Attributes (continued)
Attribute Name
POLICYFLD_STHRESHOLD
POLICYFLD_STIMEWINDOW
POLICYFLD_STORED_
PASSWORD_PROXY
POLICYFLD_SYNCWINDOW
POLICYFLD_USER_INACT_
DAYS
POLICYFLD_USER_INFO_SYNC
POLICYFLD_USER_LOCK_
THRESHOLD
IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference
24. policyExecute
Data Type Description
Integer Specifies the number of consecutive failed Signature validation attempts
allowed before the DIGIPASS Application is set to be locked from future signature
validation attempts. Once the DIGIPASS Application is locked, the
DIGIPASSApplCmd_Unlock command is required to unlock it for further
signature validation.
Integer Controls the maximum number of time steps' variation allowable between a
DIGIPASS and the IDENTIKEY Authentication Server during Digital Signature
verification. This only applies to time-based DIGIPASS Applications when val-
idating a signature. Only used where POLICYFLD_ONLINESG is set to 1 or 2.
Default: 24
String Specifies whether the Stored Password Proxy feature is enabled for the Policy.
Supported values:
n Default
n No
n Yes
Integer Controls the maximum allowed time variation allowable between a DIGIPASS and
the IDENTIKEY Authentication Server, the first time that the DIGIPASS is used.
The time is specified in hours. This Initial Time Window is also used directly after
a Reset Application operation, which can be used if it appears that the internal
clock in the DIGIPASS has drifted too much since the last successful login.
Integer The maximum number of days during which a user must log on again for the
user account to remain valid. If a user does not log on within this period, the
account will be locked.
A locked account can be unlocked using the reset last authentication time com-
mand USERCMD_RESET_LAST_AUTH_TIME.
String Determines whether to set user information when a DIGIPASS user account is
created using DUR with an LDAP back-end server, by synchronizing the data
from the LDAP back-end server to the respective DIGIPASS user account data
fields (DUR user information synchronization).
Supported values:
n Default
n No
n Yes
Integer This indicates the number of consecutive failed login attempts that will cause a
DIGIPASS User account to become Locked.
205
 24. policyExecute

Table 252: policyExecute Field Attributes (continued)

Attribute Name Data Type Description

POLICYFLD_VDP_DELIVERY_ String OTPs may be sent by the Message Delivery Component via SMS or email. This
METHOD setting specifies which is to be used.

Supported values:

n Email
n SMS

POLICYFLD_VDP_MDC_ String The MDC profile to be used for the Virtual DIGIPASS message delivery with the
PROFILE selected delivery method.

POLICYFLD_ VDP_ SIGN_ String This field provides the user specific override of the virtual signature message
DELIVERY_METHOD delivery method as defined in the policy, i.e. it defines how the virtual signature
messages will be delivered to the end user.

Supported values:

n Default
n Email
n Email and Voice
n SMS
n SMS and Email
n SMS and Voice
n Voice

POLICYFLD_VDP_SIGN_ String This field defines if the virtual signature generation is allowed or not.
ENABLED
Supported values:

n Default
n No
n Yes

POLICYFLD_ VDP_ SIGN_ MDC_ String The MDC profile to be used for the virtual signature message delivery with the
PROFILE selected delivery method.

24.1. POLICYCMD_CREATE

The POLICYCMD_CREATE command creates a new policy record.

24.1.1. Parameters

The following attributes can be specified in the policy input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 206

 24. policyExecute

Table 253: POLICYCMD_CREATE Input Parameters

Attribute Name Optionality

POLICYFLD_ACCEPTED_DOMAIN Optional

POLICYFLD_ACT_MSG_VALIDITY Optional

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION Optional

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION Optional

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD Optional

POLICYFLD_APPL_NAMES Optional

POLICYFLD_APPL_TYPE Optional

POLICYFLD_ASSIGN_MODE Optional

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH Optional

POLICYFLD_AUTOLEARN Optional

POLICYFLD_BACKEND_AUTH Optional

POLICYFLD_BACKEND_PROTOCOL_ID Optional

POLICYFLD_BACKUP_VDP_ENABLED Optional

POLICYFLD_BACKUP_VDP_MAX_DAYS Optional

POLICYFLD_BACKUP_VDP_MAX_USES Optional

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD Optional

POLICYFLD_BACKUP_VDP_REQUEST_METHOD Optional

POLICYFLD_CHALLENGE_REQUEST_KEYWORD Optional

POLICYFLD_CHALLENGE_REQUEST_METHOD Optional

POLICYFLD_CHECKCHALLENGE Optional

POLICYFLD_CHG_WIN_PWD_ENABLED Optional

POLICYFLD_CHG_WIN_PWD_LENGTH Optional

POLICYFLD_CHKINACTDAYS Optional

POLICYFLD_CLIENT_GROUP_LIST Optional

POLICYFLD_CLIENT_GROUP_MODE Optional

POLICYFLD_CUSTOM_REQUEST_BODY Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 207

 24. policyExecute

Table 253: POLICYCMD_CREATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_DCR Optional

POLICYFLD_DEFAULT_DOMAIN Optional

POLICYFLD_DELAYED_ACTIVATION_PERIOD Optional

POLICYFLD_DESCRIPTION Optional

POLICYFLD_DIGIPASS_TYPES Optional

POLICYFLD_DP_EXPIRATION_PERIOD Optional

POLICYFLD_DUR Optional

POLICYFLD_EVENTWINDOW Optional

POLICYFLD_GRACE_PERIOD Optional

POLICYFLD_GROUP_CHECK_MODE Optional

POLICYFLD_GROUP_LIST Optional

POLICYFLD_ITHRESHOLD Optional

POLICYFLD_ITIMEWINDOW Optional

POLICYFLD_LOCAL_AUTH Optional

POLICYFLD_LOCK_DURATION_MULTIPLIER Optional

POLICYFLD_MAX_UNLOCK_TRIES Optional

POLICYFLD_MIN_APP_VERSION Optional

POLICYFLD_MIN_LOCK_DURATION Optional

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE Optional

POLICYFLD_OFFLINE_AUTH_ENABLED Optional

POLICYFLD_OFFLINE_MAX_EVENTS Optional

POLICYFLD_OFFLINE_TIME_INTERVAL Optional

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT Optional

POLICYFLD_ONE_STEP_CHAL_LENGTH Optional

POLICYFLD_ONE_STEP_CHAL_RESP Optional

POLICYFLD_ONLINESG Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 208

 24. policyExecute

Table 253: POLICYCMD_CREATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_PARENT_POLICY_ID Optional

POLICYFLD_PIN_CHANGE_ALLOWED Optional

POLICYFLD_POLICY_ID Mandatory

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD Optional

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD Optional

POLICYFLD_PRIVILEGED_USERS Optional

POLICYFLD_RADIUS_ALLOWED PROTOCOLS Optional

POLICYFLD_RADIUS_REP_ATTR_ENABLED Optional

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST Optional

POLICYFLD_RADIUS_SESSION_GROUP_LIST Optional

POLICYFLD_RADIUS_SESSION_LIFETIME Optional

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME Optional

POLICYFLD_RADIUS_SESSION_TICKET_REUSE Optional

POLICYFLD_SECOND_OTP_SYNC_ENABLED Optional

POLICYFLD_SECURE_CHAL_FONT_INDEX Optional

POLICYFLD_SECURE_CHAL_REQ_PIN Optional

POLICYFLD_SECURE_CHAL_TEMPLATE_NO Optional

POLICYFLD_SECURE_CHANNEL Optional

POLICYFLD_SECURE_SIGN_FONT_INDEX Optional

POLICYFLD_SECURE_SIGN_REQ_PIN Optional

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE Optional

POLICYFLD_SECURE_SIGN_SHOW_WARNING Optional

POLICYFLD_SECURE_SIGN_TEMPLATE_NO Optional

POLICYFLD_SELF_ASSIGN_SEPARATOR Optional

POLICYFLD_STATIC_PWD_DIFF_TO_PREV Optional

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 209

 24. policyExecute

Table 253: POLICYCMD_CREATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_STATIC_PWD_MAX_AGE Optional

POLICYFLD_STATIC_PWD_MIN_AGE Optional

POLICYFLD_STATIC_PWD_MIN_LENGTH Optional

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA Optional

POLICYFLD_STATIC_PWD_MIN_NUMBER Optional

POLICYFLD_STATIC_PWD_MIN_SYMBOL Optional

POLICYFLD_STATIC_PWD_NOT_USERID_BASED Optional

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA Optional

POLICYFLD_STHRESHOLD Optional

POLICYFLD_STIMEWINDOW Optional

POLICYFLD_STORED_PASSWORD_PROXY Optional

POLICYFLD_SYNCWINDOW Optional

POLICYFLD_USER_INACT_DAYS Optional

POLICYFLD_USER_INFO_SYNC Optional

POLICYFLD_USER_LOCK_THRESHOLD Optional

POLICYFLD_VDP_DELIVERY_METHOD Optional

POLICYFLD_VDP_MDC_PROFILE Optional

POLICYFLD_VDP_SIGN_DELIVERY_METHOD Optional

POLICYFLD_VDP_SIGN_ENABLED Optional

POLICYFLD_VDP_SIGN_MDC_PROFILE Optional

The following policy attributes will be specified in the results output parameter of this command:

Table 254: POLICYCMD_CREATE Output Parameters

Attribute Name Returned?

POLICYFLD_ACCEPTED_DOMAIN If defined

POLICYFLD_ACT_MSG_VALIDITY If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 210

 24. policyExecute

Table 254: POLICYCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD If defined

POLICYFLD_APPL_NAMES If defined

POLICYFLD_APPL_TYPE If defined

POLICYFLD_ASSIGN_MODE If defined

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH If defined

POLICYFLD_AUTOLEARN If defined

POLICYFLD_BACKEND_AUTH If defined

POLICYFLD_BACKEND_PROTOCOL_ID If defined

POLICYFLD_BACKUP_VDP_ENABLED If defined

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD If defined

POLICYFLD_BACKUP_VDP_REQUEST_METHOD If defined

POLICYFLD_CHALLENGE_REQUEST_KEYWORD If defined

POLICYFLD_CHALLENGE_REQUEST_METHOD If defined

POLICYFLD_CHECKCHALLENGE If defined

POLICYFLD_CHG_WIN_PWD_ENABLED If defined

POLICYFLD_CHG_WIN_PWD_LENGTH If defined

POLICYFLD_CHKINACTDAYS If defined

POLICYFLD_CLIENT_GROUP_LIST If defined

POLICYFLD_CLIENT_GROUP_MODE If defined

POLICYFLD_CREATE_TIME Always

POLICYFLD_CUSTOM_REQUEST_BODY If defined

POLICYFLD_DCR If defined

POLICYFLD_DEFAULT_DOMAIN If defined

POLICYFLD_DELAYED_ACTIVATION_PERIOD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 211

 24. policyExecute

Table 254: POLICYCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_DESCRIPTION If defined

POLICYFLD_DIGIPASS_TYPES If defined

POLICYFLD_DP_EXPIRATION_PERIOD If defined

POLICYFLD_DUR If defined

POLICYFLD_EVENTWINDOW If defined

POLICYFLD_GRACE_PERIOD If defined

POLICYFLD_GROUP_CHECK_MODE If defined

POLICYFLD_GROUP_LIST If defined

POLICYFLD_ITHRESHOLD If defined

POLICYFLD_ITIMEWINDOW If defined

POLICYFLD_LOCAL_AUTH If defined

POLICYFLD_LOCK_DURATION_MULTIPLIER If defined

POLICYFLD_MAX_UNLOCK_TRIES If defined

POLICYFLD_MIN_APP_VERSION If defined

POLICYFLD_MIN_LOCK_DURATION If defined

POLICYFLD_MODIFY_TIME Always

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE If defined

POLICYFLD_OFFLINE_AUTH_ENABLED If defined

POLICYFLD_OFFLINE_MAX_EVENTS If defined

POLICYFLD_OFFLINE_TIME_INTERVAL If defined

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT If defined

POLICYFLD_ONE_STEP_CHAL_LENGTH If defined

POLICYFLD_ONE_STEP_CHAL_RESP If defined

POLICYFLD_ONLINESG If defined

POLICYFLD_PARENT_POLICY_ID If defined

POLICYFLD_PIN_CHANGE_ALLOWED If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 212

 24. policyExecute

Table 254: POLICYCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_POLICY_ID Always

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD If defined

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD If defined

POLICYFLD_PRIVILEGED_USERS If defined

POLICYFLD_RADIUS_ALLOWED PROTOCOLS If defined

POLICYFLD_RADIUS_REP_ATTR_ENABLED If defined

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_REUSE If defined

POLICYFLD_SECOND_OTP_SYNC_ENABLED If defined

POLICYFLD_SECURE_CHAL_FONT_INDEX If defined

POLICYFLD_SECURE_CHAL_REQ_PIN If defined

POLICYFLD_SECURE_CHAL_TEMPLATE_NO If defined

POLICYFLD_SECURE_CHANNEL If defined

POLICYFLD_SECURE_SIGN_FONT_INDEX If defined

POLICYFLD_SECURE_SIGN_REQ_PIN If defined

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE If defined

POLICYFLD_SECURE_SIGN_SHOW_WARNING If defined

POLICYFLD_SECURE_SIGN_TEMPLATE_NO If defined

POLICYFLD_SELF_ASSIGN_SEPARATOR If defined

POLICYFLD_STATIC_PWD_DIFF_TO_PREV If defined

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION If defined

POLICYFLD_STATIC_PWD_MAX_AGE If defined

POLICYFLD_STATIC_PWD_MIN_AGE If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 213

 24. policyExecute

Table 254: POLICYCMD_CREATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_STATIC_PWD_MIN_LENGTH If defined

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA If defined

POLICYFLD_STATIC_PWD_MIN_NUMBER If defined

POLICYFLD_STATIC_PWD_MIN_SYMBOL If defined

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA If defined

POLICYFLD_STATIC_PWD_NOT_USERID_BASED If defined

POLICYFLD_STHRESHOLD If defined

POLICYFLD_STIMEWINDOW If defined

POLICYFLD_STORED_PASSWORD_PROXY If defined

POLICYFLD_SYNCWINDOW If defined

POLICYFLD_USER_INACT_DAYS If defined

POLICYFLD_USER_INFO_SYNC If defined

POLICYFLD_USER_LOCK_THRESHOLD If defined

POLICYFLD_VDP_DELIVERY_METHOD If defined

POLICYFLD_VDP_MAX_DAYS If defined

POLICYFLD_VDP_MAX_USES If defined

POLICYFLD_VDP_MDC_PROFILE If defined

POLICYFLD_VDP_SIGN_DELIVERY_METHOD If defined

POLICYFLD_VDP_SIGN_ENABLED If defined

POLICYFLD_VDP_SIGN_MDC_PROFILE If defined

24.1.2. Requirements

Required administrative privileges:

n Create Policy

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 214

 24. policyExecute

24.2. POLICYCMD_VIEW

The POLICYCMD_VIEW command returns the settings for a particular policy.

24.2.1. Parameters

The following attributes can be specified in the policy input parameter of this command:

Table 255: POLICYCMD_VIEW Input Parameters

Attribute Name Optionality

POLICYFLD_PARENT_POLICY_ID Optional

POLICYFLD_POLICY_ID Mandatory

POLICYFLD_RADIUS_REP_ATTR_ENABLED Optional

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST Optional

The following policy attributes will be specified in the results output parameter of this command:

Table 256: POLICYCMD_VIEW Output Parameters

Attribute Name Returned?

POLICYFLD_ACCEPTED_DOMAIN If defined

POLICYFLD_ACT_MSG_VALIDITY If defined

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD If defined

POLICYFLD_APPL_NAMES If defined

POLICYFLD_APPL_TYPE If defined

POLICYFLD_ASSIGN_MODE If defined

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH If defined

POLICYFLD_AUTOLEARN If defined

POLICYFLD_BACKEND_AUTH If defined

POLICYFLD_BACKEND_PROTOCOL_ID If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 215

 24. policyExecute

Table 256: POLICYCMD_VIEW Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_BACKUP_VDP_ENABLED If defined

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD If defined

POLICYFLD_BACKUP_VDP_REQUEST_METHOD If defined

POLICYFLD_CHALLENGE_REQUEST_KEYWORD If defined

POLICYFLD_CHALLENGE_REQUEST_METHOD If defined

POLICYFLD_CHECKCHALLENGE If defined

POLICYFLD_CHG_WIN_PWD_ENABLED If defined

POLICYFLD_CHG_WIN_PWD_LENGTH If defined

POLICYFLD_CHKINACTDAYS If defined

POLICYFLD_CLIENT_GROUP_LIST If defined

POLICYFLD_CLIENT_GROUP_MODE If defined

POLICYFLD_CREATE_TIME Always

POLICYFLD_CUSTOM_REQUEST_BODY If defined

POLICYFLD_DCR If defined

POLICYFLD_DEFAULT_DOMAIN If defined

POLICYFLD_DELAYED_ACTIVATION_PERIOD If defined

POLICYFLD_DESCRIPTION If defined

POLICYFLD_DIGIPASS_TYPES If defined

POLICYFLD_DP_EXPIRATION_PERIOD If defined

POLICYFLD_DUR If defined

POLICYFLD_EVENTWINDOW If defined

POLICYFLD_GRACE_PERIOD If defined

POLICYFLD_GROUP_CHECK_MODE If defined

POLICYFLD_GROUP_LIST If defined

POLICYFLD_ITHRESHOLD If defined

POLICYFLD_ITIMEWINDOW If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 216

 24. policyExecute

Table 256: POLICYCMD_VIEW Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_LOCAL_AUTH If defined

POLICYFLD_LOCK_DURATION_MULTIPLIER If defined

POLICYFLD_MAX_UNLOCK_TRIES If defined

POLICYFLD_MIN_APP_VERSION If defined

POLICYFLD_MIN_LOCK_DURATION If defined

POLICYFLD_MODIFY_TIME Always

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE If defined

POLICYFLD_OFFLINE_AUTH_ENABLED If defined

POLICYFLD_OFFLINE_MAX_EVENTS If defined

POLICYFLD_OFFLINE_TIME_INTERVAL If defined

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT If defined

POLICYFLD_ONE_STEP_CHAL_LENGTH If defined

POLICYFLD_ONE_STEP_CHAL_RESP If defined

POLICYFLD_ONLINESG If defined

POLICYFLD_PARENT_POLICY_ID If defined

POLICYFLD_PIN_CHANGE_ALLOWED If defined

POLICYFLD_POLICY_ID Always

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD If defined

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD If defined

POLICYFLD_PRIVILEGED_USERS If defined

POLICYFLD_RADIUS_ALLOWED PROTOCOLS If defined

POLICYFLD_RADIUS_REP_ATTR_ENABLED If defined

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 217

 24. policyExecute

Table 256: POLICYCMD_VIEW Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_RADIUS_SESSION_TICKET_REUSE If defined

POLICYFLD_SECOND_OTP_SYNC_ENABLED If defined

POLICYFLD_SECURE_CHAL_FONT_INDEX If defined

POLICYFLD_SECURE_CHAL_REQ_PIN If defined

POLICYFLD_SECURE_CHAL_TEMPLATE_NO If defined

POLICYFLD_SECURE_CHANNEL If defined

POLICYFLD_SECURE_SIGN_FONT_INDEX If defined

POLICYFLD_SECURE_SIGN_REQ_PIN If defined

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE If defined

POLICYFLD_SECURE_SIGN_SHOW_WARNING If defined

POLICYFLD_SECURE_SIGN_TEMPLATE_NO If defined

POLICYFLD_SELF_ASSIGN_SEPARATOR If defined

POLICYFLD_STATIC_PWD_DIFF_TO_PREV If defined

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION If defined

POLICYFLD_STATIC_PWD_MAX_AGE If defined

POLICYFLD_STATIC_PWD_MIN_AGE If defined

POLICYFLD_STATIC_PWD_MIN_LENGTH If defined

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA If defined

POLICYFLD_STATIC_PWD_MIN_NUMBER If defined

POLICYFLD_STATIC_PWD_MIN_SYMBOL If defined

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA If defined

POLICYFLD_STATIC_PWD_NOT_USERID_BASED If defined

POLICYFLD_STHRESHOLD If defined

POLICYFLD_STIMEWINDOW If defined

POLICYFLD_STORED_PASSWORD_PROXY If defined

POLICYFLD_SYNCWINDOW If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 218

 24. policyExecute

Table 256: POLICYCMD_VIEW Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_USER_INACT_DAYS If defined

POLICYFLD_USER_INFO_SYNC If defined

POLICYFLD_USER_LOCK_THRESHOLD If defined

POLICYFLD_VDP_DELIVERY_METHOD If defined

POLICYFLD_VDP_MAX_DAYS If defined

POLICYFLD_VDP_MAX_USES If defined

POLICYFLD_VDP_MDC_PROFILE If defined

POLICYFLD_VDP_SIGN_DELIVERY_METHOD If defined

POLICYFLD_VDP_SIGN_ENABLED If defined

POLICYFLD_VDP_SIGN_MDC_PROFILE If defined

24.2.2. Requirements

Required administrative privileges:

n View Policy

24.3. POLICYCMD_UPDATE

POLICYCMD_UPDATE modifies an existing policy record.

24.3.1. Parameters

The following attributes can be specified in the policy input parameter of this command:

Table 257: POLICYCMD_UPDATE Input Parameters

Attribute Name Optionality

POLICYFLD_ACCEPTED_DOMAIN Optional

POLICYFLD_ACT_MSG_VALIDITY Optional

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 219

 24. policyExecute

Table 257: POLICYCMD_UPDATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION Optional

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD Optional

POLICYFLD_APPL_NAMES Optional

POLICYFLD_APPL_TYPE Optional

POLICYFLD_ASSIGN_MODE Optional

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH Optional

POLICYFLD_AUTOLEARN Optional

POLICYFLD_BACKEND_AUTH Optional

POLICYFLD_BACKEND_PROTOCOL_ID Optional

POLICYFLD_BACKUP_VDP_ENABLED Optional

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD Optional

POLICYFLD_BACKUP_VDP_REQUEST_METHOD Optional

POLICYFLD_CHALLENGE_REQUEST_KEYWORD Optional

POLICYFLD_CHALLENGE_REQUEST_METHOD Optional

POLICYFLD_CHECKCHALLENGE Optional

POLICYFLD_CHG_WIN_PWD_ENABLED Optional

POLICYFLD_CHG_WIN_PWD_LENGTH Optional

POLICYFLD_CHKINACTDAYS Optional

POLICYFLD_CLIENT_GROUP_LIST Optional

POLICYFLD_CLIENT_GROUP_MODE Optional

POLICYFLD_CUSTOM_REQUEST_BODY Optional

POLICYFLD_DCR Optional

POLICYFLD_DEFAULT_DOMAIN Optional

POLICYFLD_DELAYED_ACTIVATION_PERIOD Optional

POLICYFLD_DESCRIPTION Optional

POLICYFLD_DIGIPASS_TYPES Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 220

 24. policyExecute

Table 257: POLICYCMD_UPDATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_DP_EXPIRATION_PERIOD Optional

POLICYFLD_DUR Optional

POLICYFLD_EVENTWINDOW Optional

POLICYFLD_GRACE_PERIOD Optional

POLICYFLD_GROUP_CHECK_MODE Optional

POLICYFLD_GROUP_LIST Optional

POLICYFLD_ITHRESHOLD Optional

POLICYFLD_ITIMEWINDOW Optional

POLICYFLD_LOCAL_AUTH Optional

POLICYFLD_LOCK_DURATION_MULTIPLIER Optional

POLICYFLD_MAX_UNLOCK_TRIES Optional

POLICYFLD_MIN_APP_VERSION Optional

POLICYFLD_MIN_LOCK_DURATION Optional

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE Optional

POLICYFLD_OFFLINE_AUTH_ENABLED Optional

POLICYFLD_OFFLINE_MAX_EVENTS Optional

POLICYFLD_OFFLINE_TIME_INTERVAL Optional

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT Optional

POLICYFLD_ONE_STEP_CHAL_LENGTH Optional

POLICYFLD_ONE_STEP_CHAL_RESP Optional

POLICYFLD_ONLINESG Optional

POLICYFLD_PARENT_POLICY_ID Optional

POLICYFLD_PIN_CHANGE_ALLOWED Optional

POLICYFLD_POLICY_ID Mandatory

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD Optional

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 221

 24. policyExecute

Table 257: POLICYCMD_UPDATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_PRIVILEGED_USERS Optional

POLICYFLD_RADIUS_ALLOWED PROTOCOLS Optional

POLICYFLD_RADIUS_REP_ATTR_ENABLED Optional

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST Optional

POLICYFLD_RADIUS_SESSION_GROUP_LIST Optional

POLICYFLD_RADIUS_SESSION_LIFETIME Optional

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME Optional

POLICYFLD_RADIUS_SESSION_TICKET_REUSE Optional

POLICYFLD_SECOND_OTP_SYNC_ENABLED Optional

POLICYFLD_SECURE_CHAL_FONT_INDEX Optional

POLICYFLD_SECURE_CHAL_REQ_PIN Optional

POLICYFLD_SECURE_CHAL_TEMPLATE_NO Optional

POLICYFLD_SECURE_CHANNEL Optional

POLICYFLD_SECURE_SIGN_FONT_INDEX Optional

POLICYFLD_SECURE_SIGN_REQ_PIN Optional

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE Optional

POLICYFLD_SECURE_SIGN_SHOW_WARNING Optional

POLICYFLD_SECURE_SIGN_TEMPLATE_NO Optional

POLICYFLD_SELF_ASSIGN_SEPARATOR Optional

POLICYFLD_STATIC_PWD_DIFF_TO_PREV Optional

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION Optional

POLICYFLD_STATIC_PWD_MAX_AGE Optional

POLICYFLD_STATIC_PWD_MIN_AGE Optional

POLICYFLD_STATIC_PWD_MIN_LENGTH Optional

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA Optional

POLICYFLD_STATIC_PWD_MIN_NUMBER Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 222

 24. policyExecute

Table 257: POLICYCMD_UPDATE Input Parameters (continued)

Attribute Name Optionality

POLICYFLD_STATIC_PWD_MIN_SYMBOL Optional

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA Optional

POLICYFLD_STATIC_PWD_NOT_USERID_BASED Optional

POLICYFLD_STHRESHOLD Optional

POLICYFLD_STIMEWINDOW Optional

POLICYFLD_STORED_PASSWORD_PROXY Optional

POLICYFLD_SYNCWINDOW Optional

POLICYFLD_USER_INACT_DAYS Optional

POLICYFLD_USER_INFO_SYNC Optional

POLICYFLD_USER_LOCK_THRESHOLD Optional

POLICYFLD_VDP_DELIVERY_METHOD Optional

POLICYFLD_VDP_MAX_DAYS Optional

POLICYFLD_VDP_MAX_USES Optional

POLICYFLD_VDP_MDC_PROFILE Optional

POLICYFLD_VDP_SIGN_DELIVERY_METHOD Optional

POLICYFLD_VDP_SIGN_ENABLED Optional

POLICYFLD_VDP_SIGN_MDC_PROFILE Optional

The following policy attributes will be specified in the results output parameter of this command:

Table 258: POLICYCMD_UPDATE Output Parameters

Attribute Name Returned?

POLICYFLD_ACCEPTED_DOMAIN If defined

POLICYFLD_ACT_MSG_VALIDITY If defined

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 223

 24. policyExecute

Table 258: POLICYCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_APPL_NAMES If defined

POLICYFLD_APPL_TYPE If defined

POLICYFLD_ASSIGN_MODE If defined

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH If defined

POLICYFLD_AUTOLEARN If defined

POLICYFLD_BACKEND_AUTH If defined

POLICYFLD_BACKEND_PROTOCOL_ID If defined

POLICYFLD_BACKUP_VDP_ENABLED If defined

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD If defined

POLICYFLD_BACKUP_VDP_REQUEST_METHOD If defined

POLICYFLD_CHALLENGE_REQUEST_KEYWORD If defined

POLICYFLD_CHALLENGE_REQUEST_METHOD If defined

POLICYFLD_CHECKCHALLENGE If defined

POLICYFLD_CHG_WIN_PWD_ENABLED If defined

POLICYFLD_CHG_WIN_PWD_LENGTH If defined

POLICYFLD_CHKINACTDAYS If defined

POLICYFLD_CLIENT_GROUP_LIST If defined

POLICYFLD_CLIENT_GROUP_MODE If defined

POLICYFLD_CREATE_TIME Always

POLICYFLD_CUSTOM_REQUEST_BODY If defined

POLICYFLD_DCR If defined

POLICYFLD_DEFAULT_DOMAIN If defined

POLICYFLD_DELAYED_ACTIVATION_PERIOD If defined

POLICYFLD_DESCRIPTION If defined

POLICYFLD_DIGIPASS_TYPES If defined

POLICYFLD_DP_EXPIRATION_PERIOD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 224

 24. policyExecute

Table 258: POLICYCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_DUR If defined

POLICYFLD_EVENTWINDOW If defined

POLICYFLD_GRACE_PERIOD If defined

POLICYFLD_GROUP_CHECK_MODE If defined

POLICYFLD_GROUP_LIST If defined

POLICYFLD_ITHRESHOLD If defined

POLICYFLD_ITIMEWINDOW If defined

POLICYFLD_LOCAL_AUTH If defined

POLICYFLD_LOCK_DURATION_MULTIPLIER If defined

POLICYFLD_MAX_UNLOCK_TRIES If defined

POLICYFLD_MIN_APP_VERSION If defined

POLICYFLD_MIN_LOCK_DURATION If defined

POLICYFLD_MODIFY_TIME Always

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE If defined

POLICYFLD_OFFLINE_AUTH_ENABLED If defined

POLICYFLD_OFFLINE_MAX_EVENTS If defined

POLICYFLD_OFFLINE_TIME_INTERVAL If defined

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT If defined

POLICYFLD_ONE_STEP_CHAL_LENGTH If defined

POLICYFLD_ONE_STEP_CHAL_RESP If defined

POLICYFLD_ONLINESG If defined

POLICYFLD_PARENT_POLICY_ID If defined

POLICYFLD_PIN_CHANGE_ALLOWED If defined

POLICYFLD_POLICY_ID Always

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD If defined

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 225

 24. policyExecute

Table 258: POLICYCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_PRIVILEGED_USERS If defined

POLICYFLD_RADIUS_ALLOWED PROTOCOLS If defined

POLICYFLD_RADIUS_REP_ATTR_ENABLED If defined

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_REUSE If defined

POLICYFLD_SECOND_OTP_SYNC_ENABLED If defined

POLICYFLD_SECURE_CHAL_FONT_INDEX If defined

POLICYFLD_SECURE_CHAL_REQ_PIN If defined

POLICYFLD_SECURE_CHAL_TEMPLATE_NO If defined

POLICYFLD_SECURE_CHANNEL If defined

POLICYFLD_SECURE_SIGN_FONT_INDEX If defined

POLICYFLD_SECURE_SIGN_REQ_PIN If defined

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE If defined

POLICYFLD_SECURE_SIGN_SHOW_WARNING If defined

POLICYFLD_SECURE_SIGN_TEMPLATE_NO If defined

POLICYFLD_SELF_ASSIGN_SEPARATOR If defined

POLICYFLD_STATIC_PWD_DIFF_TO_PREV If defined

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION If defined

POLICYFLD_STATIC_PWD_MAX_AGE If defined

POLICYFLD_STATIC_PWD_MIN_AGE If defined

POLICYFLD_STATIC_PWD_MIN_LENGTH If defined

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA If defined

POLICYFLD_STATIC_PWD_MIN_NUMBER If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 226

 24. policyExecute

Table 258: POLICYCMD_UPDATE Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_STATIC_PWD_MIN_SYMBOL If defined

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA If defined

POLICYFLD_STATIC_PWD_NOT_USERID_BASED If defined

POLICYFLD_STHRESHOLD If defined

POLICYFLD_STIMEWINDOW If defined

POLICYFLD_STORED_PASSWORD_PROXY If defined

POLICYFLD_SYNCWINDOW If defined

POLICYFLD_USER_INACT_DAYS If defined

POLICYFLD_USER_INFO_SYNC If defined

POLICYFLD_USER_LOCK_THRESHOLD If defined

POLICYFLD_VDP_DELIVERY_METHOD If defined

POLICYFLD_VDP_MAX_DAYS If defined

POLICYFLD_VDP_MAX_USES If defined

POLICYFLD_VDP_MDC_PROFILE If defined

POLICYFLD_VDP_SIGN_DELIVERY_METHOD If defined

POLICYFLD_VDP_SIGN_ENABLED If defined

POLICYFLD_VDP_SIGN_MDC_PROFILE If defined

24.3.2. Requirements

Required administrative privileges:

n Update Policy

24.4. POLICYCMD_DELETE

Only the POLICYFLD_POLICY_ID attribute can be specified in the policy attribute set input parameter of this
command. This attribute is mandatory.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 227

 24. policyExecute

24.5. POLICYCMD_GET_EFFECTIVE_POLICY

POLICYCMD_ GET_ EFFECTIVE_ POLICY returns all effective settings for a specific policy, taking into
account all settings from parent policies wherever the default option is used.

24.5.1. Parameters

The following attributes can be specified in the policy input parameter of this command:

Table 259: POLICYCMD_GET_EFFECTIVE_POLICY Input Parameters

Attribute Name Optionality

POLICYFLD_PARENT_POLICY_ID Optional

POLICYFLD_POLICY_ID Mandatory

The following policy attributes will be specified in the results output parameter of this command:

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters

Attribute Name Returned?

POLICYFLD_ACCEPTED_DOMAIN If defined

POLICYFLD_ACT_MSG_VALIDITY Always

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION Always

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION Always

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD Always

POLICYFLD_APPL_NAMES If defined

POLICYFLD_APPL_TYPE If defined

POLICYFLD_ASSIGN_MODE If defined

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH If defined

POLICYFLD_AUTOLEARN If defined

POLICYFLD_BACKEND_AUTH If defined

POLICYFLD_BACKEND_PROTOCOL_ID If defined

POLICYFLD_BACKUP_VDP_ENABLED If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 228

 24. policyExecute

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD If defined

POLICYFLD_BACKUP_VDP_REQUEST_METHOD If defined

POLICYFLD_CHALLENGE_REQUEST_KEYWORD If defined

POLICYFLD_CHALLENGE_REQUEST_METHOD If defined

POLICYFLD_CHECKCHALLENGE If defined

POLICYFLD_CHG_WIN_PWD_ENABLED If defined

POLICYFLD_CHG_WIN_PWD_LENGTH If defined

POLICYFLD_CHKINACTDAYS If defined

POLICYFLD_CLIENT_GROUP_LIST If defined

POLICYFLD_CLIENT_GROUP_MODE If defined

POLICYFLD_CREATE_TIME Always

POLICYFLD_CUSTOM_REQUEST_BODY Always

POLICYFLD_DCR If defined

POLICYFLD_DEFAULT_DOMAIN If defined

POLICYFLD_DELAYED_ACTIVATION_PERIOD If defined

POLICYFLD_DESCRIPTION If defined

POLICYFLD_DIGIPASS_TYPES If defined

POLICYFLD_DP_EXPIRATION_PERIOD If defined

POLICYFLD_DUR If defined

POLICYFLD_EVENTWINDOW If defined

POLICYFLD_GRACE_PERIOD If defined

POLICYFLD_GROUP_CHECK_MODE If defined

POLICYFLD_GROUP_LIST If defined

POLICYFLD_ITHRESHOLD If defined

POLICYFLD_ITIMEWINDOW If defined

POLICYFLD_LOCAL_AUTH If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 229

 24. policyExecute

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_LOCK_DURATION_MULTIPLIER Always

POLICYFLD_MAX_UNLOCK_TRIES Always

POLICYFLD_MIN_APP_VERSION Always

POLICYFLD_MIN_LOCK_DURATION Always

POLICYFLD_MODIFY_TIME Always

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE If defined

POLICYFLD_OFFLINE_AUTH_ENABLED If defined

POLICYFLD_OFFLINE_MAX_EVENTS If defined

POLICYFLD_OFFLINE_TIME_INTERVAL If defined

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT If defined

POLICYFLD_ONE_STEP_CHAL_LENGTH If defined

POLICYFLD_ONE_STEP_CHAL_RESP If defined

POLICYFLD_ONLINESG If defined

POLICYFLD_PARENT_POLICY_ID If defined

POLICYFLD_PIN_CHANGE_ALLOWED If defined

POLICYFLD_POLICY_ID Always

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD If defined

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD If defined

POLICYFLD_PRIVILEGED_USERS If defined

POLICYFLD_RADIUS_ALLOWED PROTOCOLS If defined

POLICYFLD_RADIUS_SESSION_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_REUSE If defined

POLICYFLD_SECOND_OTP_SYNC_ENABLED If defined

POLICYFLD_SECURE_CHAL_FONT_INDEX Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 230

 24. policyExecute

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_SECURE_CHAL_REQ_PIN Always

POLICYFLD_SECURE_CHAL_TEMPLATE_NO Always

POLICYFLD_SECURE_CHANNEL Always

POLICYFLD_SECURE_SIGN_FONT_INDEX Always

POLICYFLD_SECURE_SIGN_REQ_PIN Always

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE Always

POLICYFLD_SECURE_SIGN_SHOW_WARNING Always

POLICYFLD_SECURE_SIGN_TEMPLATE_NO Always

POLICYFLD_SELF_ASSIGN_SEPARATOR If defined

POLICYFLD_STATIC_PWD_DIFF_TO_PREV If defined

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION Always

POLICYFLD_STATIC_PWD_MAX_AGE Always

POLICYFLD_STATIC_PWD_MIN_AGE Always

POLICYFLD_STATIC_PWD_MIN_LENGTH If defined

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA If defined

POLICYFLD_STATIC_PWD_MIN_NUMBER If defined

POLICYFLD_STATIC_PWD_MIN_SYMBOL If defined

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA If defined

POLICYFLD_STATIC_PWD_NOT_USERID_BASED If defined

POLICYFLD_STHRESHOLD If defined

POLICYFLD_STIMEWINDOW If defined

POLICYFLD_STORED_PASSWORD_PROXY If defined

POLICYFLD_SYNCWINDOW If defined

POLICYFLD_USER_INACT_DAYS If defined

POLICYFLD_USER_INFO_SYNC Always

POLICYFLD_USER_LOCK_THRESHOLD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 231

 24. policyExecute

Table 260: POLICYCMD_GET_EFFECTIVE_POLICY Output Parameters (continued)

Attribute Name Returned?

POLICYFLD_VDP_DELIVERY_METHOD If defined

POLICYFLD_VDP_MAX_DAYS If defined

POLICYFLD_VDP_MAX_USES If defined

POLICYFLD_VDP_MDC_PROFILE If defined

POLICYFLD_VDP_SIGN_DELIVERY_METHOD If defined

POLICYFLD_VDP_SIGN_ENABLED If defined

POLICYFLD_VDP_SIGN_MDC_PROFILE If defined

24.5.2. Requirements

Required administrative privileges:

n View Policy

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 232

 25. policyQuery

25. policyQuery
The policyQuery command queries policies matching specified search criteria.

25.1. Parameters

Table 261: policyQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current administrative session. The logon
command returns this identifier after a successful logon (see 5.1. logon).

attributeSet PolicyAttributeSet Mandatory Specifies the user query search criteria (see 25.1.1. PolicyAttributeSet).

If you submit an empty attribute set, all records are returned.

fieldSet PolicyFieldSet Optional Specifies the policy attribute fields to be returned for all the policy records
matching the search criteria (see 25.1.2. PolicyFieldSet).

If fieldSet is omitted, all possible output parameters are returned. If a

policy attribute field is not set in the database, it is not returned for that spe-
cific policy record.

queryOptions PolicyQueryOptions Optional Options to determine what results should be returned (see 25.1.3. Poli-
cyQueryOptions).

Table 262: policyQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

results PolicyQueryResults Mandatory

25.1.1. PolicyAttributeSet

The policy attributes specified in this attribute set define the search criteria. If you submit an empty attribute set,
all records are returned.

Search fields are interpreted as follows:

n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as the SQL
LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical OR of
the given values.
n Otherwise, the search will be done using the exact match of the given value.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 233

 25. policyQuery

Table 263: PolicyAttributeSet (Data Type)

Element Name Type Description

attributes PolicyAttribute Attributes specifying the policy query search criteria (see Table 264: PolicyAttribute (Data Type)).

Table 264: PolicyAttribute (Data Type)

Element Name Type Description

attributeOptions AttributeOptions Specifies how to handle the attribute value during request processing, where each
option is added as single element to attributeOptions, e.g.:

<negative>true</negative>

Supported values:

n negative. Indicates that the specified user attribute value should NOT be
equal to the one specified.
n null. Indicates that the specified attribute should be handled as zero-value.

value Any The attribute value. The data type has to be specified by setting the xsi:type
XML attribute.

attributeID PolicyAttributeIDEnum The attribute identifier (see Table 265: policyQuery (Supported Input Attributes)).

Table 265: policyQuery (Supported Input Attributes)

Attribute Name Optionality

POLICYFLD_ACCEPTED_DOMAIN Optional

POLICYFLD_ACT_MSG_VALIDITY Optional

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION Optional

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION Optional

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD Optional

POLICYFLD_APPL_NAMES Optional

POLICYFLD_APPL_TYPE Optional

POLICYFLD_ASSIGN_MODE Optional

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH Optional

POLICYFLD_AUTOLEARN Optional

POLICYFLD_BACKEND_AUTH Optional

POLICYFLD_BACKEND_PROTOCOL_ID Optional

POLICYFLD_BACKUP_VDP_ENABLED Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 234

 25. policyQuery

Table 265: policyQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

POLICYFLD_BACKUP_VDP_MAX_DAYS Optional

POLICYFLD_BACKUP_VDP_MAX_USES Optional

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD Optional

POLICYFLD_BACKUP_VDP_REQUEST_METHOD Optional

POLICYFLD_CHALLENGE_REQUEST_KEYWORD Optional

POLICYFLD_CHALLENGE_REQUEST_METHOD Optional

POLICYFLD_CHECKCHALLENGE Optional

POLICYFLD_CHG_WIN_PWD_ENABLED Optional

POLICYFLD_CHG_WIN_PWD_LENGTH Optional

POLICYFLD_CHKINACTDAYS Optional

POLICYFLD_CLIENT_GROUP_LIST Optional

POLICYFLD_CLIENT_GROUP_MODE Optional

POLICYFLD_CREATE_TIME Optional

POLICYFLD_CUSTOM_REQUEST_BODY Optional

POLICYFLD_DCR Optional

POLICYFLD_DEFAULT_DOMAIN Optional

POLICYFLD_DELAYED_ACTIVATION_PERIOD Optional

POLICYFLD_DESCRIPTION Optional

POLICYFLD_DIGIPASS_TYPES Optional

POLICYFLD_DP_EXPIRATION_PERIOD Optional

POLICYFLD_DUR Optional

POLICYFLD_EVENTWINDOW Optional

POLICYFLD_GRACE_PERIOD Optional

POLICYFLD_GROUP_CHECK_MODE Optional

POLICYFLD_GROUP_LIST Optional

POLICYFLD_ITHRESHOLD Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 235

 25. policyQuery

Table 265: policyQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

POLICYFLD_ITIMEWINDOW Optional

POLICYFLD_LOCAL_AUTH Optional

POLICYFLD_LOCK_DURATION_MULTIPLIER Optional

POLICYFLD_MAX_UNLOCK_TRIES Optional

POLICYFLD_MIN_APP_VERSION Optional

POLICYFLD_MIN_LOCK_DURATION Optional

POLICYFLD_MODIFY_TIME Optional

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE Optional

POLICYFLD_OFFLINE_AUTH_ENABLED Optional

POLICYFLD_OFFLINE_MAX_EVENTS Optional

POLICYFLD_OFFLINE_TIME_INTERVAL Optional

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT Optional

POLICYFLD_ONE_STEP_CHAL_LENGTH Optional

POLICYFLD_ONE_STEP_CHAL_RESP Optional

POLICYFLD_ONLINESG Optional

POLICYFLD_PARENT_POLICY_ID Optional

POLICYFLD_PIN_CHANGE_ALLOWED Optional

POLICYFLD_POLICY_ID Optional

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD Optional

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD Optional

POLICYFLD_PRIVILEGED_USERS Optional

POLICYFLD_RADIUS_ALLOWED_PROTOCOLS Optional

POLICYFLD_RADIUS_REP_ATTR_ENABLED Optional

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST Optional

POLICYFLD_RADIUS_SESSION_LIFETIME Optional

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 236

 25. policyQuery

Table 265: policyQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

POLICYFLD_RADIUS_SESSION_TICKET_REUSE Optional

POLICYFLD_SECOND_OTP_SYNC_ENABLED Optional

POLICYFLD_SECURE_CHAL_FONT_INDEX Optional

POLICYFLD_SECURE_CHAL_REQ_PIN Optional

POLICYFLD_SECURE_CHAL_TEMPLATE_NO Optional

POLICYFLD_SECURE_CHANNEL Optional

POLICYFLD_SECURE_SIGN_FONT_INDEX Optional

POLICYFLD_SECURE_SIGN_REQ_PIN Optional

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE Optional

POLICYFLD_SECURE_SIGN_SHOW_WARNING Optional

POLICYFLD_SECURE_SIGN_TEMPLATE_NO Optional

POLICYFLD_SELF_ASSIGN_SEPARATOR Optional

POLICYFLD_STATIC_PWD_DIFF_TO_PREV Optional

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION Optional

POLICYFLD_STATIC_PWD_MAX_AGE Optional

POLICYFLD_STATIC_PWD_MIN_AGE Optional

POLICYFLD_STATIC_PWD_MIN_LENGTH Optional

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA Optional

POLICYFLD_STATIC_PWD_MIN_NUMBER Optional

POLICYFLD_STATIC_PWD_MIN_SYMBOL Optional

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA Optional

POLICYFLD_STATIC_PWD_NOT_USERID_BASED Optional

POLICYFLD_STHRESHOLD Optional

POLICYFLD_STIMEWINDOW Optional

POLICYFLD_STORED_PASSWORD_PROXY Optional

POLICYFLD_SYNCWINDOW Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 237

 25. policyQuery

Table 265: policyQuery (Supported Input Attributes) (continued)

Attribute Name Optionality

POLICYFLD_USER_INACT_DAYS Optional

POLICYFLD_USER_LOCK_THRESHOLD Optional

POLICYFLD_VDP_DELIVERY_METHOD Optional

POLICYFLD_VDP_MDC_PROFILE Optional

POLICYFLD_VDP_SIGN_DELIVERY_METHOD Optional

POLICYFLD_VDP_SIGN_ENABLED Optional

POLICYFLD_VDP_SIGN_MDC_PROFILE Optional

For more information about the specific attributes, refer to Table 252: policyExecute Field Attributes.

25.1.2. PolicyFieldSet

The attributes specified in the fieldSet parameter specify the policy attribute fields the IDENTIKEY Authentic-
ation Server should return for the policy accounts matching the search criteria.

If fieldSet is omitted, all possible output parameters are returned. If an attribute field is not set in the data-
base, it is not returned for that specific record.

Table 266: PolicyFieldSet (Data Type)

Element Name Type Description

attributeID PolicyAttributeIDEnum The identifier of an attribute to return (see Table 267: policyQuery (Supported Output
Attributes)).

Table 267: policyQuery (Supported Output Attributes)

Attribute Name Returned?

POLICYFLD_ACCEPTED_DOMAIN If defined

POLICYFLD_ACT_MSG_VALIDITY If defined

POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION If defined

POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD If defined

POLICYFLD_APPL_NAMES If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 238

 25. policyQuery

Table 267: policyQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

POLICYFLD_APPL_TYPE If defined

POLICYFLD_ASSIGN_MODE If defined

POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH If defined

POLICYFLD_AUTOLEARN If defined

POLICYFLD_BACKEND_AUTH If defined

POLICYFLD_BACKEND_PROTOCOL_ID If defined

POLICYFLD_BACKUP_VDP_ENABLED If defined

POLICYFLD_BACKUP_VDP_MAX_DAYS If defined

POLICYFLD_BACKUP_VDP_MAX_USES If defined

POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD If defined

POLICYFLD_BACKUP_VDP_REQUEST_METHOD If defined

POLICYFLD_CHALLENGE_REQUEST_KEYWORD If defined

POLICYFLD_CHALLENGE_REQUEST_METHOD If defined

POLICYFLD_CHECKCHALLENGE If defined

POLICYFLD_CHG_WIN_PWD_ENABLED If defined

POLICYFLD_CHG_WIN_PWD_LENGTH If defined

POLICYFLD_CHKINACTDAYS If defined

POLICYFLD_CLIENT_GROUP_LIST If defined

POLICYFLD_CLIENT_GROUP_MODE If defined

POLICYFLD_CREATE_TIME If defined

POLICYFLD_CUSTOM_REQUEST_BODY If defined

POLICYFLD_DCR If defined

POLICYFLD_DEFAULT_DOMAIN If defined

POLICYFLD_DELAYED_ACTIVATION_PERIOD If defined

POLICYFLD_DESCRIPTION If defined

POLICYFLD_DIGIPASS_TYPES If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 239

 25. policyQuery

Table 267: policyQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

POLICYFLD_DP_EXPIRATION_PERIOD If defined

POLICYFLD_DUR If defined

POLICYFLD_EVENTWINDOW If defined

POLICYFLD_GRACE_PERIOD If defined

POLICYFLD_GROUP_CHECK_MODE If defined

POLICYFLD_GROUP_LIST If defined

POLICYFLD_ITHRESHOLD If defined

POLICYFLD_ITIMEWINDOW If defined

POLICYFLD_LOCAL_AUTH If defined

POLICYFLD_LOCK_DURATION_MULTIPLIER If defined

POLICYFLD_MAX_UNLOCK_TRIES If defined

POLICYFLD_MIN_APP_VERSION If defined

POLICYFLD_MIN_LOCK_DURATION If defined

POLICYFLD_MODIFY_TIME If defined

POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE If defined

POLICYFLD_OFFLINE_AUTH_ENABLED If defined

POLICYFLD_OFFLINE_MAX_EVENTS If defined

POLICYFLD_OFFLINE_TIME_INTERVAL If defined

POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT If defined

POLICYFLD_ONE_STEP_CHAL_LENGTH If defined

POLICYFLD_ONE_STEP_CHAL_RESP If defined

POLICYFLD_ONLINESG If defined

POLICYFLD_PARENT_POLICY_ID If defined

POLICYFLD_PIN_CHANGE_ALLOWED If defined

POLICYFLD_POLICY_ID If defined

POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 240

 25. policyQuery

Table 267: policyQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

POLICYFLD_PRIMARY_VDP_REQUEST_METHOD If defined

POLICYFLD_PRIVILEGED_USERS If defined

POLICYFLD_RADIUS_ALLOWED_PROTOCOLS If defined

POLICYFLD_RADIUS_REP_ATTR_ENABLED If defined

POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST If defined

POLICYFLD_RADIUS_SESSION_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME If defined

POLICYFLD_RADIUS_SESSION_TICKET_REUSE If defined

POLICYFLD_SECOND_OTP_SYNC_ENABLED If defined

POLICYFLD_SECURE_CHAL_FONT_INDEX If defined

POLICYFLD_SECURE_CHAL_REQ_PIN If defined

POLICYFLD_SECURE_CHAL_TEMPLATE_NO If defined

POLICYFLD_SECURE_CHANNEL If defined

POLICYFLD_SECURE_SIGN_FONT_INDEX If defined

POLICYFLD_SECURE_SIGN_REQ_PIN If defined

POLICYFLD_SECURE_SIGN_SHOW_RESPONSE If defined

POLICYFLD_SECURE_SIGN_SHOW_WARNING If defined

POLICYFLD_SECURE_SIGN_TEMPLATE_NO If defined

POLICYFLD_SELF_ASSIGN_SEPARATOR If defined

POLICYFLD_STATIC_PWD_DIFF_TO_PREV If defined

POLICYFLD_STATIC_PWD_MIN_LENGTH If defined

POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION If defined

POLICYFLD_STATIC_PWD_MAX_AGE If defined

POLICYFLD_STATIC_PWD_MIN_AGE If defined

POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA If defined

POLICYFLD_STATIC_PWD_MIN_NUMBER If defined

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 241

 25. policyQuery

Table 267: policyQuery (Supported Output Attributes) (continued)

Attribute Name Returned?

POLICYFLD_STATIC_PWD_MIN_SYMBOL If defined

POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA If defined

POLICYFLD_STATIC_PWD_NOT_USERID_BASED If defined

POLICYFLD_STHRESHOLD If defined

POLICYFLD_STIMEWINDOW If defined

POLICYFLD_STORED_PASSWORD_PROXY If defined

POLICYFLD_SYNCWINDOW If defined

POLICYFLD_USER_INACT_DAYS If defined

POLICYFLD_USER_LOCK_THRESHOLD If defined

POLICYFLD_VDP_DELIVERY_METHOD If defined

POLICYFLD_VDP_MDC_PROFILE If defined

POLICYFLD_VDP_SIGN_DELIVERY_METHOD If defined

POLICYFLD_VDP_SIGN_ENABLED If defined

POLICYFLD_VDP_SIGN_MDC_PROFILE If defined

For more information about the specific attributes, refer to Table 252: policyExecute Field Attributes.

25.1.3. PolicyQueryOptions

This determines what results should be returned.

Table 268: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 242

 25. policyQuery

Table 268: QueryOptions (Data Type) (continued)

Element Name Type Description

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

25.1.4. PolicyQueryResults

Table 269: PolicyQueryResults (Data Type)

Element Name Data Type Optionality Description

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

For more information, refer to the IDENTIKEY

Authentication Server SDK Programmer's Guide,
Section "Error and Status Codes".

resultAttribute PolicyAttributeList Mandatory List containing the queried policy attributes. Each
item of type PolicyAttributeSet.

resultCount Integer Mandatory The number of items in resultAttribute.

errorStack ErrorStack Mandatory The error stack, indicating that the command has
not completed successfully.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 243

 25. policyQuery

25.2. Example

Example
<?xml version="1.0" encoding="UTF-8"?>

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Header/>

<SOAP-ENV:Body>

<adm:policyQuery xmlns:adm="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<sessionID>3JSK8cmRjw4E30wAA=0nUTL-~3fmifTO</sessionID>

<attributeSet>

<attributes>

<value xsi:type="xsd:string">Base Policy</value>

<attributeID>POLICYFLD_POLICY_ID</attributeID>

</attributes>

</attributeSet>

<fieldSet>

<attributeID>POLICYFLD_POLICY_ID</attributeID>

<attributeID>POLICYFLD_DESCRIPTION</attributeID>

</fieldSet>

</adm:policyQuery>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

25.3. Requirements

Required administration privileges:

n View Policy

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 244

 25. policyQuery

25.4. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 245

 26. reportExecute

26. reportExecute
The reportExecute command performs the following report-related administrative operations:

Table 270: reportExecute Commands

Command Description

REPORTCMD_CHANGE_OWNER Transfers the ownership of a report to another administrator (see 26.5.

REPORTCMD_CHANGE_OWNER).

REPORTCMD_CREATE Creates a new report definition (see 26.1. REPORTCMD_CREATE).

REPORTCMD_DELETE Deletes the specified report definition (see 26.4. REPORTCMD_DELETE).

REPORTCMD_RUN Generates the specified report (see 26.6. REPORTCMD_RUN).

REPORTCMD_UPDATE Updates the specified report definition (see 26.3. REPORTCMD_UPDATE).

REPORTCMD_VIEW Displays the report definition for the specified report (see 26.2. REPORTCMD_
VIEW).

Each reportExecute command should specify following command parameters:

Table 271: reportExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The report command to be executed.

Commands are specified in the list above.

REPORTATTRIBUTESET Set I Zero or more report attribute fields.

RESULTSET Set O Zero or more report result fields.

The following field attributes are also available for reportExecute commands:

Table 272: reportExecute Field Attributes

Attribute Name Data Type Value

REPORTFLD_ATTACH_REPORT Boolean Indicates that the report should be attached to the

email notification. This applies to scheduled
reports.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 246

 26. reportExecute

Table 272: reportExecute Field Attributes (continued)

Attribute Name Data Type Value

REPORTFLD_CHANGE_PERMISSIONS String Supported values:

“Private”

“Domain”

“Public”

REPORTFLD_CREATE_TIME DateTime Always

REPORTFLD_DATA_SOURCE String Supported values:

“Users”

“Users+Audit”

“DIGIPASS”

“DIGIPASS+Audit”

“Clients”

REPORTFLD_DOMAIN String Up to 255 chars.

REPORTFLD_FORMAT_NAME String

REPORTFLD_GROUP_LEVEL Integer Supported values:

0: Clients

1: Domains

2: Organizational Units

3: Users

4: DIGIPASS

REPORTFLD_MODIFY_TIME DateTime

REPORTFLD_QUERY_DEFINITION String Up to 1024 chars.

One ore more XML formatted report queries.

REPORTFLD_QUERY_FOR String

REPORTFLD_REPORT_DATA String

REPORTFLD_REPORT_DESC String Up to 64 chars.

REPORTFLD_REPORT_FILE_NAME String Up to 255 chars.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 247

 26. reportExecute

Table 272: reportExecute Field Attributes (continued)

Attribute Name Data Type Value

REPORTFLD_REPORT_ID String Up to 255 chars.

REPORTFLD_REPORT_NAME String Up to 64 chars.

REPORTFLD_REPORT_TYPE String Supported values:

“Detail”

“List”

“Trend”

“Distribution”

“Query”

REPORTFLD_RUN_PERMISSIONS String Supported values:

“Private”

“Domain”

“Public”

REPORTFLD_SCHEDULE_TIME DateTime <hours>:<minutes> : e.g. 10:00 Use 24-hour

time, for example 21:00 for 9pm.

REPORTFLD_SCHEDULE Boolean 1/0

REPORTFLD_SCHEDULE_DATE String <day>/<month>/<year> : e.g. 20/07/2013

REPORTFLD_SCHEDULE_MONTH_DAY String

REPORTFLD_SCHEDULE_MONTHS String

REPORTFLD_SCHEDULE_NOTIFY String Email/SMS

REPORTFLD_SCHEDULE_RECURRENCE String

REPORTFLD_SCHEDULE_WEEKDAYS String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 248

 26. reportExecute

Table 272: reportExecute Field Attributes (continued)

Attribute Name Data Type Value

REPORTFLD_TIME_FREQUENCY String Supported values:

“Hour”

“Day”

“Month”

“Year”

REPORTFLD_TIMEZONE String Times displayed in the report are converted to this

timezone

REPORTFLD_USERID String Up to 1024 chars.

26.1. REPORTCMD_CREATE

The following attributes can be specified in the report input parameter of this command:

Table 273: REPORTCMD_CREATE Input Parameters

Name Optional?

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

REPORTFLD_REPORT_NAME Optional

REPORTFLD_REPORT_DESC Mandatory

REPORTFLD_DATA_SOURCE Mandatory

REPORTFLD_GROUP_LEVEL Mandatory

REPORTFLD_REPORT_TYPE Mandatory

REPORTFLD_RUN_PERMISSIONS Mandatory

REPORTFLD_CHANGE_PERMISSIONS Mandatory

REPORTFLD_TIME_FREQUENCY Mandatory

REPORTFLD_QUERY_DEFINITION Mandatory

REPORTFLD_USERID Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 249

 26. reportExecute

The following report attributes will be specified in the results output parameter of this command:

Table 274: REPORTCMD_CREATE Output Parameters

Name Returned?

REPORTFLD_REPORT_ID Always

REPORTFLD_DOMAIN Always

REPORTFLD_REPORT_NAME If defined

REPORTFLD_REPORT_DESC If defined

REPORTFLD_DATA_SOURCE Always

REPORTFLD_GROUP_LEVEL Always

REPORTFLD_REPORT_TYPE Always

REPORTFLD_RUN_PERMISSIONS Always

REPORTFLD_CHANGE_PERMISSIONS Always

REPORTFLD_TIME_FREQUENCY Always

REPORTFLD_QUERY_DEFINITION Always

REPORTFLD_USERID Always

REPORTFLD_CREATE_TIME Always

REPORTFLD_MODIFY_TIME Always

26.2. REPORTCMD_VIEW

The following attributes can be specified in the report input parameter of this command:

Table 275: REPORTCMD_VIEW Input Parameters

Name Optional?

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

The following report attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 250

 26. reportExecute

Table 276: REPORTCMD_VIEW Output Parameters

Name Returned?

REPORTFLD_REPORT_ID Always

REPORTFLD_DOMAIN Always

REPORTFLD_REPORT_NAME If defined

REPORTFLD_REPORT_DESC If defined

REPORTFLD_DATA_SOURCE Always

REPORTFLD_GROUP_LEVEL Always

REPORTFLD_REPORT_TYPE Always

REPORTFLD_RUN_PERMISSIONS Always

REPORTFLD_CHANGE_PERMISSIONS Always

REPORTFLD_TIME_FREQUENCY Always

REPORTFLD_QUERY_DEFINITION Always

REPORTFLD_USERID Always

REPORTFLD_CREATE_TIME Always

REPORTFLD_MODIFY_TIME Always

26.3. REPORTCMD_UPDATE

The following attributes can be specified in the report input parameter of this command:

Table 277: REPORTCMD_UPDATE Input Parameters

Name Optional?

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

REPORTFLD_REPORT_NAME Optional

REPORTFLD_REPORT_DESC Optional

REPORTFLD_DATA_SOURCE Optional

REPORTFLD_GROUP_LEVEL Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 251

 26. reportExecute

Table 277: REPORTCMD_UPDATE Input Parameters (continued)

Name Optional?

REPORTFLD_REPORT_TYPE Optional

REPORTFLD_RUN_PERMISSIONS Optional

REPORTFLD_CHANGE_PERMISSIONS Optional

REPORTFLD_TIME_FREQUENCY Optional

REPORTFLD_QUERY_DEFINITION Optional

REPORTFLD_USERID Optional

The following report attributes will be specified in the results output parameter of this command:

Table 278: REPORTCMD_UPDATE Output Parameters

Name Returned?

REPORTFLD_REPORT_ID Always

REPORTFLD_DOMAIN Always

REPORTFLD_REPORT_NAME If defined

REPORTFLD_REPORT_DESC If defined

REPORTFLD_DATA_SOURCE Always

REPORTFLD_GROUP_LEVEL Always

REPORTFLD_REPORT_TYPE Always

REPORTFLD_RUN_PERMISSIONS Always

REPORTFLD_CHANGE_PERMISSIONS Always

REPORTFLD_TIME_FREQUENCY Always

REPORTFLD_QUERY_DEFINITION Always

REPORTFLD_USERID Always

REPORTFLD_CREATE_TIME Always

REPORTFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 252

 26. reportExecute

26.4. REPORTCMD_DELETE

The following attributes can be specified in the report input parameter of this command:

Table 279: REPORTCMD_DELETE Input Parameters

Name Optional?

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

No result attributes will be returned by this command.

26.5. REPORTCMD_CHANGE_OWNER

The following attributes can be specified in the report input parameter of this command:

Table 280: REPORTCMD_CHANGE_OWNER Input Parameters

Name Optional? Description

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

REPORTFLD_USERID Mandatory UserID of the new report owner.

The following report attributes will be specified in the results output parameter of this command:

Table 281: REPORTCMD_CHANGE_OWNER Output Parameters

Name Returned?

REPORTFLD_REPORT_ID Always

REPORTFLD_DOMAIN Always

REPORTFLD_REPORT_NAME If defined

REPORTFLD_REPORT_DESC If defined

REPORTFLD_DATA_SOURCE Always

REPORTFLD_GROUP_LEVEL Always

REPORTFLD_REPORT_TYPE Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 253

 26. reportExecute

Table 281: REPORTCMD_CHANGE_OWNER Output Parameters (continued)

Name Returned?

REPORTFLD_RUN_PERMISSIONS Always

REPORTFLD_CHANGE_PERMISSIONS Always

REPORTFLD_TIME_FREQUENCY Always

REPORTFLD_QUERY_DEFINITION Always

REPORTFLD_USERID Always

REPORTFLD_CREATE_TIME Always

REPORTFLD_MODIFY_TIME Always

26.6. REPORTCMD_RUN

The following attributes can be specified in the report input parameter of this command:

Table 282: REPORTCMD_RUN Input Parameters

Name Optional?

REPORTFLD_REPORT_ID Mandatory

REPORTFLD_DOMAIN Mandatory

REPORTFLD_QUERY_DEFINITION Optional

REPORTFLD_FORMAT_NAME Optional

REPORTFLD_SCHEDULE Optional

REPORTFLD_SCHEDULE_TIME Optional

REPORTFLD_SCHEDULE_DATE Optional

REPORTFLD_SCHEDULE_NOTIFY Optional

REPORTFLD_SCHEDULE_RECURRENCE Optional

REPORTFLD_SCHEDULE_WEEKDAYS Optional

REPORTFLD_SCHEDULE_MONTHS Optional

REPORTFLD_SCHEDULE_MONTH_DAY Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 254

 26. reportExecute

Only the REPORTFLD_REPORT_FILE_NAME report attribute will be specified in the resultset output
parameter of this command. This report attribute is always returned.

26.7. reportfiledownloadmtom

The reportfiledownloadmtom command downloads a previously generated report. The generated

report is referred to in this command via its reportfilename and is downloaded as binary attachment fol-
lowing the MTOM specification.

Table 283: reportfiledownloadmtom Command Attributes

Name Data Type I/O Description

SESSION_ID String I The session identifier of the current administrative ses-

sion. The logon command returns this identifier after a
successful logon.

USERATTRIBUTESET Set I Zero or more user attribute fields.

REPORTFILE Reference O XOP reference to the report binary attachment speciifed

in ID 4.

MTOM Bin- O The generated report.

ary attach-
ment

The following attributes can be specified in the report input parameter of this command:

Table 284: reportfiledownloadmtom Input Parameters

Name Data Optional? Values Description
Type

REPORTFLD_REPORT_ID String Mandatory Up to 255 chars. Unique report identifier.

REPORTFLD_DOMAIN String Mandatory Up to 255 chars.

REPORTFLD_QUERY_DEFINITION String Mandatory

REPORTFLD_REPORT_FORMAT String Mandatory

REPORTFLD_REPORT_FILE_NAME String Mandatory Unique generated report file

identifier specified as output
parameter of the run report
command,

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 255

 27. reportQuery

27. reportQuery
The reportQuery command queries reports matching specified search criteria. To to use this command, the
following parameters must be specified:

Table 285: reportQuery Parameters

Name Data Type I/O Optional? Description

SESSIONID String I Mandatory The sessiond identifier of the current administrative

session.

ATTRIBUTESET Set I Optional Zero or more report attributes. These attributes spe-
cify the report query search criteria.

FIELDSET Set I Optional Zero or more report attribute identifiers.

These identifiers specify the report fields to be

returned for all the report records matching the
search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT reportQuery O Zero or more query result fields.

Results

27.1. Attribute Set

The report attributes specified in this attribute set define the report search criteria. The following attribute options
can be applied to a report attribute:

n NEGATIVE: used to indicate that the specified report attribute value should NOT be equal to the one spe-
cified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The report attributes specified in the FIELDSET attribute specify the report fields the IDENTIKEY Authentication
Server should return for the report matching the search criteria.

27.2. Query Options

This determines what results should be returned.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 256

 27. reportQuery

Table 286: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

27.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 257

 28. reportformatExecute

28. reportformatExecute
The reportformatExecute command executes the following report-related administrative operations:

Table 287: reportformatExecute Commands

Command Description

REPORTFORMATCMD_CREATE Create a new report format definition (see 28.1. REPORTFORMATCMD_

CREATE).

REPORTFORMATCMD_VIEW Display the format settings for the specified report format (see 28.2.
REPORTFORMATCMD_VIEW).

REPORTFORMATCMD_UPDATE Modify an existing report format definition (see 28.3. REPORTFORMATCMD_

UPDATE).

REPORTFORMATCMD_DELETE Delete a report format (see 28.4. REPORTFORMATCMD_DELETE).

Each reportformatExecute command should specify following parameters:

Table 288: reportformatExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The report format command to be executed.

Commands are specified in the list above.

REPORTFORMAT ATTRIBUTESET Set I Zero or more report format attribute fields.

RESULTSET Set O Zero or more report format result fields.

The following field attributes are also available for ReportFormatExecute commands:

Table 289: reportformatExecute Field Attributes

Attribute Name Data Value Description
Type

REPORTFORMATFLD_REPORT_ID String Up to 255 Unique report idenitifier.

chars.

REPORTFORMATFLD_DOMAIN String Up to 255 Domain in which the report is located.

chars.

REPORTFORMATFLD_FORMAT_NAME String Up to 64 chars. Report format display name

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 258

 28. reportformatExecute

Table 289: reportformatExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

REPORTFORMATFLD_FORMAT_ String
DEFINITION

REPORTFORMATFLD_CREATE_TIME DateTime The date and time the report format object was cre-
ated in the database.

REPORTFORMATFLD_MODIFY_TIME DateTime The date and time of the last report format object
update.

REPORTFORMATFLD_QUERY_FOR String update Refer to 29. reportformatQuery for related inform-

ation.
run

28.1. REPORTFORMATCMD_CREATE

The following attributes can be specified in the report format input parameter of this command:

Table 290: REPORTFORMATCMD_CREATE Input Parameters

Name Optional?

REPORTFORMATFLD_REPORT_ID Mandatory

REPORTFORMATFLD_DOMAIN_NAME Mandatory

REPORTFORMATFLD_FORMAT_NAME Mandatory

REPORTFORMATFLD_FORMAT_DEFINITION Mandatory

The following report format attributes will be specified in the results output parameter of this command:

Table 291: REPORTFORMATCMD_CREATE Output Parameters

Name Returned?

REPORTFORMATFLD_REPORT_ID Always

REPORTFORMATFLD_DOMAIN_NAME Always

REPORTFORMATFLD_FORMAT_NAME Always

REPORTFORMATFLD_FORMAT_DEFINITION Always

REPORTFORMATFLD_CREATE_TIME Always

REPORTFORMATFLD_MODIFY_TIME Always

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 259

 28. reportformatExecute

28.2. REPORTFORMATCMD_VIEW

The following attributes can be specified in the report format input parameter of this command:

Table 292: REPORTFORMATCMD_VIEW Input Parameters

Name Optional?

REPORTFORMATFLD_REPORT_ID Mandatory

REPORTFORMATFLD_DOMAIN_NAME Mandatory

REPORTFORMATFLD_FORMAT_NAME Mandatory

The following report format attributes will be specified in the results output parameter of this command:

Table 293: REPORTFORMATCMD_VIEW Output Parameters

Name Returned?

REPORTFORMATFLD_REPORT_ID Always

REPORTFORMATFLD_DOMAIN_NAME Always

REPORTFORMATFLD_FORMAT_NAME Always

REPORTFORMATFLD_FORMAT_DEFINITION Always

REPORTFORMATFLD_CREATE_TIME Always

REPORTFORMATFLD_MODIFY_TIME Always

28.3. REPORTFORMATCMD_UPDATE

The following attributes can be specified in the report format input parameter of this command:

Table 294: REPORTFORMATCMD_UPDATE Input Parameters

Name Optional?

REPORTFORMATFLD_REPORT_ID Mandatory

REPORTFORMATFLD_DOMAIN_NAME Mandatory

REPORTFORMATFLD_FORMAT_NAME Mandatory

REPORTFORMATFLD_FORMAT_DEFINITION Optional

The following report format attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 260

 28. reportformatExecute

Table 295: REPORTFORMATCMD_UPDATE Output Parameters

Name Returned?

REPORTFORMATFLD_REPORT_ID Always

REPORTFORMATFLD_DOMAIN_NAME Always

REPORTFORMATFLD_FORMAT_NAME Always

REPORTFORMATFLD_FORMAT_DEFINITION Always

REPORTFORMATFLD_CREATE_TIME Always

REPORTFORMATFLD_MODIFY_TIME Always

28.4. REPORTFORMATCMD_DELETE

The following attributes can be specified in the report format input parameter of this command:

Table 296: REPORTFORMATCMD_DELETE Input Parameters

Name Optional?

REPORTFORMATFLD_REPORT_ID Mandatory

REPORTFORMATFLD_DOMAIN_NAME Mandatory

REPORTFORMATFLD_FORMAT_NAME Mandatory

REPORTFORMATFLD_FORMAT_DEFINITION Optional

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 261

 29. reportformatQuery

29. reportformatQuery
The reportformatQuery command queries report formats matching specified search criteria. To use this
command, the following command parameters must be specified:

Table 297: reporfFormatQuery Parameters

Name Data Type I/O Options Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more reportformat attributes. These attrib-

utes specify the reportformat query search cri-
teria.

FIELDSET Set I Optional Zero or more reportformat attribute identifiers.

These identifiers specify the reportformat fields to

be returned for all the reportformat records match-
ing the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

29.1. Attribute Set

The report format attributes specified in this attribute set define the report format search criteria. The following
attribute options can be applied to a report format attribute:

n NEGATIVE: used to indicate that the specified report format attribute value should NOT be equal to the one
specified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

To query those report format definitions that the logged in administrator can update or run, add the report format
attribute REPORTFORMATFLD_QUERY_FOR to the attribute set. This report format attribute of type string supports
the following values:

n update
n run

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 262

 29. reportformatQuery

The report format attributes specified in the FIELDSET attribute specify the report format fields the IDENTIKEY
Authentication Server should return for the report format matching the search criteria.

29.2. Query Options

This determines what results should be returned.

Table 298: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

29.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 263

 29. reportformatQuery

command may be incomplete and may include both migrated and non-migrated data. This means that values for
new data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 264

 30. replicationserverExecute

30. replicationserverExecute
The replicationserverExecute command executes the administrative operation
REPLICATIONCMD_RECONNECT . This command requests the currently administered IDENTIKEY Authentic-
ation Server to reconnect to the specified IDENTIKEY Authentication Server and start replicating.

The replicationserverExecute command should specify following parameters:

Table 299: replicationserverExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The replication command to be executed.

Commands are specified in the list above.

REPLICATION ATTRIBUTESET Set I Zero or more replication attribute fields.

RESULTSET Set O Zero or more report replication fields.

30.1. REPLICATIONCMD_RECONNECT

Only the REPLICATIONFLD_SERVER attribute (data type: string) can be specified in the replication attribute set
input parameter of this command. This parameter is mandatory, supports up to 255 characters, and is the
IP address of the IDENTIKEY Authentication Server whose status needs to be checked.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 265

 31. replicationserverQuery

31. replicationserverQuery
The replicationserverQuery command queries replication servers matching specified search criteria.
To use this command, the following parameters must be specified:

Table 300: replicationserverQuery Parameters

Name Data Type I/O Options Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more replicationserver attributes.

These attributes specify the replicationserver
query search criteria.

FIELDSET Set I Optional Zero or more replicationserver attribute iden-

tifiers.

These identifiers specify the replicationserver

fields to be returned for all the replicationserver
records matching the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

31.1. Attribute Set

The replication server attributes specified in this attribute set define the replication server search criteria. The fol-
lowing attribute options can be applied to a replication server attribute:

n NEGATIVE: used to indicate that the specified replication server attribute value should NOT be equal to the
one specified.
n Search fields are interpreted as follows:
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The replication server attributes specified in the FIELDSET attribute specify the replication server fields the
IDENTIKEY Authentication Server should return for the replication server matching the search criteria.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 266

 31. replicationserverQuery

31.2. Query Options

This determines what results should be returned.

Table 301: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

31.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 267

 32. reportFileExecute

32. reportFileExecute
The reportFileExecute command executes the following administrative operations:

Table 302: reportFileExecute Commands

Command Description

REPORTFILECMD_VIEW View report file details (see 32.1. REPORTFILECMD_VIEW).

REPORTFILECMD_DELETE Delete a new report file (see 32.2. REPORTFILECMD_DELETE).

REPORTFILECMD_TAKE_OWNERSHIP Take over ownership of a report file (see 32.3. REPORTFILECMD_TAKE_

OWNERSHIP).

REPORTFILECMD_CHANGE_OWNERSHIP Change ownership of a report file (see 32.4. REPORTFILECMD_CHANGE_

OWNERSHIP).

The following field attributes are available for reportFileExecute commands:

Table 303: reportFileExecute Field Attributes

Attribute Name Data Type Value Description

REPORTFILEFLD_REPORTFILE_ID String 60 Generated report ID

REPORTFILEFLD_SERVER_ID String 255 Server report is defined on

REPORTFIELDFLD_DOMAIN String 255 Domain name report created under

REPORTFILEFLD_USER_ID String 255 User ID which created report

REPORTFILEFLD_DESCRIPTION String 255 Description

REPORTFILEFLD_SETTINGS String 4096 The query parameters used to generate the report

REPORTFILEFLD_SIZE Integer Report file size

REPORTFILEFLD_PERIOD_START Timestamp Report period start time

REPORTFILEFLD_PERIOD_END Timestamp Report period end time

REPORTFILEFLD_CREATE_TIME Timestamp Report file create time

REPORTFILEFLD_MODIFY_TIME Timestamp Report file modify time

32.1. REPORTFILECMD_VIEW

Only the REPORTFILEFLD_REPORTFILE_ID attribute can be specified in the ReporFile attribute set input parameter
of this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 268

 32. reportFileExecute

The following ReportFile attributes will be specified in the results output parameter of this command:

Table 304: REPORTFILECMD_VIEW Output Parameters

Attribute Name Description

REPORTFILEFLD_ID Generated report ID

REPORTFILEFLD_SERVER_ID Server report is defined on

REPORTFILEFLD_DOMAIN_NAME Domain name report created under

REPORTFILEFLD_USER_ID User ID which created report

REPORTFILEFLD_DESCRIPTION Description

REPORTFILEFLD_SETTINGS The query parameters used to generate the report

REPORTFILEFLD_SIZE Report file size

REPORTFILEFLD_PERIOD_START Report period start time

REPORTFILEFLD_PERIOD_END Report period end time

REPORTFILEFLD_CREATE_TIME Report file create time

REPORTFILEFLD_MODIFY_TIME Report file modify time

32.2. REPORTFILECMD_DELETE

Only the REPORTFILEFLD_REPORTFILE_ID attribute can be specified in the ReportFile attribute set input parameter
of this command.

No result attributes will be returned by this command.

32.3. REPORTFILECMD_TAKE_OWNERSHIP

The following attributes can be specified in the ReportFile input parameter of this command:

Table 305: REPORTFILECMD_TAKE_OWNERSHIP Input Parameters

Attribute Name Optional

REPORTFILEFLD_REPORT_ID N

REPORTFILEFLD_DOMAIN_NAME N

REPORTFILEFLD_USER_ID N

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 269

 32. reportFileExecute

Only the REPORTFILEFLD_REPORT_ID attribute will be specified in the resultset output parameter of this com-
mand.

32.4. REPORTFILECMD_CHANGE_OWNERSHIP

The following attributes can be specified in the ReportFile input parameter of this command:

Table 306: REPORTFILECMD_CHANGE_OWNERSHIP Input Parameters

Attribute Name Optional

REPORTFILEFLD_REPORT_ID N

REPORTFILEFLD_DOMAIN_NAME N

REPORTFILEFLD_USER_ID N

The following ReportFile attributes will be specified in the results output parameter of this command:

Table 307: REPORTFILECMD_CHANGE_OWNERSHIP Output Parameters

Attribute Name Description

REPORTFILEFLD_REPORTFILE_ID Generated report ID

REPORTFILEFLD_SERVER_ID Server report is defined on

REPORTFILEFLD_DOMAIN_NAME Domain name report created under

REPORTFILEFLD_USER_ID User ID which created report

REPORTFILEFLD_DESCRIPTION Description

REPORTFILEFLD_SETTINGS The query parameters used to generate the report

REPORTFILEFLD_SIZE Report file size

REPORTFILEFLD_PERIOD_START Report period start time

REPORTFILEFLD_PERIOD_END Report period end time

REPORTFILEFLD_CREATE_TIME Report file create time

REPORTFILEFLD_MODIFY_TIME Report file modify time

32.5. reportfiledownloadmtom

To download a report file, use the reportfiledownloadmtom command. Only the REPORTFILEFLD_
SESSION_ID attribute can be specified in the ReportFile attribute set input parameter of this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 270

 33. reportfieldExecute

33. reportfieldExecute
The reportfieldExecute command executes the following administrative operations:

Table 308: reportfieldExecute Commands

Command Description

REPORTFIELDCMD_VIEW View report fields (see 33.1. REPORTFIELDCMD_VIEW).

REPORTFIELDCMD_CREATE Create new report fields (see 33.2. REPORTFIELDCMD_CREATE).

REPORTFIELDCMD_DELETE Delete report fields (see 33.3. REPORTFIELDCMD_DELETE).

REPORTFIELDCMD_UPDATE Update report fields (see 33.4. REPORTFIELDCMD_UPDATE).

The following field attributes are available for these commands:

Table 309: reportfieldExecute Field Attributes

Attribute Name Data Value Description
Type

REPORTFIELDFLD_DOMAIN_NAME String Up to 255 chars. Domain to which the report

belongs

REPORTFIELDFLD_REPORT_ID String The name of the report.

REPORTFIELDFLD_DISPLAY_NAME String Up to 255 chars. Report field name

REPORTFIELDFLD_OPERATION String max Operation type.

min

count

sum

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 271

 33. reportfieldExecute

Table 309: reportfieldExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

REPORTFIELDFLD_FIELD_NAME String Action Rerport field name

Application

Back-End Authentication

Category

Characteristics

Client Location

Code

Command

Configuration Details

Credentials

Data Source

Data Source Location

Domain

Error Details

Error Message

Expiration Date

Fields

From

Input Details

Local Authentication

Message

Object

Operation

Outcome

Output Details

Password Protocol

Policy ID

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 272

 33. reportfieldExecute

Table 309: reportfieldExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

RADIUS Profile

Reason

Request ID

Serial No

Server Location

Session ID

Source

Source Location

To

User ID

User Link

Version

REPORTFIELDFLD_CREATE_TIME Datetime The date and time the

report field object was cre-
ated in the database.

REPORTFIELDFLD_MODIFY_TIME Datetime The date and time of the last

report field object update.

REPORTFIELDFLD_FIELD_ORD Integer

33.1. REPORTFIELDCMD_VIEW

The following attributes can be specified in the ReportFieldCmd input parameter of this command:

Table 310: REPORTFIELDCMD_VIEW Input Parameters

Name Optional?

REPORTFIELDFLD_DOMAIN_NAME Mandatory

REPORTFIELDFLD_REPORT_ID Mandatory

REPORTFIELDFLD_DISPLAY_NAME Mandatory

The following ReportFieldCmd attributes will be specified in the results output parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 273

 33. reportfieldExecute

Table 311: REPORTFIELDCMD_VIEW Output Parameters

Name

REPORTFIELDFLD_DOMAIN_NAME

REPORTFIELDFLD_REPORT_ID

REPORTFIELDFLD_NAME

REPORTFIELDFLD_OPERATION

REPORTFIELDFLD_FIELD_NAME

REPORTFIELDFLD_CREATE_TIME

REPORTFIELDFLD_MODIFY_TIME

33.2. REPORTFIELDCMD_CREATE

The following attributes can be specified in the ReportFieldCmd input parameter of this command:

Table 312: REPORTFIELDCMD_CREATE Input Parameters

Name Optional?

REPORTFIELDFLD_DOMAIN_NAME Mandatory

REPORTFIELDFLD_REPORT_ID Mandatory

REPORTFIELDFLD_DISPLAY_NAME Mandatory

REPORTFIELDFLD_OPERATION

REPORTFIELDFLD_FIELD_NAME

The following ReportFieldCmd attributes will be specified in the results output parameter of this command:

Table 313: REPORTFIELDCMD_CREATE Output Parameters

Name

REPORTFIELDFLD_DOMAIN_NAME

REPORTFIELDFLD_REPORT_ID

REPORTFIELDFLD_NAME

REPORTFIELDFLD_OPERATION

REPORTFIELDFLD_FIELD_NAME

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 274

 33. reportfieldExecute

33.3. REPORTFIELDCMD_DELETE

The following attributes can be specified in the ReportFieldCmd input parameter of this command:

Table 314: REPORTFIELDCMD_DELTE Input Parameters

Name Optional?

REPORTFIELDFLD_DOMAIN_NAME Mandatory

REPORTFIELDFLD_REPORT_ID Mandatory

REPORTFIELDFLD_DISPLAY_NAME Mandatory

REPORTFIELDFLD_OPERATION

No result attributes will be returned by this command.

33.4. REPORTFIELDCMD_UPDATE

The following attributes can be specified in the ReportFieldCmd input parameter of this command:

Table 315: REPORTFIELDCMD_UPDATE Input Parameters

Name Optional?

REPORTFIELDFLD_DOMAIN_NAME Mandatory

REPORTFIELDFLD_REPORT_ID Mandatory

REPORTFIELDFLD_DISPLAY_NAME Mandatory

REPORTFIELDFLD_OPERATION

REPORTFIELDFLD_DISPLAY_NAME

The following ReportFieldCmd attributes will be specified in the results output parameter of this command:

Table 316: REPORTFIELDCMD_UPDATE Output Parameters

Name

REPORTFIELDFLD_DOMAIN_NAME

REPORTFIELDFLD_REPORT_ID

REPORTFIELDFLD_DISPLAY_NAME

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 275

 33. reportfieldExecute

Table 316: REPORTFIELDCMD_UPDATE Output Parameters (continued)

Name

REPORTFIELDFLD_OPERATION

REPORTFIELDFLD_DISPLAY_NAME

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 276

 34. reportfieldQuery

34. reportfieldQuery
The reportfieldQuery command queries report fields matching specified search criteria. To use this com-
mand, the following command parameters must be specified:

Table 317: reportfieldQuery Parameters (SOAP Administration)

Name Data Type I/O Options Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more reportfield attributes. These attrib-

utes specify the reportfield query search cri-
teria.

FIELDSET Set I Optional Zero or more reportfield attribute identifiers.

These identifiers specify the report fields to be

returned for all the replicationserver records
matching the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

34.1. Attribute Set

The ReportField attributes specified in this attribute set define the search criteria. The following attribute options
can be applied to a ReportField attribute:

n NEGATIVE: used to indicate that the specified ReportField attribute value should NOT be equal to the one
specified.
n Search fields are interpreted as follows:
n Wildcards are accepted.
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The key attributes specified in the FIELDSET attribute specify the ReportField fields the IDENTIKEY Authentication
Server should return for the ReportFields matching the search criteria.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 277

 34. reportfieldQuery

34.2. Query Options

This determines what results should be returned.

Table 318: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

34.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 278

 35. userfileExecute

35. userfileExecute
The userfileExecutecommand executes the following administrative operations:

Table 319: userfileExecute Commands

Command Description

USERFILECMD_UPLOAD_FILE Upload user file.

USERFILECMD_IMPORT_FILE Import user file (see 35.1. USERFILECMD_IMPORT_FILE).

USERFILECMD_QUERY_STATUS Query status of the user file import (see 35.2. USERFILECMD_QUERY_STATUS).

USERFILECMD_STOP_IMPORT Stops user file import (see 35.3. USERFILECMD_STOP_IMPORT).

The following field attributes are available for these commands:

Table 320: userfileExecute Field Attributes

Attribute Name Data Type Value Description

USERFILEFLD_USER_FILE_NAME String Up to 255 Name of User file

chars.

USERFILEFLD_CACHE_ID String Up to 255

chars

USERFILEFLD_CREATE_NEW_ACCOUNT Boolean Create new account on import

USERFILEFLD_ENABLE_NEW_ACCOUNT Boolean Enable account on creation

USERFILEFLD_UPDATE_ACCOUNT Boolean Update account

USERFILEFLD_SHOW_PASSWORD_OPTION Boolean

USERFILEFLD_UPDATE_STATIC_PASSWORD Boolean Update static password on creation

USERFILEFLD_SHOW_ASSIGN_DP Boolean Show assign DIGIPASS options

USERFILEFLD_ASSIGN_DP Boolean Assign DIGIPASSon creation.

USERFILEFLD_GRACE_PERIOD_DAYS Integer The number of grace period days for the Users
created from the file.

USERFILEFLD_USERS_TOTAL integer Total numbers of Users in file

USERFILEFLD_USERS_READ integer Total number of Users read

USERFILEFLD_USERS_IMPORTED integer Total number of Users imported

USERFILEFLD_USERS_FAILED Integer Total number of Users where import failed

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 279

 35. userfileExecute

Table 320: userfileExecute Field Attributes (continued)

Attribute Name Data Type Value Description

USERFILEFLD_RETURN_ERROR boolean Indicate whether to return errors or not

USERFILEFLD_ERROR_LIST attributes Errors returned

USERFILEFLD_TASK_DESCRIPTION string

USERFILEFLD_SCHEDULED boolean Is this import scheduled.

USERFILEFLD_SCHEDULE_TIME string Schedule time if scheduled

<hours>:<minutes> : e.g. 10:00 Use 24-hour

time, for example 21:00 for 9pm.

USERFILEFLD_SCHEDULE_DATE string Schedule date if scheduled

<day>/<month>/<year> : e.g. 20/07/2013

USERFILEFLD_NOTIFY String Email Notification method

SMS

35.1. USERFILECMD_IMPORT_FILE

The following attributes can be specified in the USERFILECMD input parameter of this command:

Table 321: USERFILECMD_IMPORT_FILE Input Parameters

Name Optional?

USERFILEFLD_CACHE_ID Mandatory

USERFILEFLD_CREATE_NEW_ACCOUNT Mandatory

USERFILEFLD_ENABLE_NEW_ACCOUNT Mandatory

USERFILEFLD_UPDATE_ACCOUNT Mandatory

USERFILEFLD_UPDATE_STATIC_PASSWORD

USERFILEFLD_ASSIGN_DP

USERFILEFLD_GRACE_PERIOD_DAYS

USERFILEFLD_SCHEDULE

USERFILEFLD_SCHEDULE_TIME

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 280

 35. userfileExecute

Table 321: USERFILECMD_IMPORT_FILE Input Parameters (continued)

Name Optional?

USERFILEFLD_SCHEDULE_DATE

USERFILEFLD_NOTIFY

No result attributes will be returned by this command.

35.2. USERFILECMD_QUERY_STATUS

The following attributes can be specified in the USERFILECMD input parameter of this command:

Table 322: USERFILECMD_QUERY_STATUS Input Parameters

Name Optional?

USERFILEFLD_CACHE_ID Mandatory

USERFILEFLD_RETURN_ERROR

The following USERFILECMD attributes will be specified in the results output parameter of this command:

Table 323: USERFILECMD_QUERY_STATUS Output Parameters

Name

STERILE

USERFILEFLD_USERS_FAILED

35.3. USERFILECMD_STOP_IMPORT

Only the USERFILEFLD_CACHE_ID attribute can be specified in the USERFILECMD attribute set input parameter of
this command.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 281

 36. keyExecute

36. keyExecute
The keyExecute command executes the following administrative operations:

Table 324: keyExecute Commands

Command Description

KEYCMD_VIEW View key details (see 36.1. KEYCMD_VIEW).

KEYCMD_CREATE Create a new key (see 36.2. KEYCMD_CREATE).

KEYCMD_DELETE Delete a key (see 36.3. KEYCMD_DELETE).

KEYCMD_UPDATE Update a key (see 36.4. KEYCMD_UPDATE).

KEYCMD_ROTATE_KEY Rotate a key (see 36.5. KEYCMD_ROTATE_KEY).

KEYCMD_ROTATE_ABORT Abort key rotation (see 36.6. KEYCMD_ROTATE_ABORT).

KEYCMD_QUERY_STATUS Query Rotate Key action (see 36.7. KEYCMD_ROTATE_STATUS).

The following field attributes are available for these commands:

Table 325: keyExecute Field Attributes

Attribute Name Data Value Description
Type

KEYFLD_KEY_ID String key Key ID

KEYFLD_KCV String HSM – key check value

KEYFLD_KEY_LABEL String HSM key label

KEYFLD_LEGACY_MODE Boolean

KEYFLD_NCIPHER_KEYHASH String

KEYFLD_SLOT_ID integer HSM Slot ID

KEYFLD_USAGE String Storage Data Key usage type

Sensitive Data

KEYFLD_CRYPTO_TYPE String HSM – Safenet Type of cryptography used by the key

SSM

KEYFLD_DEFAULT_KEY Boolean Indicate default key

KEYFLD_TOKEN_LABEL String HSM token label

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 282

 36. keyExecute

Table 325: keyExecute Field Attributes (continued)

Attribute Name Data Value Description
Type

KEYFLD_TOKEN_PIN String HSM token PIN (PIN used to access token)

KEYFLD_DESCRIPTION String Key description

KEYFLD_VALUE String SSM Key value (HEX)

KEYFLD_CRYPTO_ALGO String AES-256-CFB Cryptographic algorithm

DES-EDE-CFB

DES-EDE3-CFB

CAST5-CFG

BF-CFB

AES-128-CBC

AES-256-CBC

AES-128-CBC-2

KEYFLD_CACHE_ID String Key cache ID

KEYFLD_ROTATE_ELAPSED_TIME integer Elapsed time of last rotation for this key

KEYFLD_ROTATE_FOUND_TOTAL integer Number of records found for rotation

KEYFLD_ROTATE_SUCCESS integer Number of records with key successfully

rotated

KEYFLD_ROTATE_FAILED integer Number of records where key rotation

failed

KEYFLD_CREATE_TIME Datetime The date and time the key object was cre-
ated in the database.

KEYFLD_MODIFY_TIME Datetime The date and time of the last key object
update.

KEYFLD_SCHEDULE Boolean Indicates whether rotation is scheduled

KEYFLD_SCHEDULE_TIME String Scheduled time

KEYFLD_SCHEDULE_DATE String Scheduled date

KEYFLD_NOTIFY String Email Notification method

SMS

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 283

 36. keyExecute

36.1. KEYCMD_VIEW

Only the KEYFLD_KEY_ID attribute can be specified in the attribute set input parameter of this command.

The following key attributes will be specified in the results output parameter of this command:

Table 326: KEYCMD_VIEW Output Parameters

Attribute Name

KEYFLD_KEY_ID

KEYFLD_KCV

KEYFLD_KEY_LABEL

KEYFLD_SLOT_ID

KEYFLD_USAGE

KEYFLD_CRYPTO_TYPE

KEYFLD_DEFAULT_KEY

KEYFLD_TOKEN_LABEL

KEYFLD_DESCRIPTION

KEYFLD_CRYPTO_ALGO

KEYFLD_CREATE_TIME

KEYFLD_MODIFY_TIME

36.2. KEYCMD_CREATE

The following attributes can be specified in the key input parameter of this command:

Table 327: KEYCMD_CREATE Input Parameters

Attribute Name

KEYFLD_KEY_ID

KEYFLD_KCV

KEYFLD_KEY_LABEL

KEYFLD_SLOT_ID

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 284

 36. keyExecute

Table 327: KEYCMD_CREATE Input Parameters (continued)

Attribute Name

KEYFLD_USAGE

KEYFLD_CRYPTO_TYPE

KEYFLD_TOKEN_LABEL

KEYFLD_TOKEN_PIN

KEYFLD_DESCRIPTION

KEYFLD_VALUE

KEYFLD_CRYPTO_ALGO

The following key attributes will be specified in the results output parameter of this command:

Table 328: KEYCMD_CREATE Output Parameters

Attribute Name

KEYFLD_KEY_ID

KEYFLD_KCV

KEYFLD_KEY_LABEL

KEYFLD_SLOT_ID

KEYFLD_USAGE

KEYFLD_CRYPTO_TYPE

KEYFLD_TOKEN_LABEL

KEYFLD_DESCRIPTION

KEYFLD_DEFAULT_KEY

KEYFLD_CRYPTO_ALGO

36.3. KEYCMD_DELETE

Only the KEYFLD_KEY_ID attribute can be specified in the attribute set input parameter of this command.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 285

 36. keyExecute

36.4. KEYCMD_UPDATE

The following attributes can be specified in the key input parameter of this command:

Table 329: KEYCMD_UPDATE Input Parameters

Attribute Name Optional

KEYFLD_KEY_ID N

KEYFLD_DESCRIPTION

The following key attributes will be specified in the results output parameter of this command:

Table 330: KEYCMD_UPDATE Output Parameters

Attribute Name

KEYFLD_KEY_ID

KEYFLD_KCV

KEYFLD_KEY_LABEL

KEYFLD_SLOT_ID

KEYFLD_USAGE

KEYFLD_CRYPTO_TYPE

KEYFLD_TOKEN_LABEL

KEYFLD_DESCRIPTION

KEYFLD_VALUE

KEYFLD_CRYPTO_ALGO

KEYFLD_LEGACY_MODE

36.5. KEYCMD_ROTATE_KEY

The following attributes can be specified in the key input parameter of this command:

Table 331: KEYCMD_ROTATE_KEY Input Parameters

Attribute Name

KEYFLD_KEY_ID

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 286

 36. keyExecute

Table 331: KEYCMD_ROTATE_KEY Input Parameters (continued)

Attribute Name

KEYFLD_USAGE

KEYFLD_TOKEN_LABEL

KEYFLD_SCHEDULE

KEYFLD_SCHEDULE_TIME

KEYFLD_SCHEDULE_DATE

KEYFLD_SCHEDULE_NOTIFY

The following key attributes will be specified in the results output parameter of this command:

Table 332: KEYCMD_ROTATE_KEY Output Parameters

Attribute Name

KEYFLD_CHACHE_ID

KEYFLD_ROTATE_FOUND_TOTAL

36.6. KEYCMD_ROTATE_ABORT

Only the KEYFLD_CACHE_ID attribute can be specified in the attribute set input parameter of this command.

No result attributes will be returned by this command.

36.7. KEYCMD_ROTATE_STATUS

Only the KEYFLD_CACHE_ID attribute can be specified in the attribute set input parameter of this command.

The following key attributes will be specified in the results output parameter of this command:

Table 333: KEYCMD_ROTATE_STATE Output Parameters

Attribute Name

KEYFLD_ELAPSED_TIME

KEYFLD_ROTATE_SUCCESS

KEYFLD_ROTATE_FAILED

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 287

 37. keyQuery

37. keyQuery
The keyQuery command queries cryptographic keys matching specified search criteria. To use this command,
the following command parameters must be specified:

Table 334: keyQuery Parameters

Name Data Type I/O Options Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more replicationserver attributes. These

attributes specify the replicationserver query
search criteria.

FIELDSET Set I Optional Zero or more replicationserver attribute iden-

tifiers.

These identifiers specify the replicationserver

fields to be returned for all the replicationserver
records matching the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

37.1. Attribute Set

The key attributes specified in this attribute set define the search criteria. The following attribute options can be
applied to a key attribute:

n NEGATIVE: used to indicate that the specified key attribute value should NOT be equal to the one spe-
cified.
n Search fields are interpreted as follows:
n Wildcards are accepted.
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The key attributes specified in the FIELDSET attribute specify the replication server fields the IDENTIKEY Authentic-
ation Server should return for the replication servers matching the search criteria.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 288

 37. keyQuery

37.2. Query Options

This determines what results should be returned.

Table 335: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

37.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 289

 38. taskExecute

38. taskExecute
The taskExecutecommand executes the following administrative operations:

Table 336: taskExecute Commands

Command Description

TASKCMD_VIEW View task field details (see 38.1. TASKCMD_VIEW).

TASKCMD_UPDATE Updates task field details (see 38.3. TASKCMD_UPDATE).

TASKCMD_DELETE Delete task (see 38.2. TASKCMD_DELETE).

TASKCMD_CANCEL Cancel task (see 38.4. TASKCMD_CANCEL).

TASKCMD_RESUME Resume suspended task (see 38.5. TASKCMD_RESUME).

TASKCMD_SUSPEND Suspend task (see 38.6. TASKCMD_SUSPEND).

The following field attributes are available for these commands:

Table 337: taskExecute Field Attributes

Attribute Name Data Type Value Description

TASKFLD_TASK_ID String Server generated ID

TASKFLD_TASKTYPE String Command type (server generated)

TASKFLD_DESCRIPTION String Command Description (server gen-

erated)

TASKFLD_DOMAIN String Domain in which the task has been cre-

ated

TSKCMDFLD_USERID String User id which created the task

TASKFLD_SERVERID String Server on which task was created

TASKFLD_FEATURES String Non Scheduling features supported by the

command
scheduled

recurrent

TASKFLD_STATUS String Running Current task status

scheduled

suspended

cancelling

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 290

 38. taskExecute

Table 337: taskExecute Field Attributes (continued)

Attribute Name Data Type Value Description

TASKFLD_STATUS_INFORMATION String Status information.

TASKFLD_SCHEDULE Boolean Indicates whether task is scheduled

TASKFLD_SCHED_TIME String Scheduled time

TASKFLD_SCHED_DATE String Scheduled date

TASKFLD_SCHED_NOTIFY String Email Method of notification

SMS

TASKFLD_SCHED_RECURRENCE String None Recurrence type

Daily

Monthly

TASKFLD_SCHED_WEEKDAYS String Day of week of recurring task. Space sep-

arated list of applicable days.

TASKFLD_SCHED_MONTHS String Scheduled week of recurring task.

Space separated list of applicable
months.

TASKFLD_SCHED_MONTHDAY integer Day of month task is shceduled if recur-

ring monthly

TASKFLD_CREATETIME DateTime Date/time created

TASKFLD_MODIFYTIME DateTime Date/time Modifed

38.1. TASKCMD_VIEW

Only the TASKFLD_TASK_ID attribute can be specified in the TaskCmd attribute set input parameter of this com-
mand. This attribute is not optional.

The following TaskCmd attributes will be specified in the results output parameter of this command:

Table 338: TASKCMD_VIEW Output Parameters

Attribute Name

TASKFLD_TASK_ID

TASKFLD_TASKTYPE

TASKFLD_DESCRIPTION

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 291

 38. taskExecute

Table 338: TASKCMD_VIEW Output Parameters (continued)

Attribute Name

TASKFLD_DOMAIN

TSKCMDFLD_USERID

TSKCMDFLD_SERVERID

TASKFLD_FEATURES

TASKFLD_STATUS

TASKFLD_STATUS_INFO

TASKFLD_SCHEDULE

TASKFLD_SCHED_TIME

TASKFLD_SCHED_DATE

TASKFLD_SCHED_NOTIFY

TASKFLD_SCHED_RECURRENCE

TASKFLD_SCHED_WEEKDAYS

TASKFLD_SCHED_MONTHS

TASKFLD_SCHED_MONTHDAY

TASKFLD_CREATETIME

TASKFLD_MODIFYTIME

38.2. TASKCMD_DELETE

Only the TASKFLD_TASK_ID attribute can be specified in the TaskCmd attribute set input parameter of this com-
mand. This attribute is not optional.

No result attributes will be returned by this command.

38.3. TASKCMD_UPDATE

The following attributes can be specified in the TaskCmd input parameter of this command:

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 292

 38. taskExecute

Table 339: TASKCMD_UPDATE Input Parameters

Attribute Name Optional

TASKFLD_TASK_ID N

TASKFLD_SCHEDULE

TASKFLD_SCHED_TIME

TASKFLD_SCHED_DATE

TASKFLD_SCHED_NOTIFY

TASKFLD_SCHED_RECURRENCE

TASKFLD_SCHED_WEEKDAYS

TASKFLD_SCHED_MONTHS

TASKFLD_SCHED_MONTHDAY

The following TaskCmd attributes will be specified in the results output parameter of this command:

Table 340: TASKCMD_UPDATE Output Parameters

Attribute Name

TASKFLD_TASK_ID

TASKFLD_TASKTYPE

TASKFLD_DESCRIPTION

TASKFLD_DOMAIN

TSKCMDFLD_USERID

TSKCMDFLD_SERVERID

TASKFLD_FEATURES

TASKFLD_SERVERID

TASKFLD_STATUS

TASKFLD_STATUS_INFO

TASKFLD_SCHEDULE

TASKFLD_SCHED_TIME

TASKFLD_SCHED_DATE

TASKFLD_SCHED_NOTIFY

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 293

 38. taskExecute

Table 340: TASKCMD_UPDATE Output Parameters (continued)

Attribute Name

TASKFLD_SCHED_RECURRENCE

TASKFLD_SCHED_WEEKDAYS

TASKFLD_SCHED_MONTHS

TASKFLD_SCHED_MONTHDAY

38.4. TASKCMD_CANCEL

Only the TASKFLD_TASK_ID attribute can be specified in the TaskCmd attribute set input parameter of this com-
mand. This attribute is not optional.

No result attributes will be returned by this command.

38.5. TASKCMD_RESUME

Only the TASKFLD_TASK_ID attribute can be specified in the TaskCmd attribute set input parameter of this com-
mand. This attribute is not optional.

No result attributes will be returned by this command.

38.6. TASKCMD_SUSPEND

Only the TASKFLD_TASK_ID attribute can be specified in the TaskCmd attribute set input parameter of this com-
mand. This attribute is not optional.

No result attributes will be returned by this command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 294

 39. taskQuery

39. taskQuery
The taskQuery command queries cryptographic keys matching specified search criteria. To use this com-
mand, the following command parameters must be specified:

Table 341: taskQuery Parameters

Name Data Type I/O Options Description

SESSIONID String I Mandatory The sessiond identifier of the current admin-

istrative session.

ATTRIBUTESET Set I Optional Zero or more replicationserver attributes. These

attributes specify the replicationserver query
search criteria.

FIELDSET Set I Optional Zero or more replicationserver attribute iden-

tifiers.

These identifiers specify the replicationserver

fields to be returned for all the replicationserver
records matching the search criteria.

QUERYOPTIONS Query I Optional

Options

RESULT UserQuery O Zero or more query result fields.

Results

39.1. Attribute Set

The TaskQuery attributes specified in this attribute set define the search criteria. The following attribute options
can be applied to a TaskQuery attribute:

n NEGATIVE: used to indicate that the specified replication server attribute value should NOT be equal to the
one specified.
n Search fields are interpreted as follows:
n Wildcards are accepted.
n Wildcards can be placed at start, end or both of the values. In this case, they will be interpreted as
the SQL LIKE statement.
n A list of comma separated values can be specified, in this case it will be interpreted as the logical
OR of the given values.
n Otherwise, the search will be done using the exact match of the given value.

The key attributes specified in the FIELDSET attribute specify the replication server fields the IDENTIKEY Authentic-
ation Server should return for the replication servers matching the search criteria.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 295

 39. taskQuery

39.2. Query Options

This determines what results should be returned.

Table 342: QueryOptions (Data Type)

Element Name Type Description

count Boolean Flag to request IDENTIKEY Authentication Server to return only the number of records in
the result set, but not the result set itself.

Default value: false

distinct Boolean Flag to request IDENTIKEY Authentication Server to return only unique query results.

Default value: false

rowcount Unsigned Option to request IDENTIKEY Authentication Server to return the specified number of
Integer result records, beginning with the record specified by RowOffset.

If set to 0, all result records are returned.

Default value: 0

rowoffset Unsigned Option to request IDENTIKEY Authentication Server to return result records starting
Integer from the specified offset.

Default value: 0

sortfieldid String Optional. Required, if you specify SortOrder. Determines the field attribute to use as
sort key when sorting the result set using SortOrder. May contain any field attribute
from the FieldSet parameter.

sortorder String Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted.

Possible values:

n QUERYOPTIONSORTORDER_ASCENDING. Sort result set ascendingly.

n QUERYOPTIONSORTORDER_DESCENDING. Sort result set descendingly.

39.3. Additional Considerations

After upgrading IDENTIKEY Authentication Server, server data is continuously migrated while the already-upgraded
IDENTIKEY Authentication Server is running. Until data migration has been completed, the result of a query com-
mand may be incomplete and may include both migrated and non-migrated data. This means that values for new
data fields may be missing or not set correctly in the query result.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 296

 40. timeZoneListExecute

40. timeZoneListExecute
The timeZoneListExecute command retrieves a list of the available time zones for use mainly with report-
ing.

Table 343: timeZoneListExecute Commands

Command Description
TMZLISTCMD_GETZONELIST Get time zone list (see 40.1. TMZLISTCMD_GETZONELIST).

Table 344: timeZoneListExecute Command Parameters

Name Data I/O Description
Type

SESSION_ID String I The session identifier of the current administrative session. The
logon command returns this identifier after a successful logon.

CMD String I The command to be executed.

Commands are specified in the table above.

USERATTRIBUTESET Set I Zero or more user attribute fields.

40.1. TMZLISTCMD_GETZONELIST

Use this command to get the list of time zones.

Table 345: TMZLISTCMD_GETZONELIST Output Parameters

Name Data I/O Description

Type

TMZLSTFLD_ATTRIBUTE_ZONELIST String O Time zone list

The output is a list of time zones contained in TMZLSTFLD_ATTRIBUTE_ZONELIST.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 297

 41. SOAP Provisioning

41. SOAP Provisioning

The SOAP provisioning interface provides administrative commands for DIGIPASS provisioning. It is exposed via the
provisioningExecute command (see Table 346: provisioningExecute Commands (SOAP Provisioning)).

Table 346: provisioningExecute Commands (SOAP Provisioning)

Command Description

dsappSRPActivate Activate a DIGIPASS authenticator after successful provisioning operation

on IDENTIKEY Authentication Server using DIGIPASS Software Advanced
Provisioning Protocol-Secure Remote Password (DSAPP-SRP), validate the
OTP of the newly generated software DIGIPASS or bind it to he mobile
device (see 41.14. dsappSRPActivate).

dsappSRPGenerateActivationData The GenerateActivationData command is required to generate activation

data for either a standard online activation or Multi-Device Licensing Activ-
ation Message 1 and encrypting this message by using DSAPP-SRP ses-
sion keys (see 41.13. dsappSRPGenerateActivationData).

dsappSRPGenerateEphemeralKey Exchange keys for a provisioning registration operation on IDENTIKEY

Authentication Server using DSAPP-SRP (see 41.12. dsap-
pSRPGenerateEphemeralKey).

dsappSRPRegister Perform a provisioning registration operation on IDENTIKEY Authentication

Server using DSAPP-SRP (see 41.11. dsappSRPRegister).

PROVISIONCMD_ACTIVATE Perform a provisioning activation operation on IDENTIKEY Authentication

Server (see 41.3. PROVISIONCMD_ACTIVATE).

PROVISIONCMD_ASSIGN Perform a provisioning assignment operation on IDENTIKEY Authentication

Server (see 41.4. PROVISIONCMD_ASSIGN).

PROVISIONCMD_DSAPPACTIVATE Perform a provisioning activation operation on IDENTIKEY Authentication

Server using DSAPP (see 41.6. PROVISIONCMD_DSAPPACTIVATE).

PROVISIONCMD_ Generate activation data for DIGIPASS for Mobile on the IDENTIKEY
DSAPPGENERATEACTIVATIONDATA Authentication Server (see 41.7. PROVISIONCMD_
DSAPPGENERATEACTIVATIONDATA).

PROVISIONCMD_DSAPPREGISTER Perform a provisioning registration operation on IDENTIKEY Authentication

Server using DSAPP (see 41.5. PROVISIONCMD_DSAPPREGISTER).

PROVISIONCMD_MDL_ACTIVATE Validate the confirmation code generated by a DIGIPASSupon processing

the second activation message (see 41.10. PROVISIONCMD_ MDL_
ACTIVATE ).Supports Response-Only one-time password validation and
Secure Channel signature validation of the confirmation code.

Applies to DIGIPASS compliant with Multi-Device Licensing.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 298

 41. SOAP Provisioning

Table 346: provisioningExecute Commands (SOAP Provisioning) (continued)

Command Description

PROVISIONCMD_MDL_ADD_DEVICE Register a new device which supports Two-Step Activation (see 41.9.
PROVISIONCMD_MDL_ADD_DEVICE).

Applies to DIGIPASS compliant with Multi-Device Licensing.

PROVISIONCMD_MDL_REGISTER Generate a first activation message for a specified end-user on IDENTIKEY

Authentication Server (see 41.8. PROVISIONCMD_MDL_REGISTER). In a
Two-Step Activation scenario, this constitutes the first activation step.

Applies to DIGIPASS compliant with Multi-Device Licensing.

PROVISIONCMD_REGISTER Perform a provisioning registration operation on the IDENTIKEY Authentic-

ation Server (see 41.2. PROVISIONCMD_REGISTER).

PROVISIONCMD_SERVER_TIME Retrieve server time for use in activation and re-activation of DIGIPASS for
Mobile.

The PROVISIONCMD_SERVER_TIME command supports only the PROVFLD_SERVER_TIME (output)

attribute.

41.1. Provisioning Field Attributes

The following field attributes are available for these commands:

Table 347: SOAP Provisioning Field Attributes

Attribute Name Data Type Value Description

PROVFLD_ACTIVATION_CODE String Activation Code for the assigned DIGIPASS.

PROVFLD_ACTIVATION_CODE_IV String Activation Code for the assigned DIGIPASS in

standard activation mode, when DSAPP v2 is
used.

PROVFLD_ACTIVATION_TYPE Unsigned Integer 0 The provisioning command register gen-

erates either online or offline activation data.

Possible Values are:

0 – Online

1 – Offline

PROVFLD_ACTIVATION_MESSAGE String The generated activation message.

Applies to DIGIPASS compliant with Multi-

Device Licensing.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 299

 41. SOAP Provisioning

Table 347: SOAP Provisioning Field Attributes (continued)

Attribute Name Data Type Value Description

PROVFLD_ACTIVATION_MESSAGE_IV String The generated activation message in Multi-

Device Activation mode, when DSAPP v2 is
used.

PROVFLD_ALEA String

PROVFLD_AUXILIARY_MESSAGE String If register is not successful.

PROVFLD_CLIENT_HASH String PC hash generated by the DP4Web application

PROVFLD_COMPONENT_TYPE String SOAP client application identifier.

PROVFLD_DELIVERY_METHOD String E-Mail Specifies and triggers the MDC delivery. If this
attribute is not present, no MDC delivery will be
taking place. Only supports e-mail delivery.

PROVFLD_DESTINATION String The delivery destination, e.g. the destination e-

mail address. If thisattribute is present,
PROVFLD_DELIVERY_METHOD must be
present as well. If the PROVFLD_DELIVERY_
METHOD attribute is specified and PROVFLD_
DESTINATION is not present, the user account
e-mail address will be used instead for the deliv-
ery.

PROVFLD_DEVICE_CODE String The code generated by a DIGIPASS upon pro-

cessing the first activation message.

Applies to DIGIPASS compliant with Multi-

Device Licensing

PROVFLD_DEVICE_ID String The identifier which refers to a specific

DIGIPASS device.

Applies to DIGIPASS compliant with Multi-

Device Licensing.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 300

 41. SOAP Provisioning

Table 347: SOAP Provisioning Field Attributes (continued)

Attribute Name Data Type Value Description

PROVFLD_DEVICE_TYPE String The device type for which a new DIGIPASS

instance is created.

Applies to DIGIPASS compliant with Multi-

Device Licensing.

0 – Hardware device

1 – Unknown software platform

3 – iOS

5 – Jailbroken iOS

7 – Android

9 – Rooted Android

11 – Windows Phone

13 – BlackBerry Native

15 – MIDP2 Platform or BlackBerry Java

17 – Windows

19 – Linux

21 - Mac

23 - RFU

PROVFLD_DOMAIN String Up to 255 As output, the user's resolved domain will be

chars. specified.

PROVFLD_DP_RESPONSE String Contains a Response-Only OTP. Must be used

when the value for the PROVFLD_REQUEST_
TYPE attribute is 1.

PROVFLD_DSAPP_VERSION Unsigned Integer Specifies the DSAPP protocol version number

to be used. If this attribute is not present, the
default value is version 1.

PROVFLD_ORGANIZATIONAL_UNIT String Up to 255 Indicates the user's resolved organizational

chars. unit.

PROVFLD_SERIAL_NO String Exactly 10 Serial number of the DIGIPASS for which the
chars. activation code has been generated.

PROVFLD_SIGNATURE String The signature generated by the DIGIPASS

device upon processing the second activation
message.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 301

 41. SOAP Provisioning

Table 347: SOAP Provisioning Field Attributes (continued)

Attribute Name Data Type Value Description

PROVFLD_STATIC_PASSWORD String

PROVFLD_STATUS_MESSAGE String If register is not successful.

PROVFLD_USERID String Up to 255 The UserID, in whatever form the calling applic-
chars. ation provides it (no specific format is required).

As output, the resolved UserID will be specified.

PROVFLD_NEW_STATIC_PASSWORD String

PROVFLD_CONFIRM_NEW_STATIC_ String
PASSWORD

PROVFLD_WEB_PUBLIC_KEY String

PROVFLD_CESPR String

PROVFLD_CHALLENGE String

PROVFLD_CUSTOM_ENCRYPT_PWD String

PROVFLD_EVENT_REACTIVATION_ String Output for the provisioningRegister

COUNTER command .

PROVFLD_EVENT_REACTIVATION_ String Output for the provisioningRegister

COUNTER_IV command in standard activation mode, when
DSAPP v2 is used.

PROVFLD_SERVER_TIME String Output for SERVER_TIME command

PROVFLD_REGISTRATIONID String

PROVFLD_ACTIVATION_PASSWORD String

PROVFLD_CLIENT_IV String

PROVFLD_ENCRYPTED_CLIENT_ String
PUBLIC_KEY_NONCE

PROVFLD_ENCRYPTED_NONCES String

PROVFLD_ENCRYPTED_SERVER_ String
PUBLIC_KEY

PROVFLD_SERVER_IV String

PROVFLD_SERVER_NONCE String

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 302

 41. SOAP Provisioning

Table 347: SOAP Provisioning Field Attributes (continued)

Attribute Name Data Type Value Description

PROVFLD_ENCRYPTED_SERVER_ String
NONCE

PROVFLD_DERIVATION_CODE String Contains a derivation code. Must be used when

the value for the PROVFLD_ REQUEST_ TYPE
attribute =0.

PROVFLD_REQUEST_TYPE Unsigned Integer Defines if the authenticator is activated with an

OTP (PROVFLD_DP_RESPONSE) or a deriv-
ation code with device-binding (PROVFLD_
DERIVATION_CODE). If this attribute is missing,
activation via OTP is applied.

clientEphemeralPublicKey String Hexadecimal The client ephemeral public key is required to

String generate the server ephemeral public key, and
is generated during protocol initialization.

serverEphemeralPublicKey String Hexadecimal The server ephemeral public key is used to gen-
String erate the VASCO Secure Remote Password
(SRP) session key.

41.2. PROVISIONCMD_REGISTER

This command supports the following attributes:

Table 348: PROVISIONCMD_REGISTER Attributes

Attribute Name Input/Output Optional?

PROVFLD_USERID I/O Mandatory

PROVFLD_DOMAIN I/O Optional

PROVFLD_ORGANIZATIONAL_UNIT O

PROVFLD_SERIAL_NO O

PROVFLD_STATIC_PASSWORD I Optional

PROVFLD_ALEA I Optional

PROVFLD_COMPONENT_TYPE I Mandatory

PROVFLD_CLIENT_HASH I Optional

PROVFLD_DELIVERY_METHOD I Optional

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 303

 41. SOAP Provisioning

Table 348: PROVISIONCMD_REGISTER Attributes (continued)

Attribute Name Input/Output Optional?

PROVFLD_DESTINATION I Optional

PROVFLD_ACTIVATION_CODE O

PROVFLD_ACTIVATION_TYPE I Optional

PROVFLD_STATUS_MESSAGE O

PROVFLD_AUXILIARY_MESSAGE O

PROVFLD_DP_RESPONSE I Optional

PROVFLD_CUSTOM_ENCRYPT_PWD I/O Optional

PROVFLD_EVENT_REACTIVATION_COUNTER O Optional

41.3. PROVISIONCMD_ACTIVATE

This command supports the following attributes:

Table 349: PROVISIONCMD_ACTIVATE Attributes

Attribute Name Input/Output Optional?

PROVFLD_USERID I/O Mandatory

PROVFLD_DOMAIN I/O Optional

PROVFLD_ORGANIZATIONAL_UNIT O

PROVFLD_SERIAL_NO I Optional

PROVFLD_STATIC_PASSWORD I Optional

PROVFLD_DERIVATION_CODE I Optional

PROVFLD_REQUEST_TYPE I Optional

PROVFLD_DP_RESPONSE I Optional

PROVFLD_COMPONENT_TYPE I Mandatory

PROVFLD_NEW_STATIC_PASSWORD I Optional

PROVFLD_CONFIRM_NEW_STATIC_PASSWORD I Optional

PROVFLD_STATUS_MESSAGE O

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 304

 41. SOAP Provisioning

Table 349: PROVISIONCMD_ACTIVATE Attributes (continued)

Attribute Name Input/Output Optional?

PROVFLD_AUXILIARY_MESSAGE O

PROVFLD_WEB_PUBLIC_KEY I Optional

PROVFLD_CESPR I Optional

PROVFLD_CHALLENGE I Optional

41.4. PROVISIONCMD_ASSIGN

This command supports the following attributes:

Table 350: PROVISIONCMD_ASSIGN Attributes

Attribute Name Input/Output Optional?

PROVFLD_USERID I/O Mandatory

PROVFLD_DOMAIN I/O Optional

PROVFLD_SERIAL_NO O

PROVFLD_STATIC_PASSWORD I Optional

PROVFLD_CESPR I optional

PROVFLD_CHALLENGE I Optional

41.5. PROVISIONCMD_DSAPPREGISTER

This command supports the following attributes:

Table 351: PROVISIONCMD_DSAPPREGISTER Attributes

Attribute Name Input/Output Optional?
PROVFLD_ACTIVATION_PASSWORD O
PROVFLD_AUXILIARY_MESSAGE O
PROVFLD_COMPONENT_TYPE I Mandatory
PROVFLD_DOMAIN I/O Optional
PROVFLD_DSAPP_VERSION I Optional
PROVFLD_REGISTRATIONID O

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 305

 41. SOAP Provisioning

Table 351: PROVISIONCMD_DSAPPREGISTER Attributes (continued)

Attribute Name Input/Output Optional?
PROVFLD_USERID I/O Mandatory
PROVFLD_STATIC_PASSWORD I Mandatory

41.6. PROVISIONCMD_DSAPPACTIVATE

This command supports the following attributes:

Table 352: PROVISIONCMD_DSAPPACTIVATE Attributes

Attribute Name Input/Output Optional?
PROVFLD_AUXILIARY_MESSAGE O
PROVFLD_CLIENT_IV I Mandatory
PROVFLD_COMPONENT_TYPE I Mandatory
PROVFLD_DERIVATION_CODE I Optional
PROVFLD_DP_RESPONSE I Optional
PROVFLD_ENCRYPTED_SERVER_NONCE I Mandatory
PROVFLD_REGISTRATIONID I Mandatory
PROVFLD_REQUEST_TYPE I Mandatory
PROVFLD_STATUS_MESSAGE O

41.7. PROVISIONCMD_DSAPPGENERATEACTIVATIONDATA

This command supports the following attributes:

Table 353: PROVISIONCMD_DSAPPGENERATEACTIVATIONDATA Attributes

Attribute Name Input/Output Optional?
PROVFLD_ACTIVATION_CODE O Optional
PROVFLD_ACTIVATION_CODE_IV O Optional
PROVFLD_ACTIVATION_MESSAGE O Optional
PROVFLD_ACTIVATION_MESSAGE_IV O Optional
PROVFLD_AUXILIARY_MESSAGE O
PROVFLD_CLIENT_IV I Mandatory
PROVFLD_COMPONENT_TYPE I Mandatory
PROVFLD_DOMAIN O Optional
PROVFLD_DSAPP_VERSION I Optional
PROVFLD_ENCRYPTED_CLIENT_PUBLIC_KEY_NONCE I Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 306

 41. SOAP Provisioning

Table 353: PROVISIONCMD_DSAPPGENERATEACTIVATIONDATA Attributes (continued)

Attribute Name Input/Output Optional?
PROVFLD_ENCRYPTED_NONCES O
PROVFLD_ENCRYPTED_SERVER_PUBLIC_KEY O
PROVFLD_EVENT_REACTIVATION_COUNTER O
PROVFLD_EVENT_REACTIVATION_COUNTER_IV O Optional
PROVFLD_REGISTRATIONID I Mandatory
PROVFLD_SERIAL_NO O
PROVFLD_SERVER_IV O
PROVFLD_STATUS_MESSAGE O
PROVFLD_USERID O

41.8. PROVISIONCMD_MDL_REGISTER

This command supports the following attributes:

Table 354: PROVISIONCMD_MDL_REGISTER Attributes

Attribute Name Input Output Remarks
PROVFLD_USERID Mandatory Mandatory
PROVFLD_DOMAIN Optional Mandatory
PROVFLD_ORGANIZATIONAL_UNIT Optional
PROVFLD_SERIAL_NO Optional Mandatory
PROVFLD_COMPONENT_TYPE Mandatory
PROVFLD_STATIC_PASSWORD Mandatory
PROVFLD_REGISTRATIONID Mandatory
PROVFLD_ACTIVATION_MESSAGE Mandatory

41.9. PROVISIONCMD_MDL_ADD_DEVICE

This command supports the following attributes:

Table 355: PROVISIONCMD_MDL_ADD_DEVICE Attributes

Attribute Name Input Output Remarks
PROVFLD_REGISTRATIONID Mandatory Mandatory
PROVFLD_COMPONENT_TYPE Mandatory

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 307

 41. SOAP Provisioning

Table 355: PROVISIONCMD_MDL_ADD_DEVICE Attributes (continued)

Attribute Name Input Output Remarks
PROVFLD_CLIENT_IV Optional Mandatory if PROVISIONCMD_
DSAPPGENERATEACTIVATIONDATA
was used to generateActivation Message 1.
PROVFLD_DEVICE_CODE Mandatory
PROVFLD_DEVICE_ID Mandatory
PROVFLD_DEVICE_TYPE Mandatory
PROVFLD_ENCRYPTED_SERVER_NONCE Optional Mandatory if PROVISIONCMD_
DSAPPGENERATEACTIVATIONDATA
was used to generateActivation Message 1.
PROVFLD_ACTIVATION_MESSAGE Mandatory

41.10. PROVISIONCMD_MDL_ACTIVATE

This command supports the following attributes:

Table 356: PROVISIONCMD_MDL_ACTIVATE Attributes

Attribute Name Input Output Remarks
PROVFLD_REGISTRATIONID Mandatory Mandatory
PROVFLD_COMPONENT_TYPE Mandatory
PROVFLD_SIGNATURE Mandatory

41.11. dsappSRPRegister

The dsappSRPRegister command serves to authenticate the user and initiate a DIGIPASS Software
Advanced Provisioning Protocol-Secure Remote Password (DSAPP-SRP) provisioning operation.

41.11.1. Parameters

Table 357: dsappSRPRegister Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
componentType String Mandatory Specifies the component for which the DSAPP-SRP provisioning
operation is to be applied.
user UserInput Mandatory The user input information; specifies the user to be authenticated
for the provisioning operation.
credential RegisterCredentialInput Mandatory The credential parameters used to authenticate the user.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 308

 41. SOAP Provisioning

Table 358: dsappSRPRegister Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
status CommandStatusResponse Mandatory The error stack, indicating that the command has not completed suc-
cessfully, if applicable, and the result and status codes returned by the
command.
result DSAPPSRPRegisterResult Optional The output fields for this command, returning information about the regis-
tration ID and the activation password.

41.11.1.1. UserInput
Table 359: UserInput (Data Type)
Element Name Type Description

userID String The ID of the user to be authenticated for the provisioning operation.

domain String The domain of the user to be authenticated for the provisioning operation.

41.11.1.2. RegisterCredentialInput
Table 360: RegisterCredentialInput (Data Type)
Element Name Type Description

staticPassword String The current static password of the user.

41.11.1.3. DSAPPSRPRegisterResult
Table 361: DSAPPSRPRegisterResult (Data Type)]
Element Name Type Description

registrationID String The ID of the user to be authenticated.

activationPassword String The user password generated by the DSAPP server.

41.11.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header/>

<soapenv:Body>

<prov:dsappSRPRegister xmlns:prov="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Provisioning">

<componentType>srp-component</componentType>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 309

 41. SOAP Provisioning

<user>

<userID>user1</userID>

<domain>master</domain>

</user>

<credential>

<staticPassword>Password2</staticPassword>

</credential>

</prov:dsappSRPRegister>

</soapenv:Body>

</soapenv:Envelope>

41.12. dsappSRPGenerateEphemeralKey

The dsappSRPGenerateEphemeralKey command is required to exchange keys for a DIGIPASS Software

Advanced Provisioning Protocol-Secure Remote Password (DSAPP-SRP) provisioning operation.

41.12.1. Parameters

Table 362: dsappSRPGenerateEphemeralKey Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
componentType String Mandatory Specifies the component for which the DSAPP-SRP provisioning
operation is to be applied.
registrationID String Mandatory The user input information; specifies the user to be authen-
ticated for the operation.
clientEphemeralPublicKey String Mandatory The client ephemeral public key generated during protocol ini-
tialization; this key is required to generate the server ephemeral
public key.

Table 363: dsappSRPGenerateEphemeralKey Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
status CommandStatusResponse Mandatory The error stack, indicating that the command has not com-
pleted successfully, if applicable, and the result and status
codes returned by the command.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 310

 41. SOAP Provisioning

Table 363: dsappSRPGenerateEphemeralKey Output Parameters (SOAP Administration) (continued)

Parameter Name Data Type Optionality Description

result DSAPPSRPGenerateEphemeralKeyResult Mandatory The output fields for this command, returning information
about the server ephemeral public key which is used to gen-
erate the SRP session key.

41.12.1.1. DSAPPSRPGenerateEphemeralKeyResult
Table 364: DSAPPSRPGenerateEphemeralKeyResult (Data Type)
Element Name Type Description

serverEphemeralPublicKey String The key used to generate the SRP session key.

salt String Used to generate the password verifier.

41.12.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header/>

<soapenv:Body>

<prov:dsappSRPGenerateEphemeralKey xmlns:prov="http://www.vasco.com/IdentikeyServe-
er/IdentikeyTypes/Provisioning">

<componentType>srp-component</componentType>

<registrationID>xiOb8GC2</registrationID>

<clientEphemeralPublicKey>ABCDEF</clientEphemeralPublicKey>

</prov:dsappSRPRegister>

</soapenv:Body>

</soapenv:Envelope>

41.13. dsappSRPGenerateActivationData

The dsappSRPGenerateActivationData command is required to generate activation data for either a

standard online activation or for Activation Message 1 in Multi-Device Licensing, and for encrypting this message
using DIGIPASS Software Advanced Provisioning Protocol-Secure Remote Password (DSAPP-SRP) session keys.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 311

 41. SOAP Provisioning

41.13.1. Parameters

Table 365: dsappSRPGenerateActivationData Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
componentType String Mandatory Specifies the component for which the DSAPP-SRP activation
data are to be generated.
registrationID String Mandatory The user input information; specifies the user to be authen-
ticated for the operation.
clientEvidenceMessage String Mandatory Encrypted data for a standard online or Multi-Device Licens-
ing activation: the evidence message generated by the client.

Table 366: dsappSRPGenerateActivationData Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
status CommandStatusResponse Mandatory The error stack, indicating that the command has not
completed successfully, if applicable, and the result and
status codes returned by the command.
result DSAPPSRPGenerateActivationDataResult Optional The encrypted activation data.

41.13.1.1. DSAPPSRPGenerateActivationDataResult
Table 367: DSAPPSRPGenerateActivationDataResult (Data Type)
Element Name Type Description

standard DSAPPSRPStandardActivation The encrypted data required for a standard online activation:
activation code and event reactivation counter.

mdl DSAPPSRPMDLActivation The encrypted data required for a Multi-Device Licensing

activation: activation message.

serverEvidenceMessage String Encrypted data for a standard online or Multi-Device Licens-

ing activation: the evidence message generated by the
server.

41.13.1.2. DSAPPSRPStandardActivation
Table 368: DSAPPSRPStandardActivation (Data Type)
Element Name Type Description

activationCode DSAPPSRPEncryptedData The activation code for online activation, either FAD (Full Activ-
ation Data) or XFAD Encrypted Full Activation Data).

eventReactivationCounter DSAPPSRPEncryptedData Event reactivation counter for the standard activation; used to
activate the device.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 312

 41. SOAP Provisioning

41.13.1.3. DSAPPSRPMDLActivation
Table 369: DSAPPSRPMDLActivation (Data Type)
Element Name Type Description

activationMessage DSAPPSRPEncryptedData The generated activation message for a Multi-Device Licensing

online activation.

41.13.1.4. DSAPPSRPEncryptedData
Table 370: DSAPPSRPEncryptedData (Data Type)
Element Name Type Description

encryptedData String Encrypted data, i.e. the activation code, the reactivation counter, or the activation
message for the online activation.

encryptionCounter String Encryption counter for the activation code, the event reactivation counter, or the
activation message.

mac String Message authentication code for the activation code, the event reactivation
counter, or the activation message.

41.13.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header/>

<soapenv:Body>

<prov:dsappSRPGenerateActivationData xmlns:prov="http://www.vasco.com/IdentikeyServe-
er/IdentikeyTypes/Provisioning">

<componentType>srp-component</componentType>

<registrationID>xiOb8GC2</registrationID>

<clientEvidenceMessage>ABCDEF</clientEvidenceMessage>

</prov:dsappSRPGenerateActivationData>

</soapenv:Body>

</soapenv:Envelope>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 313

 41. SOAP Provisioning

41.14. dsappSRPActivate

The dsappSRPActivate command is required to activate a DIGIPASS authenticator after a successful

DIGIPASS Software Advanced Provisioning Protocol-Secure Remote Password (DSAPP-SRP) provisioning operation.
The activation command validates the one- time password (OTP) of the newly generated software
DIGIPASS authenticator or binds it to the mobile device.

41.14.1. Parameters

Table 371: dsappSRPActivate Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
componentType String Mandatory Specifies the component for which the DSAPP-SRP provisioning
operation is to be applied.
registrationID String Mandatory The user input information; specifies the user to be authenticated
for the operation.
credential ActivateCredentialInput Mandatory The credential parameters used to authenticate the user: the
response or the derivation code.

Table 372: dsappSRPActivate Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
status CommandStatusResponse Mandatory The error stack, indicating that the command has not completed suc-
cessfully, if applicable, and the result and status codes returned by
the command.

41.14.1.1. ActivateCredentialInput
Table 373: ActivateCredentialInput (Data Type)
Element Name Type Description

response String The ID of the user to be authenticated for the provisioning operation; if this data type element
is passed for the credential parameter, the derivationCode element cannot be
used.

derivationCode String String of up to 27 decimal or hexadecimal characters, containing the used derivation code; if
this data type element is passed for the credential parameter, the response element
cannot be used.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 314

 41. SOAP Provisioning

41.14.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

<soapenv:Header/>

<soapenv:Body>

<prov:dsappSRPActivate xmlns:prov="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Provisioning">

<componentType>srp-component</componentType>

<registrationID>xiOb8GC2</registrationID>

<credential>

<derivationCode>123456</derivationCode>

</credential>

</prov:dsappSRPActivate>

</soapenv:Body>

</soapenv:Envelope>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 315

 42. SOAP Audit Management

42. SOAP Audit Management

The SOAP audit management interface provides commands to retrieve audit log entries (see Table 374: SOAP Audit
Management Commands).

Table 374: SOAP Audit Management Commands

Command Description
auditGetMessage Retrieves a single audit message (see 42.1. auditGetMessage).
digipassActivityQuery Queries the recent authentication, signature validation, administration, and pro-
visioning activity of a particular DIGIPASS authenticator (see 42.2. digi-
passActivityQuery).
userActivityQuery Queries the recent authentication, signature validation, administration, and pro-
visioning activity of a particular user (see 42.3. userActivityQuery).

42.1. auditGetMessage

The auditGetMessage command queries a single audit record from the audit log.

42.1.1. Parameters

Table 375: auditGetMessage Input Parameters (SOAP Administration)

Parameter Name Data Optionality Description
Type
sessionID String Mandatory The session identifier of the current administrative session. The logon com-
mand returns this identifier after a successful logon (see 5.1. logon).
timestamp String Mandatory The date and time (1/300 second precision) at which the audit message was
recorded. It uses the following format:

<yyyy>-<MM>-<dd>T<HH>:<mm>:<ss>.<SSS>Z
AMID String Mandatory The audit message identifier.

Table 376: auditGetMessage Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description
errorStack ErrorStack Optional The error stack, indicating that the command has not completed suc-
cessfully.
resultCodes ResultCodes Mandatory The result and status codes returned by the command.
auditMessage AuditMessage Optional For a description of the auditMessage elements, refer to Table 377:
AuditMessage (Data Type).

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 316

 42. SOAP Audit Management

42.1.1.1. AuditMessage
Table 377: AuditMessage (Data Type)
Element Name Type Description
timestamp String The date and time (1/300 second precision) at which the audit message was
recorded.
AMID String The audit message identifier.

NotNullStringType
source String The string representation of the source of the audit message. Example:

n Identikey Server

NotNullStringType
type String The audit message type (code).
code String The audit message code.

NotNullStringType
description String The description of the audit message.

NotNullStringType
category String The category for the audit message.

NotNullStringType
auditLocation String The location of the source of the audit message. Typically an IP address or host
name.
clientLocation String The location of the client (only in case the client is not the source of the audit
message).
clientType String The client component type.
serialNumber String The serial number of the DIGIPASS authenticator.
policyID String The identifier of the policy handling the request.
reason String A short phrase indicating the reason for a failure.
action String The intended action to take for a received request. Examples:

n Ignore
n Process
applicationName String The DIGIPASS Application name.
area String The functional area where the audit message was recorded. Example:

n Active Directory search

auditVersion Unsigned Integer The revision of the auditing format.
backendAuthentication String The back-end authentication protocol ID, or "None".

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 317

 42. SOAP Audit Management

Table 377: AuditMessage (Data Type) (continued)

Element Name Type Description
characteristics String A space- separated list of keywords indicating characteristics of interest.
Example (in case of a connection attempt):

n SSL TCP IPv6 …

command String The name of the AAL3 command.
configurationDetails String A breakdown of the configuration settings.
credentials String The credentials that were presented for the connection/authentication attempt.
Examples:

n Password
n None
dataSourceLocation String The location of the data source, for instance the path /file name when the data
source type is File.
dataSourceType String The type of the data source. Examples:

n File
n Registry
deliveryDestination String The destination to deliver a message to (through Message Delivery Com-
ponent).
deliveryMethod String The method used to deliver a message (through Message Delivery Com-
ponent).
domain String The domain name.

In case of an administrative command, this is usually the domain of the admin-

istrator. The domain of the targeted user is stored in targetDomain.
downtime Unsigned Integer The duration (in minutes) of the downtime.
dpType String The DIGIPASS type, for instance DIGIPASS 300.
epochCertificate String The epoch certificate.
epochID String The identifier of the current epoch.
epochSequenceNumber Unsigned Integer The sequence number of the audit message within the current epoch.
epochVersion String The revision of the secure auditing format.
errorCode Integer The error code for the audit message.
errorMessage String The string representation of the error code.
errorDetails String The full dump of the error stack.
expirationDate Date Time The expiration date related to the audit message subject. Example:

n Grace Period expiration date.

fieldsDetails String "All Fields" or list of fields returned by the query.
fromLocation String The source location for a particular process. Example: when something is
moved.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 318

 42. SOAP Audit Management

Table 377: AuditMessage (Data Type) (continued)

Element Name Type Description

infoMessage String The message returned by an external component. Example:

n MDC
inputDetails String A breakdown of the request parameters and/or attributes.
localAuthentication Boolean Indicates whether local authentication was performed or not.
mobileNumber String The mobile phone number to send a message to (through Message Delivery
Component).
object String The name of an AAL3 object related to a query or command.
offlineDataDetails String The offline data details.
offlineStateData String The offline state data.
operation String The operation being attempted/processed when the audit message was recor-
ded.
outcome String The outcome of an attempt to do something. Examples:

n Success
n Failure
n Challenge
outputDetails String A breakdown of the response parameters and/or attributes.
requestType String The type of packet. Examples (in case of RADIUS protocol):

n Access-Request
n Access-Accept
passwordProtocol String The password encoding. Examples:

n PAP
n CHAP
n EAP-MD5
n MS-CHAP1
n MS-CHAP2
protocol String The identifier of the communication protocol used.
quota Integer The value of a quota related to the audit message subject. Example:

n BVDP Uses Remaining

radiusInputOctets Unsigned Long Integer The Acct-Input-Octets from the RADIUS accounting packet.
radiusOutputOctets Unsigned Long Integer The Acct-Output-Octets from the RADIUS accounting packet.
radiusProfile String The RADIUS profile used.
radiusStatusType String The Acct-Status-Type field from the RADIUS accounting packet. Typically indic-
ates begin or end of an accounting session.
requestID Integer The request identifier. Example:

n RADIUS packet ID.

serverLocation String The location of the server. Typically an IP address or host name.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 319

 42. SOAP Audit Management

Table 377: AuditMessage (Data Type) (continued)

Element Name Type Description

sessionID String The session identifier.

sessionTime Unsigned Integer The duration (in seconds) of the session.
signature String The cryptographic signature of the audit message.
startTime DateTime The DIGIPASS start time set by various commands, e.g. DIGIPASSCMD_
ASSIGN.
targetDomain String The domain of the user targeted by an administrative command.
targetUserID String The user ID of the user targeted by an administrative command.
taskDescription String The description of the task.
taskExecutionTime String The (human-readable) string representation of the time it took to complete the
task.
taskID String The task identifier.
taskResult String The result of a task.
toLocation String The destination location for a particular process, for instance when something
is moved.
userLink String The user ID of the user account linked to this user account.
userLocation String The location (IP address) of the user's client device. Examples:

n RADIUS calling-station-ID
n HTTP browser/client address.
userID String The user's identifier. When it refers to an IDENTIKEY Authentication Server-
user account, the exact user ID.

In case of an administrative command, this is usually an administrator. The tar-

geted user is stored in targetUserID.
version String The string representation of the IDENTIKEY Authentication Server version.

42.1.2. Example

Example
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-
ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xop="http://www.w3.org/2004/08/xop/include"
xmlns:CREDENTIAL-TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/CredentialTypes.xsd" xmlns:USER-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/UserTypes.xsd" xmlns:BACKEND-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/BackEndTypes.xsd" xmlns:COMPONENT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ComponentTypes.xsd" xmlns:CONFIGURATION-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ConfigurationTypes.xsd" xmlns:DIGIPASS-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/DigipassTypes.xsd" xmlns:DOMAIN-

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 320

 42. SOAP Audit Management

TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/DomainTypes.xsd" xmlns:ORGUNIT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/OrgunitTypes.xsd" xmlns:USER-ATTRIBUTE-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/UserAttributeTypes.xsd" xmlns:DIGIPASSAPPL-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/DigipassApplTypes.xsd" xmlns:POLICY-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/PolicyTypes.xsd" xmlns:REPLICATION-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ReplicationTypes.xsd" xmlns:REPORTFORMAT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ReportFormatTypes.xsd" xmlns:REPORTFIELD-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ReportFieldTypes.xsd" xmlns:REPORT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ReportTypes.xsd" xmlns:DPXFILE-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/DPXFileTypes.xsd" xmlns:USERFILE-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/UserFileTypes.xsd" xmlns:ADMINSESSION-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/AdminSessionTypes.xsd" xmlns:OFFLINEDATA-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/OfflineDataTypes.xsd" xmlns:RADIUSDICT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/RadiusDictTypes.xsd" xmlns:BACKENDSERVERGROUP-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/BackEndServerGroupTypes.xsd" xmlns:TASK-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/TaskTypes.xsd" xmlns:KEY-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/KeyTypes.xsd" xmlns:REPORTFILE-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ReportFileTypes.xsd" xmlns:TIMEZONELIST-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/TimeZoneListTypes.xsd" xmlns:BASIC-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/BasicTypes.xsd" xmlns:EMVCAP-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/EmvCapTypes.xsd" xmlns:PROVISIONING-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ProvisioningTypes.xsd" xmlns:SERVER-CONFIGURATION-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ServerConfigurationTypes.xsd" xmlns:SIGNATURE-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/SignatureTypes.xsd" xmlns:AUDIT-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/AuditTypes.xsd" xmlns:ADMIN-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/Administration" xmlns:ADMIN-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration" xmlns:AUTH-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/Authentication" xmlns:AUTH-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Authentication" xmlns:EMVCAPAUTH-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/EmvCapAuthentication" xmlns:EMVCAP-AUTH-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/EmvCapAuthentication" xmlns:PROV-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/Provisioning" xmlns:PROV-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Provisioning" xmlns:SERVERCFG-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/ServerConfiguration" xmlns:SERVERCFG-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/ServerConfiguration" xmlns:SIGN-
SCENARIO="http://www.vasco.com/IdentikeyServer/Scenarios/Signature" xmlns:SIGN-
TYPES="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Signature">

<soapenv:Header/>

<soapenv:Body>

<ADMIN-TYPES:auditGetMessageResponse xsi:type="AUDIT-TYPES:AuditGetMessageResponse">

<resultCodes xsi:type="BASIC-TYPES:ResultCodes">

<returnCodeEnum>RET_SUCCESS</returnCodeEnum>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 321

 42. SOAP Audit Management

<statusCodeEnum>STAT_SUCCESS</statusCodeEnum>

<returnCode>0</returnCode>

<statusCode>0</statusCode>

</resultCodes>

<errorStack xsi:type="BASIC-TYPES:ErrorStack"/>

<auditMessage xsi:type="AUDIT-TYPES:AuditMessage">

<timestamp>2015-03-15dT12:47:21.123Z</timestamp>

<AMID>fakeamid</AMID>

<source>File</source>

<type>Type</type>

<code>1001</code>

<description>Test Description</description>

<category>Database</category>

</auditMessage>

</ADMIN-TYPES:auditGetMessageResponse>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

42.1.3. Requirements

Required administration privileges:

n View Audit Information

42.1.4. Additional references

For more information about audit messages and auditing in general, refer to the IDENTIKEY Authentication Server
Product Guide, Section "Auditing and Tracing".

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 322

 42. SOAP Audit Management

42.2. digipassActivityQuery

The digipassActivityQuery command queries the recent authentication, signature validation, admin-
istration, and provisioning activity of a particular DIGIPASS authenticator.

42.2.1. Parameters

Table 378: digipassActivityQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current admin-

istrative session. The logon command returns
this identifier after a successful logon (see 5.1.
logon).

options DigipassActivityQueryOptions Optional Options to determine what results should be

returned (see 42.2.1.2. Digi-
passActivityQueryOptions).

digipass DigipassActivityInput Mandatory Specifies the DIGIPASS authenticator to query

recent activities (see 42.2.1.1. Digi-
passActivityInput).

Table 379: digipassActivityQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

errorStack ErrorStack Optional The error stack, indicating that the command has
not completed successfully.

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

resultCount Integer Mandatory The number of items in

digipassActivityList.

digipassActivityList DigipassActivityList Optional List containing the queried DIGIPASS activities

(see 42.2.1.4. DigipassActivityList).

42.2.1.1. DigipassActivityInput
Table 380: DigipassActivityInput (Data Type)
Element Name Type Description

serialNumber String The serial number of the DIGIPASS authenticator to query.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 323

 42. SOAP Audit Management

42.2.1.2. DigipassActivityQueryOptions
Table 381: DigipassActivityQueryOptions (Data Type)
Element Name Type Description

rowOffset Unsigned Integer Optional. Option to request IDENTIKEY Authentication Server to return result records
starting from the specified offset.

Default value: 0

rowCount Unsigned Integer Optional. Option to request IDENTIKEY Authentication Server to return the specified
number of result records, beginning with the record specified by rowOffset.

If set to 0, all result records are returned.

Default value: 0

countOnly Boolean Optional. Flag to request IDENTIKEY Authentication Server to return only the number of
records in the result set, but not the result set itself.

Default value: false

sortOrder DigipassActivitySortOrder Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted (see 42.2.1.3. DigipassActivitySortOrder).

42.2.1.3. DigipassActivitySortOrder
Table 382: DigipassActivitySortOrder (Data Type)
Element Name Type Description

name DigipassActivitySortOrderFieldEnum Determines the field attribute to use as key to sort the result set.

Possible values:

n category
n clientLocation
n code
n policyID
n timestamp

order SortOrderEnum Determines the sort order of the result set.

Possible values:

n ASC. Sort result set ascendingly.

n DESC. Sort result set descendingly.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 324

 42. SOAP Audit Management

42.2.1.4. DigipassActivityList
Table 383: DigipassActivityList (Data Type)
Element Name Returned? Description

AMID Always The audit message identifier.

auditLocation Always The location of the component which audited the message. Typ-
ically an IP address.

category Always The audit category.

clientLocation Optional The location of the client component which triggered the audit mes-
sage. Typically an IP address.

clientType Optional The client component type.

code Always The audit message code.

description Always The description of the audit message.

policyID Optional The policy related to the audit message.

reason Optional A textual description why the message was audited.

source Always The string representation of the source of the audit message.

timestamp Always The time at which the audit message was recorded.

type Always The type of the audit message.

Supported values:

n Error
n Failure
n Information
n Invalid Type
n Success
n Warning

42.2.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:adm="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration">

<soapenv:Header/>

<soapenv:Body>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 325

 42. SOAP Audit Management

<adm:digipassActivityQueryRequest>

<sessionID>bbhDR7=mI90R+Q1Kr_??~9IesbmtnVyQ</sessionID>

<options>

<rowOffset>0</rowOffset>

<rowCount>100</rowCount>

<countOnly>false</countOnly>

<sortOrder name="timestamp" order="ASC"/>

</options>

<digipass>

<serialNumber>12-3456789-0</serialNumber>

</digipass>

</adm:digipassActivityQueryRequest>

</soapenv:Body>

</soapenv:Envelope>

42.2.3. Requirements

Required administration privileges:

n View Recent DIGIPASS Activity

42.2.4. Additional references

For more information about accepted recent DIGIPASS activities, refer to the IDENTIKEY Authentication Server
Product Guide, Section "User Dashboard".

42.3. userActivityQuery

The userActivityQuery command queries the recent authentication, signature validation, administration,
and provisioning activity of a particular user.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 326

 42. SOAP Audit Management

42.3.1. Parameters

Table 384: userActivityQuery Input Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

sessionID String Mandatory The session identifier of the current admin-

istrative session. The logon command returns
this identifier after a successful logon (see 5.1.
logon).

options UserActivityQueryOptions Optional Options to determine what results should be

returned (see 42.3.1.2. User-
ActivityQueryOptions).

user UserActivityInput Mandatory Specifies the user to query recent activities (see
42.3.1.1. UserActivityInput).

Table 385: userActivityQuery Output Parameters (SOAP Administration)

Parameter Name Data Type Optionality Description

errorStack ErrorStack Optional The error stack, indicating that the command has
not completed successfully.

resultCodes ResultCodes Mandatory The result and status codes returned by the com-
mand.

resultCount Integer Mandatory The number of items in userActivityList.

userActivityList UserActivityList Optional List containing the queried user activities

(see 42.3.1.5. UserActivityList).

42.3.1.1. UserActivityInput
Table 386: UserActivityInput (Data Type)
Element Name Type Description

userID String The ID of the user to query.

domain String The domain of the user to query.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 327

 42. SOAP Audit Management

42.3.1.2. UserActivityQueryOptions
Table 387: userActivityQueryOptions (Data Type)
Element Name Type Description

rowOffset Unsigned Integer Optional. Option to request IDENTIKEY Authentication Server to return result records
starting from the specified offset.

Default value: 0

rowCount Unsigned Integer Optional. Option to request IDENTIKEY Authentication Server to return the specified
number of result records, beginning with the record specified by rowOffset.

If set to 0, all result records are returned.

Default value: 0

countOnly Boolean Optional. Flag to request IDENTIKEY Authentication Server to return only the number of
records in the result set, but not the result set itself.

Default value: false

filter UserActivityFilterExpression Optional. Filter configuration for the result set (see 42.3.1.3.
UserActivityFilterExpression).

sortOrder UserActivitySortOrder Optional. Determines the sort order of the result set. By default, the result set is not sor-
ted (see 42.3.1.4. UserActivitySortOrder).

42.3.1.3. UserActivityFilterExpression
Table 388: UserActivityFilterExpression (Data Type)
Element Name Type Description

field UserActivityFilter A filter expression definition for one particular attribute field.

Table 389: UserActivityFilter Attributes (Data Type)

Attribute Type Description

name UserActivityFilterFieldEnum The field attribute to use as key to filter the result set.

Possible values:

n clientType
n policyID

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 328

 42. SOAP Audit Management

Table 390: UserActivityFilter Inner XML (Data Type)

Attribute Type Description

equals String Specifies the value to compare with UserActivityFilter.name.

Cannot be used with isNotNull.

isNotNull EmptyType Verifies that UserActivityFilter.name is not empty.

Cannot be used with equals.

42.3.1.4. UserActivitySortOrder
Table 391: UserActivitySortOrder (Data Type)
Element Name Type Description

name UserActivitySortOrderFieldEnum Determines the field attribute to use as key to sort the result set.

Possible values:

n category
n clientLocation
n code
n policyID
n serialNumber
n timestamp

order SortOrderEnum Determines the sort order of the result set.

Possible values:

n ASC. Sort result set ascendingly.

n DESC. Sort result set descendingly.

42.3.1.5. UserActivityList
Table 392: UserActivityList (Data Type)
Element Name Returned? Description

AMID Always The audit message identifier.

auditLocation Always The location of the component which audited the message. Typ-
ically an IP address.

category Always The audit category.

clientLocation Optional The location of the client component which triggered the audit mes-
sage. Typically an IP address.

clientType Optional The client component type.

code Always The audit message code.

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 329

 42. SOAP Audit Management

Table 392: UserActivityList (Data Type) (continued)

Element Name Returned? Description

description Always The description of the audit message.

policyID Optional The policy related to the audit message.

reason Optional A textual description why the message was audited.

serialNumber Optional The serial number of the DIGIPASS authenticator related to the audit
message.

source Always The string representation of the source of the audit message.

timestamp Always The time at which the audit message was recorded.

type Always The type of the audit message.

Supported values:

n Error
n Failure
n Information
n Invalid Type
n Success
n Warning

42.3.2. Example

Example
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:adm="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Administration">

<soapenv:Header/>

<soapenv:Body>

<adm:userActivityQueryRequest>

<sessionID>bbhDR7=mI90R+Q1Kr_??~9IesbmtnVyQ</sessionID>

<options>

<rowOffset>0</rowOffset>

<rowCount>100</rowCount>

<countOnly>false</countOnly>

<filter>

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 330

 42. SOAP Audit Management

<field name="clientType">

<isNotNull/>

</field>

</filter>

<sortOrder name="timestamp" order="ASC"/>

</options>

<user>

<userID>jdoe</userID>

<domain>master</domain>

</user>

</adm:userActivityQueryRequest>

</soapenv:Body>

</soapenv:Envelope>

42.3.3. Requirements

Required administration privileges:

n View Recent User Activity

42.3.4. Additional references

For more information about accepted recent user activities, refer to the IDENTIKEY Authentication Server Product
Guide, Section "User Dashboard".

IDENTIKEY Authentication Server 3.11 - SDK SOAP Reference 331