OTP Server API commands - SSO

Owned by ubisebastian
2021-01-19

Supported operations

  1. Create OTP list
    1. Returns a single OTP list
    2. In batch mode returns a number of lists

Associate an OTP list with user identifier
Query OTP list status by list id or user identifier
Delete OTP list

Operations to be implemented

  1. Query OTP lists that match a given condition

List and user identifier status

List Status

The following list status values are defined:

freeassociatedactive
  • A newly created list has status “free”. A “free” list has an expiration time.
  • An expired list is automatically removed from the OTP Server.
  • A “free” list becomes associated with the associate (4.2) operation.
  • Any expiration time of a “free” list is ignored. A new expiration time may be assigned by system policy.
  • The associate operation overwrites any previous “associated” list. The previous “associated” list is removed from the OTP Server.
  • The associate operation cannot overwrite an “active” list.
  • An “active” list is in use.
  • An “associated” list becomes “active” when the first password from the “associated” list is used.
  • The previous “active” list is removed from the OTP Server.

User Identifier States

Possible user identifier states are:

  1. no associated and no active list
    The user identifier does not exist on the OTP Server.
  2. one associated list, no active list
    A list has been associated with the user identifier and is ready for use. The list becomes active when the first password from the list is used.
  3. one active list, no associated list
    The active list is in use. No associated list exists. If the active list runs out then the user cannot authenticate.
  4. one active list and one associated list
    The active list is in use. The associated list becomes active when the first password from the list is used.

Ubisecure Privacy Policy & Cookie Statement