7.3 Form Fields
7.3.1 User Self Management Web Site
7.3.1.1 Registration – Main Pages
User Registration (UR), Digipass Assignment (DA) and Password Synchronization (PS) are all implemented using a single invocation of the CGI program. This permits them to be carried out either separately or in any combination. You can choose to separate them in your customized web site or keep them together as you prefer.
If Challenge/Response or a Virtual Digipass is used, the user will enter their User ID, static
password and Serial Number into the main page without a Digipass Response. They will be
directed to a challenge page, which is specified in the next topic, in which they should enter
either a Response to the challenge or the OTP sent to their mobile phone. The following table
applies only to the main page.
Digipass Plug-In for IAS Administrator Reference Web Sites
The following posted form fields must be used on the main page, according to the particular function and other conditions specified below:
Form Field Name Visible Label (Default)
Value(s) Required?
UR PS DA
dpcgi_operation <hidden> “register” for User Registration, Digipass Assignment or Password Synchronization.
Y Y Y
dpcgi_success_page <hidden> Relative or absolute URL of web page to go to if the function is successful.
Y Y Y
dpcgi_fail_page <hidden> Relative or absolute URL of web page to go to if the function fails.
Y Y Y
dpcgi_challenge_page <hidden> Relative or absolute URL of web page to go to if a challenge is returned for the user.
(4) (1)
dpcgi_userid UserId UserID in the IAS Plug-In. Y Y Y
dpcgi_password Password Static password. Y Y Y
dpcgi_serialno Serial Number
Digipass serial number. Y
dpcgi_response Digipass Response
Digipass response (without static PIN if there is one). (5) (2)
dpcgi_newpin New PIN New static PIN (for Go 1/Go 3). (3)
dpcgi_confirmpin Confirm New PIN
Confirm the new static PIN. (3)
dpcgi_usecombinedpwd <hidden> “True” to send the password, serial number, response and PIN to the IAS Plug-In in one attribute.
“False” to send the contents of the password field
Table 13: Form Fields for Main Registration Page
(1) If any users may self-assign a Challenge/Response Digipass, provide this form field.
(2) If any users may self-assign a Response Only Digipass, provide this form field.
(3) If any users may self-assign a Response Only Digipass which uses a static PIN at the beginning of the response (eg. Go 1/Go 3), where the Digipass are initialized with no initial static PIN, they have to enter a new PIN the first time they use the Digipass. If they are self-assigning the Digipass, that means that they have to enter the new PIN and confirm it during the self-assignment process. They can do this by adding the new PIN twice at the end of the Digipass Response, however it may be more user-friendly to provide these two separate form fields.
(4) If any users have a Challenge/Response application or a Primary Virtual Digipass, include this field.
(5) If any users have a Response Only application, include this field.
Digipass Plug-In for IAS Administrator Reference Web Sites
7.3.1.2 Registration – Challenge Page
The Registration challenge page will be used for Digipass Challenge/Response or Virtual Digipass. The user enters their response to the challenge, to complete the registration process.
The following posted form fields must be used on the challenge page:
Form Field Name
Visible Label (Default)
Value(s) Required?
dpcgi_operation <hidden> “register” for User Registration, Digipass Assignment or Password Synchronization.
Y
dpcgi_success_page <hidden> Relative or absolute URL of web page to go to if the function is successful.
Y
dpcgi_fail_page <hidden> Relative or absolute URL of web page to go to if the function fails.
Y
dpcgi_userid UserId UserID in the IAS Plug-In. Y
dpcgi_response Digipass Response
Digipass response or Virtual Digipass OTP. Y
dpcgi_challenge Challenge Digipass challenge returned to the user. Y
Table 14: Form Fields for Registration Challenge Page
Note
If you make dpcgi_challenge a visible form field, ensure that it is not
modifiable. An alternative is to make it a hidden form field, while also
displaying the challenge in HTML text rather than as a form field.
Digipass Plug-In for IAS Administrator Reference Web Sites
7.3.1.3 Server PIN Change
The PIN Change function is only applicable for Digipass Response Only where a Server PIN is entered at the start of the response (eg. Go 1/Go 3).
The following posted form fields must be used on the PIN Change page:
Form Field Name
Visible Label (Default)
Value(s) Required?
dpcgi_operation <hidden> “changepin” for PIN Change. Y
dpcgi_success_page <hidden> Relative or absolute URL of web page to go to if the function is successful.
Y
dpcgi_fail_page <hidden> Relative or absolute URL of web page to go to if the function fails.
Y
dpcgi_userid UserId UserID in the IAS Plug-In. Y
dpcgi_response Digipass Response Digipass response (without static PIN if there is one). Y
dpcgi_currentpin Current PIN Current static PIN to be changed. (6)
dpcgi_newpin New PIN New static PIN. Y
dpcgi_confirmpin Confirm New PIN Confirm the new static PIN. Y
Table 15: Form Fields for Server PIN Change Page
(6) If the Digipass has had its Server PIN reset by the administrator, because the user has
forgotten it, there is no current Server PIN to enter here. In all other cases, the current
Server PIN must be provided to permit the PIN change.
Digipass Plug-In for IAS Administrator Reference Web Sites
7.3.1.4 Login Test – Main Page
If a Challenge/Response application or Primary Virtual Digipass is used, the user will enter just their UserId (and maybe password) into the main page without a Digipass Response. If using the Backup Virtual Digipass, they will need to enter the trigger specified in server settings (password and/or a Keyword) into the password field.
They will be directed to a challenge page, specified in the next topic. The following table applies only to the main page.
The following posted form fields must be used on the main page:
Form Field Name
Visible Label (Default)
Value(s) Required?
dpcgi_operation <hidden> “testlogin” for Login Test. Y
dpcgi_success_page <hidden> Relative or absolute URL of web page to go to if the function is successful.
Y
dpcgi_fail_page <hidden> Relative or absolute URL of web page to go to if the function fails.
Y
dpcgi_challenge_page <hidden> Relative or absolute URL of web page to go to if a challenge is returned for the user.
(7)
dpcgi_userid UserId UserID in the IAS Plug-In. Y
dpcgi_response Digipass Response Digipass response (with static PIN if there is one). (8)
Table 16: Form Fields for Main Login Test Page
(7) If any users have a Challenge/Response Digipass, a Primary Digipass or use the Backup Virtual Digipass feature, provide this form field.
(8) If any users have a Response Only Digipass, provide this form field.
Digipass Plug-In for IAS Administrator Reference Web Sites
7.3.1.5 Login Test – Challenge Page
The user enters their response to the challenge or the OTP sent to their mobile phone to complete the login test.
The following posted form fields must be used on the challenge page:
Form Field Name
Visible Label (Default)
Value(s) Required?
dpcgi_operation <hidden> “testlogin” for Login Test. Y
dpcgi_success_page <hidden> Relative or absolute URL of web page to go to if the function is successful.
Y
dpcgi_fail_page <hidden> Relative or absolute URL of web page to go to if the function fails.
Y
dpcgi_userid UserID User ID in the IAS Plug-In. Y
dpcgi_response Digipass Response Digipass response. Y
dpcgi_challenge Challenge Digipass challenge returned to the user. Y