Entrust Soft Token
Entrust Identity is a mobile app that provides a secure, convenient way to authenticate to your applications. It is available for iOS and Android devices.
This sample is for demonstration purposes only. It is not intended for production use. In production, you should use a secure method to store the application id.
Prerequisites
To enable Entrust Soft Token authentication, users must register and activate their Entrust Identity app in your IDaaS tenant.
Authentication
Entrust Soft Token Code
To authenticate a user with Entrust Soft Token, see the following code example:
- Java
- CSharp
- Python
package com.entrust.idaas.userAuthenticate;
import com.entrustdatacard.intellitrust.auth.ApiClient;
import com.entrustdatacard.intellitrust.auth.api.AuthenticationApi;
import com.entrustdatacard.intellitrust.auth.model.*;
import java.io.BufferedReader;
import java.io.InputStreamReader;
public class UserAuthenticate {
private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
private static final String HOST_NAME = "YOUR_HOST_NAME";
public static void main(String args[]) throws Exception {
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(HOST_NAME);
AuthenticationApi authApi = new AuthenticationApi(apiClient);
String userId = "exampleUser";
String authType = "TOKEN";
UserChallengeParameters challengeParms = new UserChallengeParameters()
.applicationId(APPLICATION_ID)
.userId(userId);
AuthenticatedResponse challengeResponse = authApi.userChallengeUsingPOST(authType, challengeParms);
System.out.println("Soft Token ID: " + String.join(", ", challengeResponse.getTokenDetails()));
System.out.print("Enter the code from your entrust Identity app:");
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String response = br.readLine();
UserAuthenticateParameters authParms = new UserAuthenticateParameters()
.applicationId(APPLICATION_ID)
.response(response);
try {
AuthenticatedResponse authResponse = authApi.userAuthenticateUsingPOST(authType, authParms, challengeResponse.getToken());
if (Boolean.TRUE.equals(authResponse.getAuthenticationCompleted())) {
System.out.println("Authentication successful!");
}
} catch (Exception e) {
System.out.println("Authentication failed: " + e.getMessage());
}
}
}
using com.entrustdatacard.intellitrust.auth.api;
using com.entrustdatacard.intellitrust.auth.Client;
using com.entrustdatacard.intellitrust.auth.model;
namespace Samples
{
internal class AuthApiSample
{
private static readonly string HOST_NAME = "YOUR_HOST_NAME";
private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void Main()
{
Configuration configuration = new Configuration();
configuration.BasePath = HOST_NAME;
var authApi = new AuthenticationApi(configuration);
string userId = "exampleUser";
string authType = "TOKEN";
var userChallengeParameters = new UserChallengeParameters(applicationId: APPLICATION_ID, userId: userId);
var challengeResponse = authApi.UserChallengeUsingPOST(authType, userChallengeParameters);
Console.WriteLine("Soft Token ID: " + String.Join(", ", challengeResponse.TokenDetails));
Console.Write("Enter the code from your entrust Identity app:");
string response = Console.ReadLine();
var userAuthenticateParameters = new UserAuthenticateParameters(applicationId: APPLICATION_ID, response: response);
try
{
var authenticatedResponse = authApi.UserAuthenticateUsingPOST(authType, userAuthenticateParameters, challengeResponse.Token);
if (authenticatedResponse.AuthenticationCompleted == true)
{
Console.WriteLine("Authentication successful");
}
}
catch (Exception e)
{
Console.WriteLine(e.Message);
Console.WriteLine("Authentication failed");
}
}
}
}
from IntelliTrust_Python_Authentication import ApiClient, Configuration
import IntelliTrust_Python_Authentication.api as apis
import IntelliTrust_Python_Authentication.models as models
conf = Configuration(host="YOUR_HOST_NAME")
with ApiClient(configuration=conf) as api_client:
auth_api = apis.AuthenticationApi(api_client)
application_id = "YOUR_APPLICATION_ID"
user_id = "exampleUser"
auth_type = "TOKEN"
user_challenge_parameters = models.UserChallengeParameters(application_id=application_id, user_id=user_id)
challenge_response = auth_api.user_challenge_using_post(auth_type, user_challenge_parameters)
print("Soft Token ID: " + ", ".join(challenge_response.token_details))
response = input("Enter the code from your Entrust Identity app:")
user_authenticate_parameters = models.UserAuthenticateParameters(application_id=application_id, response=response)
try:
auth_response = auth_api.user_authenticate_using_post(auth_type, user_authenticate_parameters, challenge_response.token)
if auth_response.authentication_completed:
print("Authentication Successful")
print("Auth token: ", auth_response.token)
except exceptions.ForbiddenException as e:
print("Authentication Failed: ", e)
Push Notification
To authenticate a user with Entrust Soft Token using a push notification, see the following code example:
- Java
- CSharp
- Python
package com.entrust.idaas.userAuthenticate;
import com.entrustdatacard.intellitrust.auth.ApiClient;
import com.entrustdatacard.intellitrust.auth.api.AuthenticationApi;
import com.entrustdatacard.intellitrust.auth.model.*;
public class UserAuthenticate {
private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
private static final String HOST_NAME = "YOUR_HOST_NAME";
public static void main(String args[]) throws Exception {
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(HOST_NAME);
AuthenticationApi authApi = new AuthenticationApi(apiClient);
String userId = "exampleUser";
String authType = "TOKENPUSH";
UserChallengeParameters challengeParms = new UserChallengeParameters()
.applicationId(APPLICATION_ID)
.userId(userId);
AuthenticatedResponse challengeResponse = authApi.userChallengeUsingPOST(authType, challengeParms);
UserAuthenticateParameters authParms = new UserAuthenticateParameters()
.applicationId(APPLICATION_ID);
int maxWait = 60;
int checkInterval = 5;
for (int i = 0; i < maxWait/checkInterval; i += 1) {
AuthenticatedResponse authResponse = authApi.userAuthenticateUsingPOST(authType, authParms, challengeResponse.getToken());
if (authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CONFIRM) {
System.out.println("Authentication successful");
break;
} else if (authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CONCERN || authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CANCEL) {
System.out.println("Authentication failed with status: " + authResponse.getStatus());
break;
} else {
System.out.println("Waiting for user to confirm push notification " + (i+1) + "/" + maxWait/checkInterval);
Thread.sleep(checkInterval * 1000);
}
}
}
}
using com.entrustdatacard.intellitrust.auth.api;
using com.entrustdatacard.intellitrust.auth.Client;
using com.entrustdatacard.intellitrust.auth.model;
namespace Samples
{
internal class AuthApiSample
{
private static readonly string HOST_NAME = "YOUR_HOST_NAME";
private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void Main()
{
Configuration configuration = new Configuration();
configuration.BasePath = HOST_NAME;
var authApi = new AuthenticationApi(configuration);
string userId = "exampleUser";
string authType = "TOKENPUSH";
var challengeParms = new UserChallengeParameters(applicationId: APPLICATION_ID, userId: userId);
var challengeResponse = authApi.UserChallengeUsingPOST(authType, challengeParms);
var authParms = new UserAuthenticateParameters(applicationId: APPLICATION_ID);
int maxWait = 60;
int checkInterval = 5;
for (int i = 0; i < maxWait / checkInterval; i += 1)
{
var authResponse = authApi.UserAuthenticateUsingPOST(authType, authParms, challengeResponse.Token);
if (authResponse.Status == AuthenticatedResponse.StatusEnum.CONFIRM)
{
Console.WriteLine("Authentication successful");
break;
}
else if (authResponse.Status == AuthenticatedResponse.StatusEnum.CONCERN ||
authResponse.Status == AuthenticatedResponse.StatusEnum.CANCEL)
{
Console.WriteLine("Authentication failed with status: " + authResponse.Status);
break;
}
else
{
Console.WriteLine("Waiting for user to confirm push notification " + (i + 1) + "/" +
maxWait / checkInterval);
Thread.Sleep(checkInterval * 1000);
}
}
}
}
}
from IntelliTrust_Python_Authentication import ApiClient, Configuration
import IntelliTrust_Python_Authentication.api as apis
import IntelliTrust_Python_Authentication.models as models
import time
conf = Configuration(host="YOUR_HOST_NAME")
with ApiClient(configuration=conf) as api_client:
auth_api = apis.AuthenticationApi(api_client)
application_id = "YOUR_APPLICATION_ID"
user_id = "exampleUser"
auth_type = "TOKENPUSH"
user_challenge_parameters = models.UserChallengeParameters(application_id=application_id, user_id=user_id)
challenge_response = auth_api.user_challenge_using_post(auth_type, user_challenge_parameters)
user_authenticate_parameters = models.UserAuthenticateParameters(application_id=application_id)
max_wait_time = 60
check_interval = 5
# Loop until the user confirms the push notification on their device or the timeout expires
for i in range(max_wait_time // check_interval):
auth_response = auth_api.user_authenticate_using_post(auth_type, user_authenticate_parameters, challenge_response.token)
if auth_response.status == "CONFIRM":
print("User authenticated")
break
elif auth_response.status == "CONCERN" or auth_response.status == "CANCEL":
print("User authentication failed with status: " + auth_response.status)
break
else:
print(f"Waiting for user to confirm push notification {i+1}/{max_wait_time // check_interval}")
time.sleep(check_interval)
Push Notification with Mutual Challenge
To authenticate a user with Entrust Soft Token using a push notification with mutual challenge, you need to first enable mutual challenge in your IDaaS tenant. See the help documentation for more information. After the mutual challenge is configured, see the following code example to authenticate a user with Entrust Soft Token using a push notification with mutual challenge:
- Java
- CSharp
- Python
package com.entrust.idaas.userAuthenticate;
import com.entrustdatacard.intellitrust.auth.ApiClient;
import com.entrustdatacard.intellitrust.auth.api.AuthenticationApi;
import com.entrustdatacard.intellitrust.auth.model.*;
public class UserAuthenticate {
private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
private static final String HOST_NAME = "YOUR_HOST_NAME";
public static void main(String args[]) throws Exception {
ApiClient apiClient = new ApiClient();
apiClient.setBasePath(HOST_NAME);
AuthenticationApi authApi = new AuthenticationApi(apiClient);
String userId = "exampleUser";
String authType = "TOKENPUSH";
UserChallengeParameters challengeParms = new UserChallengeParameters()
.applicationId(APPLICATION_ID)
.userId(userId)
.tokenPushMutualChallengeEnabled(true);
AuthenticatedResponse challengeResponse = authApi.userChallengeUsingPOST(authType, challengeParms);
System.out.println("Select or enter the following challenge on your device:");
System.out.println("============Mutual Challenge============");
System.out.println(challengeResponse.getTokenPushMutualChallenge());
System.out.println("========================================");
UserAuthenticateParameters authParms = new UserAuthenticateParameters()
.applicationId(APPLICATION_ID);
int maxWait = 60;
int checkInterval = 5;
for (int i = 0; i < maxWait/checkInterval; i += 1) {
AuthenticatedResponse authResponse = authApi.userAuthenticateUsingPOST(authType, authParms, challengeResponse.getToken());
if (authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CONFIRM) {
System.out.println("Authentication successful");
break;
} else if (authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CONCERN || authResponse.getStatus() == AuthenticatedResponse.StatusEnum.CANCEL) {
System.out.println("Authentication failed with status: " + authResponse.getStatus());
break;
} else {
System.out.println("Waiting for user to confirm push notification " + (i+1) + "/" + maxWait/checkInterval);
Thread.sleep(checkInterval * 1000);
}
}
}
}
using com.entrustdatacard.intellitrust.auth.api;
using com.entrustdatacard.intellitrust.auth.Client;
using com.entrustdatacard.intellitrust.auth.model;
namespace Samples
{
internal class AuthApiSample
{
private static readonly string HOST_NAME = "YOUR_HOST_NAME";
private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";
public static void Main()
{
Configuration configuration = new Configuration();
configuration.BasePath = HOST_NAME;
var authApi = new AuthenticationApi(configuration);
string userId = "exampleUser";
string authType = "TOKENPUSH";
var challengeParms = new UserChallengeParameters(applicationId: APPLICATION_ID, userId: userID);
var challengeResponse = authApi.UserChallengeUsingPOST(authType, challengeParms);
Console.WriteLine("Select or enter the following challenge on your device:");
Console.WriteLine("============Mutual Challenge============");
Console.WriteLine(challengeResponse.TokenPushMutualChallenge);
Console.WriteLine("========================================");
var authParms = new UserAuthenticateParameters(applicationId: APPLICATION_ID);
int maxWait = 60;
int checkInterval = 5;
for (int i = 0; i < maxWait / checkInterval; i += 1)
{
var authResponse = authApi.UserAuthenticateUsingPOST(authType, authParms, challengeResponse.Token);
if (authResponse.Status == AuthenticatedResponse.StatusEnum.CONFIRM)
{
Console.WriteLine("Authentication successful");
break;
}
else if (authResponse.Status == AuthenticatedResponse.StatusEnum.CONCERN ||
authResponse.Status == AuthenticatedResponse.StatusEnum.CANCEL)
{
Console.WriteLine("Authentication failed with status: " + authResponse.Status);
break;
}
else
{
Console.WriteLine("Waiting for user to confirm push notification " + (i + 1) + "/" +
maxWait / checkInterval);
Thread.Sleep(checkInterval * 1000);
}
}
}
}
}
from IntelliTrust_Python_Authentication import ApiClient, Configuration
import IntelliTrust_Python_Authentication.api as apis
import IntelliTrust_Python_Authentication.models as models
conf = Configuration(host="YOUR_HOST_NAME")
with ApiClient(configuration=conf) as api_client:
auth_api = apis.AuthenticationApi(api_client)
application_id = "YOUR_APPLICATION_ID"
user_id = "exampleUser"
auth_type = "TOKENPUSH"
user_challenge_parameters = models.UserChallengeParameters(application_id=application_id, user_id=user_id, token_push_mutual_challenge_enabled=True)
challenge_response = auth_api.user_challenge_using_post(auth_type, user_challenge_parameters)
# The Entrust Identity app will generate a token code for the user to enter
# into the Entrust Identity app.
token_push_mutual_challenge = challenge_response.token_push_mutual_challenge
print("Select or enter the following challenge on your device:")
print("=== Mutual Challenge ===")
print(token_push_mutual_challenge)
print("=== Mutual Challenge ===")
user_authenticate_parameters = models.UserAuthenticateParameters(application_id=application_id)
max_wait_time = 60
check_interval = 5
# Loop until the user confirms the push notification on their device or the timeout expires
for i in range(max_wait_time // check_interval):
auth_response = auth_api.user_authenticate_using_post(auth_type, user_authenticate_parameters, challenge_response.token)
if auth_response.status == "CONFIRM":
print("User authenticated")
break
elif auth_response.status == "CONCERN" or auth_response.status == "CANCEL":
print("User authentication failed with status: " + auth_response.status)
break
else:
print(f"Waiting for user to confirm push notification {i+1}/{max_wait_time // check_interval}")
time.sleep(check_interval)