5.1.2. OCRA Controller

Most functions of the OCRA controller provide insight into the interna of the OCRA token, this is why the OCRA controller is also protected via authentication. Additionally the administrator or a system account needs to have a policy defined, to be able to access the OCRA functions. See OCRA Policies.

The only function, that can be accessed directly is the ocra/check_t function.

class linotp.controllers.ocra.OcraController(*args, **kw)

The OcraController implements challenges/response tokens according to RFC 6287

request()

method:

ocra/request

description:

request a challenge for a user or for a serial number (token).

arguments:

• serial: (required - string) Serial number of the token, for which a challenge should be generated (either serial or user is required)
• user: (required - string) The user for whose token a challenge should be generated If the user has more than one token, an error is returend. (either serial or user is required)
• data: (required - String: URLendoced) These are the display data, that can be used to generate the challenge

remark:

the app will report a wrong qrcode, if the policy:

{'authentication' : qrtanurl=https://localhost }

is not defined !!

returns:

A JSON respone:

{
    "version": "LinOTP 2.4",
    "jsonrpc": "2.0",
    "result": {
        "status": true,
        "value": false,
    },
    "detail": {
            "transactionid" : TRANSAKTIONSID,
            "data" : DATAOBJECT,
    }
}

• transactionid: This is the transaction ID, that is used later for verifying the Return code /TAN.
• data: This is an object (URL) which can be used to generate a QR-Code to be displayed to the QRTAN App

check_t()

method:

orcra/check_t

description:

verify the response of the ocra token

arguments:

• transactionid: (required - string)

  Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

• pass: (required - string)

  die response, die der OCRA Token auf Grund der Challenge berechnet hat

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": {
         "failcount" : 3,
         "result": false
        }
    },
 "id": 0
}

exception:

checkstatus()

method:

orcra/checkstatus

description:

Methode zur assynchronen Ueberpruefungen eines Challenge Response Valiadation requests

arguments:

• transactionid: (required one of - string - (hex))

  Dies ist eine Transaktions-ID, die bei der Challenge ausgegeben wurde.

• serial: (required one of - string)

  die Serien Nummer des OCRA Token

• user: (required one of - string)

  die Benutzer eines Tokens

required is one of (user,serial,transactionid)

returns:

A JSON response:

{
 "version": "LinOTP 2.4",
 "jsonrpc": "2.0",
 "result": {
     "status": true,
     "value": [
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID1,
             "received_tan": true,
             "valid_tan": true,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER1,
             "transactionid": TRANSACTIONID2,
             "received_tan": false,
             "valid_tan": false,
             "failcount": 0
             },
             {
             "serial": SERIENNUMMER2,
             "transactionid": TRANSACTIONID3,
             "received_tan": true,
             "valid_tan": false,
             "failcount": 2
             },
         ]
     },
 "id": 0
 }

exception:

getActivationCode()

method:

orcra/getActivationCode

description:

returns an valid example activcation code

arguments:

./.

returns:

JSON with “activationcode”: “JZXW4ZI=2A”

calculateOtp()