KB_100031: Testing a Digipass Password in Digipass Plug-in for SBR 2.23/20/2007 10:44:51 AM
When a user fails to authenticate using his Digipass this might be caused by an incorrectly generated One Time Password (OTP) by the Digipass. This document describes how to test the generated OTP.
An authentication failure due to an incorrect OTP can have a number of causes. The easiest way to find the exact reason of failure is to use the embedded test function.
Depending on the return code of the test, an appropriate action can be taken.
Testing an OTP using the embedded test function.
1. Open the DIGIPASS Plug-in for SBR 2.2 administration MMC:
2. logon using an account with administrative privileges:
3. Open the Digipass folder, Right-click the Digipass to be tested and choose Properties from the drop-down menu:
4. Select the correct Digipass Application, and click the “Test” button:
5. Enter the response of your Digipass and press the “Verify” Button. Make sure to choose the same application on the Digipass as the application chosen in the previous step.
In case you use a server-side PIN, this PIN must be entered in front of OTP in the One Time Password field
6. Results and corresponding actions:
The Verification of the OTP can return the following results:
• 0: Operation successful
The Digipass is functioning correctly
• 1: Validation failed
This code means that the OTP is not valid. Possible causes can be:
o Server clock is not correct:
→ check the Date, Time and Time zone of the server
o The Clock inside the Digipass has drifted too much:
→ execute the reset application procedure described later in this document.
o A defective token.
→ Please contact Vasco support on firstname.lastname@example.org to get a replacement token
• -202: Response too small
This usually indicates that you did not enter enough characters.
A common error is that the server-side PIN is not entered in front of the OTP.
This only applies to Digipass without a PIN pad like e.g.; DPGO1, DPGO3, …
• -203: Response too long
This usually indicates that you entered too many characters
Resetting a Digipass application.
The Real Time Clock inside a Digipass can drift up to 2 seconds per day.
When a Digipass has not been used for a while, the difference between the sever clock
and the Digipass clock can cause a validation failure of the OTP.
A reset of the Digipass application will allow the resynchronization of the 2 clocks.
1. Execute step 1 of the test token procedure described earlier in this document.
2. Execute step 2 of the test token procedure described earlier in this document.
3. Select the correct Digipass Application and click the “Reset Application” button:
4. Confirm the action by pressing the “Yes” Button:
5. After the Reset Application, the time drift of the clock inside the Digipass is recorded on the server.
Now the test token function can be retried to check if the reset application cured the OTP validation problem.
Applies to: Digipass Plug-in for SBR 2.2
KB 100031.doc (1.0) – 18/09/2007 16:24
© 2007 VASCO Data Security. All rights reserved.