mirror of
https://github.com/Yubico/yubikey-val.git
synced 2024-12-01 15:24:16 +01:00
71 lines
2.6 KiB
Plaintext
71 lines
2.6 KiB
Plaintext
== Server Replication Protocol
|
|
|
|
This document describes the server to server protocol. Its purpose is
|
|
to synchronize the last used session and use counter between multiple
|
|
validation servers.
|
|
|
|
Multiple validations servers are connected together so that each
|
|
validation server can talk to any of the other validation server using
|
|
the Server Replication Protocol. The validation servers are
|
|
authenticated by the use of certificates.
|
|
|
|
val A <-> val B <-> val C <-> val A
|
|
|
|
See the ValidationProtocolV20 for definition of the client to server
|
|
protocol. The protocol described here is the server to server
|
|
protocol. See ValidationServerAlgorithm for a description of the
|
|
implementation algorithm that uses this protocol.
|
|
|
|
=== Sync request specification
|
|
|
|
A sync request is issued with a HTTP get call, like this:
|
|
|
|
https://apiX.yubico.com/wsapi/sync?otp=xyz&modified=1264430686&nonce=foobar&yk_identity=foo&yk_counter=42&yk_use=17&yk_high=10&yk_low=5
|
|
|
|
The following parameters are used
|
|
[options="header"]
|
|
|=============================
|
|
| parameter |type |values
|
|
| otp | string | one-time password (for logging purposes)
|
|
| modified | integer | unix timestamp of when OTP was received
|
|
| nonce | string | nonce from client request
|
|
| yk_identity | modhex | YubiKey OTP identity in question
|
|
| yk_counter | integer | last seen session counter by sender
|
|
| yk_use | integer | last seen session use by sender
|
|
| yk_high | integer | OTP internal high time value
|
|
| yk_low | integer | OTP internal low time value
|
|
|==============================
|
|
|
|
Input values for yk_counter, yk_use, yk_high and yk_low are always
|
|
positive except for -1 which indicates that the requesting server did
|
|
not have any earlier information about the !YubiKey.
|
|
|
|
An example response is
|
|
|
|
modified=1264430686
|
|
nonce=aspodkaaspdokas
|
|
yk_identity=cccccccccccf
|
|
yk_counter=api2 session counter
|
|
yk_use=api2 session use counter
|
|
yk_high=value
|
|
yk_low=value
|
|
|
|
The values returned are:
|
|
|
|
[options="header"]
|
|
|====================
|
|
| parameter |type |values
|
|
| modified | integer | timestamp of when last OTP was received
|
|
| nonce | string | nonce from client for last OTP
|
|
| yk_identity | modhex | YubiKey OTP identity in question
|
|
| yk_counter | integer | last seen session counter
|
|
| yk_use | integer | last seen session use
|
|
| yk_high | integer | last seen high time value
|
|
| yk_low | integer | last seen low time value
|
|
|========================
|
|
|
|
Output values for modified, yk_counter, yk_use, yk_high and yk_low are
|
|
always positive except for -1 which indicates that the server did not
|
|
have any earlier information about the YubiKey. In this case, nonce
|
|
is a newly allocated random nonce.
|