Feitian c100 - c200 Tokens with OpenOTP
1. Description of Feitian c100/c200 Tokens
OpenOTP supports Feitian c100 & c200 Token series. Feitian c100 are OATH-HOTP (event-based) and c200 are OATH-TOTP (time-based).
The Tokens are provided with a PSKC import file by Feitian. The file includes the Token secret key in an encrypted or cleartext format. If it is encrypted, the PSKC decryption key should have been provided to you by Feitian.
2. Register a Feitian token
To register a Token with a PSKC file, edit a user account in WebADM and go to the MFA Authentication Server application action.
Select Import OATH-PSKC File to import the Token file to the user.
Then, select the PSKC file to be imported. You can also provide an encryption password if needed.
On the next page, you will see a summary of token information. You can then assign it to the user, or you can also export it as a CSV inventory.
There is also a command line import tool in
/opt/webadm/websrvs/openotp/bin/pskc2inv. This tool will convert the (encrypted/cleartext) PSKC to a CSV file containing the Token serial numbers and OATH keys.
More information on this command is available on the [Utilities and Command Line Tools for OpenOTP] (/howtos/utilities_cmd_tool_openotp/utilsopenotp/#4-pskc2inv) documentation page.
If the PSKC import fails, please ask Feitian for an import file compliant with PSKC RFC-6030.
3. Configuration of OpenOTP
3.1 Per-user configuration
If only some accounts are using a c200 token, you can configure the user account with TOKEN TokenType. With c200 Tokens, set the TOTP Time Step to 60 seconds (this is Feitian default). The Time Step is very important and Token will not work if not correctly set.
3.2 General configuration
If you use only c200 Tokens, you can configure the TOTP Time Step at the OpenOTP application level in the Applications/OpenOTP WebADM menu.