Feitian c100 - c200 Tokens with OpenOTP
Token

Download PDF

1. Description of Feitian c100/c200 Tokens

OpenOTP supports Feitian c100 & c200 Token series. Feitian c100 are OATH-HOTP (event-based) and c200 are OATH-TOTP (time-based).

The Tokens are provided with a PSKC import file by Feitian. The file includes the Token secret key in an encrypted or cleartext format. If it is encrypted, the PSKC decryption key should have been provided to you by Feitian.

2. Register a Feitian token

To register a Token with a PSKC file, edit a user account in WebADM and go to the MFA Authentication Server application action. screenshot

Figure 1. WebADM (selecting MFA Authentication Server action under user)

Select Import OATH-PSKC File to import the Token file to the user. screenshot

Figure 2. WebADM (selecting Import OATH-PSKC File menu)

Then, select the PSKC file to be imported. You can also provide an encryption password if needed. screenshot

Figure 3. WebADM (selecting file for import)

On the next page, you will see a summary of token information. You can then assign it to the user, or you can also export it as a CSV inventory. screenshot

Figure 4. WebADM (assigning the token or exporting as CSV)

Note

There is also a command line import tool in /opt/webadm/websrvs/openotp/bin/pskc2inv. This tool will convert the (encrypted/cleartext) PSKC to a CSV file containing the Token serial numbers and OATH keys. More information on this command is available on the [Utilities and Command Line Tools for OpenOTP] (/howtos/utilities_cmd_tool_openotp/utilsopenotp/#4-pskc2inv) documentation page.

Note

If the PSKC import fails, please ask Feitian for an import file compliant with PSKC RFC-6030.

3. Configuration of OpenOTP

3.1 Per-user configuration

If only some accounts are using a c200 token, you can configure the user account with TOKEN TokenType. With c200 Tokens, set the TOTP Time Step to 60 seconds (this is Feitian default). The Time Step is very important and Token will not work if not correctly set.

3.2 General configuration

If you use only c200 Tokens, you can configure the TOTP Time Step at the OpenOTP application level in the Applications/OpenOTP WebADM menu.

This manual was prepared with great care. However, RCDevs Security S.A. and the author cannot assume any legal or other liability for possible errors and their consequences. No responsibility is taken for the details contained in this manual. Subject to alternation without notice. RCDevs Security S.A. does not enter into any responsibility in this respect. The hardware and software described in this manual is provided on the basis of a license agreement. This manual is protected by copyright law. RCDevs Security S.A. reserves all rights, especially for translation into foreign languages. No part of this manual may be reproduced in any way (photocopies, microfilm or other methods) or transformed into machine-readable language without the prior written permission of RCDevs Security S.A. The latter especially applies for data processing systems. RCDevs Security S.A. also reserves all communication rights (lectures, radio and television). The hardware and software names mentioned in this manual are most often the registered trademarks of the respective manufacturers and as such are subject to the statutory regulations. Product and brand names are the property of RCDevs Security. © 2023 RCDevs Security S.A., All Rights Reserved