Feitian C100 - C200 Tokens with OpenOTP
  Download PDF

1. Description of Feitian c100/c200 Tokens

OpenOTP supports Feitian c100 & c200 Token series. Feitian c100 are OATH-HOTP (event-based) and c200 are OATH-TOTP (time-based).

The Tokens are provided with a PSKC import file by Feitian. The file includes the Token secret key in an encrypted or cleartext format. If it is encrypted, the PSKC decryption key should have been provided to you by Feitian.

2. Register a Feitian token

To register a Token with a PSKC file, edit a user account in WebADM and go to the MFA Authentication Server application action.

Figure 1. WebADM (selecting MFA Authentication Server action under user)

Select Import OATH-PSKC File to import the Token file to the user.

Figure 2. WebADM (selecting Import OATH-PSKC File menu)

Then, select the PSKC file to be imported. You can also provide an encryption password if needed.

Figure 3. WebADM (selecting file for import)

On the next page, you will see a summary of token information. You can then assign it to the user, or you can also export it as a CSV inventory.

Figure 4. WebADM (assigning the token or exporting as CSV)

Note

There is also a command line import tool in /opt/webadm/websrvs/openotp/bin/pskc2inv. This tool will convert the (encrypted/cleartext) PSKC to a CSV file containing the Token serial numbers and OATH keys. More information on this command is available on the [Utilities and Command Line Tools for OpenOTP] (/howtos/utilities_cmd_tool_openotp/utilsopenotp/#4-pskc2inv) documentation page.

Note

If the PSKC import fails, please ask Feitian for an import file compliant with PSKC RFC-6030.

3. Configuration of OpenOTP

3.1 Per-user configuration

If only some accounts are using a c200 token, you can configure the user account with TOKEN TokenType. With c200 Tokens, set the TOTP Time Step to 60 seconds (this is Feitian default). The Time Step is very important and Token will not work if not correctly set.

3.2 General configuration

If you use only c200 Tokens, you can configure the TOTP Time Step at the OpenOTP application level in the Applications/OpenOTP WebADM menu.