• State Verified Answer
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 896 views
  • Users 0 members are here
Options
Related

Defender SMS Token

Mahmoud Emad
19 days ago

Hello,

We are currently integrating Defender MFA with our SMS service provider to enable SMS token delivery.

During the configuration, we encountered some limitations and need clarification regarding the supported API call formats Defender accepts under the Mobile Provider settings.

We noticed that Defender provides a default POST data structure for 2sms, as shown below:

<?xml version="1.0" encoding="UTF-8"?> <Request xmlns:xsi="">www.w3.org/.../XMLSchema-instance" xsi:noNamespaceSchemaLocation="">schema.2sms.com/.../0410_RequestSendMessage.xsd" Version="1.0"> <Identification> <UserID>[USERID]</UserID> <Password>[PASSWORD]</Password> </Identification> <Service> <ServiceName>SendMessage</ServiceName> <ServiceDetail> <SingleMessage> <Destination>[PHONE]</Destination> <Text>Your Defender one-time password is [DATA]</Text> </SingleMessage> </ServiceDetail> </Service> </Request>

It appears that this is an XML-based POST, likely sent as a RESTful XML body.

Our SMS provider, however, only supports a SOAP-based integration, and we have a fully working SOAP request in SoapUI.

but we are unsure whether Defender MFA can be configured to send SOAP requests like the one above.

Our questions are:

  1. Does Defender support sending full SOAP requests as POST data to an external SMS provider?

  2. Are there any examples or documentation for integrating custom SOAP-based SMS APIs with Defender MFA?

Parents Reply
  • 0 1 day ago in reply to Tawfiq.Ahmad

    Hi Tawfiq,

    We are currently troubleshooting an issue with the One Identity Defender SMS OTP integration using a SOAP-based connection to our SMS gateway. Despite multiple successful tests from the same server hosting Defender—using external testing tools that triggered visible responses on the SMS gateway—no response is observed when the call is initiated directly by Defender.

    From the Defender side, we can see in the DSS logs that the SMS OTP is marked as sent. However, there are no corresponding logs or traces of the request reaching the SMS gateway.

    Here is an example of a working call tested on SOAPUI and inserted to POST Data in the SMS token configuration:

    URL: api.smsglobal.com/.../soapserver.php

    <soapenv:Envelope xmlns:xsi="">www.w3.org/.../XMLSchema-instance"
    xmlns:xsd="">www.w3.org/.../XMLSchema"
    xmlns:soapenv="">schemas.xmlsoap.org/.../"
    xmlns:urn="urn:MobileWorks">
    <soapenv:Header/>
    <soapenv:Body>
    <urn:apiSendSms soapenv:encodingStyle="    ">schemas.xmlsoap.org/.../">
    <ticket xsi:type="xsd:string">XXXXXXX</ticket>
    <sms_from xsi:type="xsd:string">XXXX</sms_from>
    <sms_to xsi:type="xsd:string">XXXXXX</sms_to>
    <msg_content xsi:type="xsd:string">Your OTP is [DATA]</msg_content>
    <msg_type xsi:type="xsd:string">Text</msg_type>
    <unicode xsi:type="xsd:string">0</unicode>
    <schedule xsi:type="xsd:string"></schedule>
    </urn:apiSendSms>
    </soapenv:Body>
    </soapenv:Envelope>

    To assist with further troubleshooting, could you kindly provide an example of a working SOAP call (including request format and required headers) that is known to be compatible with Defender's SMS OTP feature?

    Your support on this matter would be greatly appreciated.

Children