Mobile Security String Index

From Swivel Knowledgebase
Jump to: navigation, search


The Swivel mobile phone apps allow security strings and One Time Codes on the phone to be used for authentication. More recent versions of the apps, using Allow String Browsing allows the user to browse and select a security string or One Time Code for authentication, so it is possible to tell the user which security string to use for authentication.

For multiple security strings in transports such as SMS or email, see Multiple Security Strings How To Guide


Swivel 3.8 or later

Mobile Phone App enabled user

The Swivel server needs to be able to accept the request for the String Index, either through a Proxy or a NAT connection.

Requesting the Security String Index

The security string Index is requested from the Swivel server using the following:


where username is the username for authentication


In a web browser make a request against the Swivel server with:


This should generate a log in the Swivel server as follows:

Token index image request for user test

Known Issues

Currently this command is not supported in the Swivel appliance proxy

Due to limitations within the RADIUS protocol, the Mobile Security String Index only works with PAP authentication and not CHAP or MSCHAP.


Check the Swivel logs for requests.