The createRequest message is used to create authentication policies in the AuthMinder database.
This section lists the elements that are required to set the credential policy information.
The following table lists the common policy-related elements that are applicable to all credentials:
|
Element |
Mandatory |
Description |
|---|---|---|
|
name |
No |
Indicates the name of the new policy. |
|
status |
No |
Indicates the status of the configuration. Possible values are as follows:
|
|
maxStrikes |
No |
Indicates the number of failed attempts after which the user’s credentials will be locked out. |
|
warningPeriod |
No |
Indicates the number of days before the warning is sent to the calling application about the user’s impending credential expiration. |
|
gracePeriod |
No |
Indicates the number of days a user is allowed to authenticate successfully with their expired ArcotID PKI credential. |
|
autoUnlockPeriod |
No |
Indicates the number of hours after which a locked credential can automatically be used to log in again. |
|
userCheck |
No |
AuthMinder uses the user check information before performing some of the operations. The following elements are used to perform user checks:
|
|
matchAcrossUsageType |
No |
Indicates a match across usage types. Multiple credentials of the same type can be issued for a user. A description is necessary to identify the purpose for which each credential is used. For example, a user can have a temporary password to perform a remote login to the network. The usage type for this password can be temporary. |
|
usageTypeToMatch |
No |
Indicates the usage type that needs to be matched. |
The following table lists the elements that are specific to the ArcotID PKI credential authentication policy (arcotIDAuthConfigs):
|
Element |
Mandatory |
Description |
|---|---|---|
|
challengeTimeout |
No |
Indicates the duration for which the ArcotID PKI challenge must be valid. By default, the validity period is 300 seconds. |
The following table lists the elements that are specific to the QnA credential authentication policy (qnaAuthConfigs):
|
Element |
Mandatory |
Description |
|---|---|---|
|
numQuestionsToChallenge |
No |
Indicates the number of questions that AuthMinder must ask users during authentication. The default value is 3. |
|
minAnswersRequired |
No |
Indicates the minimum number of questions for which correct answers are required during authentication. The default value is 3. |
|
questionsChallengeMode |
No |
Indicates how the questions are selected for the challenge. The supported values are:
|
|
questionSetChangeOption |
No |
Specifies when AuthMinder Server must select a new set of questions for the challenge.
|
|
isCVMEnabled |
No |
Indicates whether caller side verification is enabled or not. The supported values are:
See "Questions and Answers Authentication" for more information on caller side verification. |
|
challengeTimeout |
No |
Indicates the duration for which the QnA challenge must be valid. By default, the validity period is 300 seconds. |
The following table lists the elements that are specific to the Password credential authentication policy (passwordAuthConfigs):
|
Element |
Mandatory |
Description |
|---|---|---|
|
numPositionsToChallenge |
No |
Indicates the total number of password character positions that have to be challenged by AuthMinder Server. Note: Applicable only for partial passwords. |
|
challengeTimeout |
No |
Indicates the duration for which the password challenge has to be valid. By default, the validity period is 300 seconds. |
The following table lists the elements that are specific to the OATH OTP, ArcotID OTP, and EMV OTP credential authentication policy (oathAuthConfigs,arcotOTPAuthConfigs, and emvAuthConfigs).
Note: The OTP generated by AuthMinder Server (serverOTPAuthConfigs) does not have any specific configurations.
|
Element |
Mandatory |
Description |
|---|---|---|
|
otpCounterTolerance |
No |
This element contains the OTP counter tolerance parameters.
|
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|