Step 1: ArcotID PKI Download

CA Strong Authentication Web Services Guide › Authenticating Users › ArcotID PKI Authentication › Step 1: ArcotID PKI Download

Step 1: ArcotID PKI Download

To perform ArcotID PKI authentication, the ArcotID PKI of the user has to be present on the system from where the authentication request is originating. If the ArcotID PKI is not present, then it needs to be downloaded to the system. In such a case the user must perform a secondary authentication before the ArcotID PKI is downloaded.

The ArcotWebFortAuthSvc provides the GetArcotID operation that contains the elements to download the ArcotID PKI of the users.

This section covers the following topics for downloading ArcotID PKI of the users:

Preparing the Request Message
Invoking the Web Service
Interpreting the Response Message

Preparing the Request Message

The GetArcotIDRequestMessage is used to send the ArcotID PKI download request to AuthMinder Server. The following table lists the elements of this message:

Element	Mandatory	Description
clientTxnId	No	Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.
userName	Yes	The unique identifier of the user whose ArcotID PKI has to be downloaded.
orgName	No	The organization name to which the user belongs to.
additionalInput/pairs	No	AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs. name (The name with which you want to create the key pair.) value (The corresponding value for name.) Some of the pre-defined additional input parameters include: AR_WF_LOCALE_ID Specifies the locale that AuthMinder will use while returning the messages back to your calling application. AR_WF_CALLER_ID This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information. Note: The additionalInput element is available at the end of the request message. You can add more than one of these elements.

Invoking the Web Service

To download the ArcotID PKI:

(Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the GetArcotID operation. See chapter, "Managing Web Services Security" for more information on the header elements.
(Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
Use GetArcotIDRequestMessage and construct the input message. See the table in the preceding section.
Invoke the GetArcotID operation of the ArcotWebFortAuthSvc service to fetch the ArcotID PKI of the user to your application.
This operation returns an instance of the GetArcotIDResponseMessage, which provides the ArcotID PKI of the user and transaction details. For more information, see the table containing information about the elements that the response message, GetArcotIDResponseMessage, returns.
The user’s ArcotID PKI is set in the HTML or Java Server Page (JSP).
Invoke the ImportArcotID client-side API to download the ArcotID PKI from your application to the end user’s system.

Note: Refer to CA ArcotID Client Reference Guide for more information on the ImportArcotID function. ArcotID PKI Client provides the SDK in JavaScript programming language.

Interpreting the Response Message

For successful transactions, the response message, GetArcotIDResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Element	Description
arcotID	The ArcotID PKI of the user in the base-64 encoded format.
transactionDetails	Contains the following details of the transaction: message A string that defines the status of the operation. reasoncode Unique code that is sent by AuthMinder Server if the operation fails. responseCode Unique code that is sent by AuthMinder Server if the operation fails. transactionID Unique identifier of the transaction. additionalOutput The output for the additionalInput that was passed to AuthMinder Server.

Element

Description

arcotID

The ArcotID PKI of the user in the base-64 encoded format.

transactionDetails

Contains the following details of the transaction:

message
A string that defines the status of the operation.
reasoncode
Unique code that is sent by AuthMinder Server if the operation fails.
responseCode
Unique code that is sent by AuthMinder Server if the operation fails.
transactionID
Unique identifier of the transaction.
additionalOutput
The output for the additionalInput that was passed to AuthMinder Server.