Previous Topic: Questions and Answers (QnA) Input ElementsNext Topic: Disabling Credentials

CA Strong Authentication Web Services GuidePerforming Credential OperationsCreating CredentialsPassword Input Elements

Password Input Elements

The upInput element contains the elements that are required for creating Password credential. The following table lists the elements for Password:

Element

Mandatory

Description

password

No

The password that the user needs to use for Password authentication.

Invoking the Web Service

To create credentials for a user:

  1. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the CreateCredential operation. See chapter, "Managing Web Services Security" for more information on these details.
  2. Use the userName and orgName elements to fetch the details of the user for whom the credentials must be created.
  3. Depending on the type of credential you want to create, use the respective <CredentialName>Input element to obtain the credential information.

    The input required for each credential is different. For example, password is needed for Password as well as ArcotID PKI, while questions and corresponding answers are required for QnA credentials.

  4. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.

    This type provides the additional information that is set as a name-value pair.

  5. Use CreateCredentialRequestMessage and construct the input message by using the details obtained in preceding steps.
  6. Invoke the CreateCredential operation of the ArcotWebFortIssuanceSvc service to create the credentials.

    This operation returns an instance of the CreateCredentialResponseMessage that includes the credential and transaction details.

Interpreting the Response Message

For successful transactions, the response message, CreateCredentialResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Method

Description

User and Common Credential Information

userName

The unique identifier of the user.

orgName

The organization to which the user belongs to.

status

The status of the credential. Following are the supported values:

  • ACTIVE (1)
    The credential is active and can be used for authentication.
  • LOCKED (2)
    The credential is locked when the user consecutively fails to authenticate for the maximum number of negative attempts configured. For example if the maximum attempts configured is 3, then the third attempt with wrong credential will lock the credential.
  • DISABLED (3)
    The credential is disabled by the administrator.
  • DELETED (4)
    The credential of the user is deleted from the database.
  • EXPIRED (5)
    The credential of the user has expired.
  • VERIFIED (50)
    The credential is verified when the OTP submitted by the user is authenticated by AuthMinder Server successfully.

    Note: This status is applicable only for OTP.

remainingUsageCount

The number of times the credential can be used.

createTime

The time when the credential was created.

lastUpdatedTime

The time when the credential was updated last time.

validityStartTime

The timestamp from when the credential is valid.

validityEndTime

The date after which the credential expires.

disableStartTime

The time when the credential has to be disabled.

disableEndTime

The time when the disabled credential has to be enabled.

numberOfFailedAuthAttempts

The total number of failed authentication attempts permitted for the user.

lastSuccessAuthAttemptTime

The time when the last authentication attempt succeeded.

lastFailedAuthAttemptTime

The time when the last authentication attempt failed.

profileName

The profile name with which the credential was created.

profileVersion

The version number of the profile.

notes

The custom attributes that are set for the credential.

ArcotID Output

unsignedAttributes

The unsigned attributes of the ArcotID PKI.

arcotID

The ArcotID PKI that is created for the user.

OTP Output

otp

The OTP of the user.

usageCount

Number of times the OTP can be used.

OATH OTP Output

tokenID

The unique identifier of the OATH token.

type

The type of OATH OTP, whether it is HOTP or TOTP.

counterOffSet

The OATH OTP count on the server.

ArcotOTP Output

card

The ArcotID OTP of the user.

type

The type of ArcotID OTP, whether it is HOTP or TOTP.

counterOffSet

The ArcotID OTP count on the server.

EMV OTP Output

card

The EMV OTP of the user.

counterOffSet

The EMV OTP count on the server.

QnA Output

questions

The questions set for the user.

Transaction Details

message

Indicates the status of the transaction.

reasonCode

Unique code that is sent by AuthMinder Server if the operation fails.

responseCode

Code returned by the SDK in case of errors.

transactionID

The unique identifier of the transaction.

additionalOutput

The output for the additionalInput that was passed to AuthMinder Server.