CA Strong Authentication Web Services Guide › Performing Credential Operations › Disabling Credentials

Disabling Credentials

User credentials can be disabled for a specified time interval. For example, if an employee goes for a long vacation, then the credentials of this user can be disabled to prevent any unauthorized access during their absence.

This section walks you through:

• Preparing the Request Message
• Invoking the Web Service
• Interpreting the Response Message

Preparing the Request Message

The DisableCredentialRequestMessage is used to disable credentials. The input elements for disabling the credentials are same as that explained in the "Creating Credentials" section. For more information about each element, refer to the tables listed in the "Creating Credentials" section.

Invoking the Web Service

To disable user credentials:

1. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the DisableCredential operation. See chapter, "Managing Web Services Security" for more information on these details.
2. Use the userName and orgName elements to fetch the details of the user whose credentials must be disabled.
3. Depending on the type of credential you want to disable, use the respective <CredentialName>Input element to obtain the credential information.

   The input required for each credential is different. For example, password is needed for Password as well as ArcotID PKI, while questions and corresponding answers are required for QnA credentials.

4. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.

   This type provides the additional information that is set as a name-value pair.

5. Use DisableCredentialRequestMessage and construct the input message by using the details obtained in preceding steps.
6. Invoke the DisableCredential operation of the ArcotWebFortIssuanceSvc service to disable the credentials.

   This operation returns an instance of the DisableCredentialResponseMessage that includes the credential and transaction details.

Interpreting the Response Message

For successful transactions, the response message, DisableCredentialResponseMessage returns the elements explained in the table containing information about the elements that the response message, CreateCredentialResponseMessage, returns. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.