Deleting ArcotID PKI Key Bag Elements

CA Strong Authentication Web Services Guide › Performing Credential Operations › Deleting ArcotID PKI Key Bag Elements

Deleting ArcotID PKI Key Bag Elements

The certificates are valid for a certain period, after which they expire. The expired certificates cannot be used for any operation. In such cases, you can delete the expired certificates stored in the key bag, and import new certificates.

This section walks you through the topics for deleting certificates stored in the ArcotID PKI key bag:

Preparing the Request Message
Invoking the Web Service
Interpreting the Response Message

Note: This operation is applicable only for ArcotID PKI credential.

Preparing the Request Message

The ArcotIDKeyBagDeleteElementsRequestMessage is used to delete the keys and certificates that are stored in the ArcotID PKI key bag. It contains the elements listed in the following table.

Element	Mandatory	Description
clientTxnId	No	Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.
userName	Yes	Specifies the unique identifier of the user whose key bag elements have to be deleted.
orgName	No	Specifies the organization name to which the user belongs to.
profileName	No	Specifies the profile name of the credential. If it is not passed, then the default profile for the organization is used. If it is passed, then the profile name must be available at the organization.
elementSelection	No	Contains the following elements: selectCertEncoding If you enable this option, then AuthMinder Server returns the certEncoding in response. selectCertsDetails If you enable this option, then AuthMinder Server returns the certDetails in response.
additionalInput	No	Specifies the extra information that must be sent to AuthMinder Server in name-value pairs. name Indicates the name of the unsigned attribute that you want to delete. value Indicates the corresponding value for the name.
elementIds	Yes	The unique identifier of the elements that you want to delete.

Invoking the Web Service

To delete the keys and certificates stored in the ArcotID PKI key bag, you need to implement the ArcotIDKeyBagDeleteElements operation.

(Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the ArcotIDKeyBagDeleteElements operation. See chapter, "Managing Web Services Security" for more information on these details.
Use the userName and orgName elements to fetch the details of the user whose ArcotID PKI unsigned attributes you want to delete.
Use the elementSelection and elementIds element to identify the certificate elements that you want to delete.
(Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
This type provides the additional information that is set as a name-value pair.
Use ArcotIDKeyBagDeleteElementsRequestMessage and construct the input message by using the details obtained in preceding steps.
Invoke the ArcotIDKeyBagDeleteElements operation of the ArcotWebFortIssuanceSvc service to add the certificates.
This operation returns an instance of the ArcotIDKeyBagDeleteElementsResponseMessage that specifies the transaction details.

Interpreting the Response Message

For successful transactions, the response message, ArcotIDKeyBagDeleteElementsResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Element	Description
message	A string that defines the status of the operation.
reasonCode	Unique code that is sent by AuthMinder Server if the operation fails.
responseCode	Unique code that is sent by AuthMinder Server if the operation fails.
transactionID	Unique identifier of the transaction.
additionalOutput	The output for the additionalInput that was passed to AuthMinder Server.