Previous Topic: Uploading OATH TokensNext Topic: Input Data Validations

CA Strong Authentication Web Services GuidePerforming Bulk OperationsFetching OATH Tokens

Fetching OATH Tokens

This section walks you through the following topics for fetching the OATH tokens that are uploaded for an organization:

Preparing the Request Message

The FetchOATHTokensRequestMessage is used to fetch the OATH tokens from the AuthMinder database.The following table lists the elements of this request message.

Element

Mandatory

Description

Common Elements

clientTxId

No

The unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

additionalInput/pairs

No

AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs.

  • name (The name with which you want to create the key pair.)
  • value (The corresponding value for name.)

    Note: You can add more than one of these elements.

Some of the pre-defined additional input parameters include:

  • AR_WF_LOCALE_ID
    Specifies the locale that AuthMinder will use while returning the messages back to your calling application.
  • AR_WF_CALLER_ID
    This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information.

Organization Detail (orgDetails) Elements

fetchGlobal

No

Indicates whether you want to fetch the OATH tokens that are assigned at the global level. Following are the supported values:

  • yes: The OATH tokens that are uploaded for all organizations are fetched.
  • no: The OATH tokens that are assigned to the organizations listed in the orgList element are fetched.

Or

orgList

No

Indicates the name of the organization for which you want to upload the OATH tokens.

Token Elements

tokenID

No

The unique identifier of the OATH token.

batchID

No

The identifier that denotes the batch in which the OATH token is manufactured.

Search Filter (tokenStatus) Elements

tokenStatusFilter/free

No

The filter to fetch the tokens that are free and not yet assigned to the users.

tokenStatusFilter/assigned

No

The filter to fetch the tokens that are assigned to the users.

tokenStatusFilter/abandoned

No

The filter to fetch the tokens that are no longer used.

tokenStatusFilter/failed

No

The filter that is used to fetch the tokens that failed during upload. Token upload might fail in the following cases:

  • If the seed decryption operation fails.
  • If the token has already been assigned to the user.

Invoking the Web Service

To fetch the OATH tokens assigned for users of an organization:

  1. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the FetchOATHTokens operation. See chapter, "Managing Web Services Security" for more information on the header elements.
  2. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.

    This type provides the additional information that is set as a name-value pair.

  3. Use FetchOATHTokensRequestMessage and construct the input message by using the details obtained in preceding steps.
  4. Invoke the FetchOATHTokens operation of the ArcotWebFortBulkOperationsSvc service to upload the OATH tokens.

    This operation returns an instance of the FetchOATHTokensResponseMessage that includes the credential and transaction details.

Interpreting the Response Message

For successful transactions, the response message, FetchOATHTokenResponse returns the elements explained in the following table and the token information that is uploaded. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.

Element

Description

message

A string that defines the status of the operation.

reasonCode

Unique code that is sent by AuthMinder Server if the operation fails.

responseCode

Unique code that is sent by AuthMinder Server if the operation fails.

transactionID

Unique identifier of the transaction.

additionalOutput

The output for the additionalInput that was passed to AuthMinder Server.

batchID

The unique identifier that helps to identify the batch of the uploaded token.