CA AuthMinder Java Developer's Guide › Input Data Validations

Input Data Validations

To ensure that the system does not process invalid data, to enforce business rules, and to ensure that user input is compatible with internal structures and schemas, AuthMinder Server validates the data that it receives from the APIs. The following table explains the criteria that the AuthMinder Server uses to validate this input data:

Note: Attribute length mentioned in the following table corresponds to the character length.

Attribute	Parameter Name	Validation Criteria
Protocol Status	PROTOCL_STATUS	Checks for the following values: PROTOCOL_STATUS_ACTIVE PROTOCOL_STATUS_DISABLED
Port Number	PORT_NUMBER	Length is between 1 and 65535 characters.
Port Type	PORT_TYPE	Is non-empty Checks for the following values: TCP SSL UDP
Client Root ID	CLIENT_ROOT_ID	Checks with a set of client root IDs
Server Certificate chain encoding	SERVER_CERT_CHAIN_ENCODING	Server certificate chain encoding is non-empty. Checks for the PEM format.
Server Certificate Chain	SERVER_CERT_CHAIN	Server certificate chain is valid.
Client Certificate Chain	CLIENT_CERT_CHAIN	Client certificate chain is valid.
Client Root CA Certificate	CLIENT_ROOT_CA_CERT	Client root CA certificate is valid.
Server Root CA Certificate	SERVER_ROOT_CA_CERT	Server root CA certificate is valid.
Client Root CA Certificates Count	CLIENT_ROOT_CA_CERT	Checks the count of CA certificates is non-zero.
Client Root ID	CLIENT_ROOT_ID	Checks with a set of client root IDs.
Server Certificate Chain Encoding	SERVER_CERT_CHAIN_ENCODING	Server certificate chain encoding is non-empty. Checks for the PEM format.
Server Certificate Chain	SERVER_CERT_CHAIN	Server certificate chain is valid.
Client Certificate Chain	CLIENT_CERT_CHAIN	Client certificate chain is valid.
Client Root CA Certificate	CLIENT_ROOT_CA_CERT	Client root CA certificate is valid.
Server Root CA Certificate	SERVER_ROOT_CA_CERT	Server root CA certificate is valid.
Client Root CA Certificate count	CLIENT_ROOT_CA_CERT	Checks the count of CA certificates is non-zero.
Server Private Key Encoding	SERVER_PRIVATE_KEY_ENCODING	Server private key encoding is non-empty. Checks for the PEM format.
Locale Name	LOCALE_NAME	Locale name is non-empty. Checks locale name with the ISO set of locales.
Client Root CA Path	CLIENT_ROOT_CA_PATH	Client root CA path is non-empty.
Server ID	SERVER_ID	Port number > 1. Checks with a set of server identifiers.
Client Root CA Certificate Encoding	CLIENT_ROOT_CA_CERT_ENCODING	Client root CA certificate encoding is non-empty. Checks for the PEM format.
Certificate Common Name	CERT_COMMON_NAME	Certificate common name is non-empty. Certificate common name length is between 1 and 256. Does not contain invalid characters (ASCII 0-31).
Certificate Country Name	COUNTRY_NAME	Certificate country name is non-empty. Certificate country name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Certificate Organization Name	ORG_NAME	Certificate organization name is non-empty. Certificate organization name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Certificate Organization Unit Name	ORG_UNIT_NAME	Certificate organization unit name is non-empty. Certificate organization unit name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Certificate State Name	STATE_NAME	Certificate state name is non-empty. Certificate state name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Certificate Locality Name	LOCALITY_NAME	Certificate locality name is non-empty. Certificate locality name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Certificate Start Date	START_TIME	Checks for valid date format.
Certificate End Date	END_TIME	Checks for valid date format.
PKI Certificate	PKI_CERTIFICATE	PKI certificate is valid.
PKI Key	PKI_KEY	PKI key is valid.
Certificate Chain and Key Pair	PRIVATE_KEY_PAIR	Certificate chain and key pair are valid.
PKCS12 Certificate Chain	PKCS12_CERT_CHAIN_KEY	PKCS12 certificate chain is valid.
PKCS7 Certificate Chain	PKCS12_CERT_CHAIN_KEY	PKCS7 certificate chain is valid.
User ID	USER_ID	Minimum value of user ID must be greater than 1.
Group ID	GROUP_ID	Minimum value of group ID must be greater than 1.
Create Time	CREATE_TIME	Checks for valid date format.
Last Modified Time	LAST_MODIFIED_TIME	Checks for valid date format.
Start and End Date	START_END_DATES	Start date < End date.
User Attribute Name	USER_ATTR_NAME	User Attribute Name is non-empty.
WebFort organization name (checks for the organization name is ‘\n’, else validate)	ORG_NAME	Organization name is non-empty. Organization name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
User Existence Check	USER_EXISTENCE_CHECK	Value of user existence check is 0 or 1.
User Active Check	USER_ACTIVE_CHECK	Value of user active check is 0 or 1.
Kerberos User Name	KERBEROS_USER_NAME	Kerberos user name is non-empty. Kerberos user name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Kerberos Domain Name	KERBEROS_DOMAIN_NAME	Kerberos domain name is non-empty. Kerberos domain name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Kerberos Password	KERBEROS_PASSWORD	Kerberos password is non-empty. Kerberos password length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Authentication User Password	AUTH_USER_PASSWORD	User password is non-empty. User password is between 1 and 64. Checks user password against to a set of strings. Does not contain invalid characters (ASCII 0-31).
Password Maximum Length	PWD_MAX_LENGTH	Minimum value of password maximum length must be greater than 4. Maximum value of password maximum length must be less than 64.
Password Minimum Length	PWD_MIN_LENGTH	Minimum value of password minimum length must be greater than 4. Maximum value of password minimum length must be less than 64.
Password Minimum Special Character Length	PWD_SPECIAL_CHAR_MIN_LENGTH	Minimum value of password special character length must be greater than 0. Maximum value of password special character minimum length must be less than 64.
Password Minimum Alphabetic Character Length	PWD_ALPHA_CHAR_MIN_LENGTH	Minimum value of password alphabetic character length must be greater than 0. Maximum value of password alphabetic character length must be less than 64.
Password Minimum Numeric Character Length	PWD_NUMERIC_CHAR_MIN_LENGTH	Minimum value of password numeric character length must be greater than 0. Maximum value of password numeric character length must be less than 64.
Password Strength Configuration	PASSWORD_STRENGTH	Password strength attribute length must be less than the password length.
Question	AUTH_QUESTIONS	Question is non-empty. Question length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Answer	AUTH_ANSWERS	Answer is non-empty. Answer length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Number of Questions	NUM_OF_QNA	Number of questions must be greater than the minimum number of questions. Number of questions must be lesser than the maximum number of questions.
Number of Questions to Ask	QNA_NUM_QUESTION_TO_ASK	Minimum questions to ask must be greater than 1. Maximum questions to ask must be lesser than 10.
Minimum Number of Correct Answers Required	QNA_MIN_ANS_REQUIRED	Minimum correct answers must be greater than 1. Minimum correct answers must be less than 10.
QnA Maximum Questions	MAX_QUESTIONS	Minimum value of maximum questions must be greater than 1. Maximum value of maximum questions must be less than 10.
QnA Minimum Questions	MIN_QUESTIONS	Minimum value of minimum questions must be greater than 2. Maximum value of minimum questions must be less than 10.
QnA Challenge Timeout in Seconds	QNA_CHALLENGE_TIMEOUT_SECS	QnA challenge timeout in seconds must be between 1 and 7200.
Plain Key Type	PLAIN_KEY_TYPE	Plain key type is non-empty. Checks for the RSA value.
Arcot Key Type	ARCOT_KEY_TYPE	Plain key type is non-empty. Checks for the RSA value.
Plain Key Length	PLAIN_KEY_LENGTH	Plain key length value must be between 512 and 4096.
Arcot Key Length	ARCOT_KEY_LENGTH	Arcot key length is between 512 and 4096.
ArcotID Challenge Timeout in Seconds	ARCOTID_CHALLENGE_TIMEOUT_SECS	The ArcotID PKI challenge timeout in seconds is between 1 and 7200.
ArcotID Unsigned Attribute Key Check	AID_UNSIGNED_ATTRIB_KEY	Unsigned attribute key is either USERID or ORG.
Warning Period in Days	WARNING_PERIOD_DAYS	Warning period in days is greater than 0.
Grace Period in Days	GRACE_PERIOD_DAYS	Grace period in days is greater than 0.
Auto Unlock Period in Hours	AUTO_UNLOCK_PERIOD_HOURS	Auto-unlock period in hours is greater than 0.
Authentication OTT Token	AUTH_OTT_TOKEN	OTT token is non-empty. OTT token length is between 4 and 64.
OTT Length	OTT_LENGTH	Value of OTT length is between 5 and 240.
OTT Timeout in Seconds	OTT_TIMEOUT	Value of OTT timeout in seconds is between 1 and 172800.
OTP Length	OTP_LENGTH	Value of OTP length is between 4 and 64.
OTP Type	OTP_TYPE	Checks for numeric and alphanumeric values.
OTP Multiple Usage Count	OTP_MULTIPLE_USAGE_COUNT	Multiple usage count of OTP is between 1 and 99999.
Global Authentication Token Timeout in Seconds	GLOBAL_AUTH_TOKEN_TIMEOUT_SECS	Global authentication token timeout in seconds is between 1 and 172800.
Maximum Strikes	MAX_STRIKES	Maximum strike count is between 1 and 100.
Transaction Algorithm ID	TRANSALGO_ID	Checks for the following values: NATIVE_PLAIN_CS NATIVE_PLAIN_CI NATIVE_SHA1_CS NATIVE_SHA1_CI
Organization Credential Configuration Name	ORG_CRED_CONFIG_NAME	Organization credential configuration name is non-empty.
ArcotID Credential Configuration Name	ARCOTID_CRED_CONFIG_NAME	ArcotID PKI credential configuration name is non-empty. Checks ArcotID PKI credential configuration name with a set of strings. ArcotID PKI credential configuration name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
OTP Credential Configuration Name	OTP_CRED_CONFIG_NAME	OTP credential configuration name is non-empty. Checks OTP credential configuration name against to a set of strings. OTP credential configuration name length is between 1 and 64 Does not contain invalid characters (ASCII 0-31).
QnA Credential Configuration Name	QNA_CRED_CONFIG_NAME	QnA credential configuration name is non-empty. Checks QnA credential configuration name with a set of strings. QnA credential configuration name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Password Credential Configuration Name	UP_CRED_CONFIG_NAME	Password credential configuration name is non-empty. Checks Password credential configuration name with a set of strings. Password credential configuration name length is between 1 and 64 Does not contain invalid characters (ASCII 0-31).
ArcotID Authentication Policy Name	ARCOTID_AUTH_POLICY_NAME	ArcotID PKI authentication policy name is non-empty. Checks ArcotID PKI authentication policy name with a set of strings. ArcotID PKI authentication policy name length is between 1 and 64 Does not contain invalid characters (ASCII 0-31).
OTP Authentication Policy Name	OTP_AUTH_POLICY_NAME	OTP authentication policy name is non-empty. Checks OTP authentication policy name with a set of strings. OTP authentication policy name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
QnA Authentication Policy Name	QNA_AUTH_POLICY_NAME	QnA authentication policy name is non-empty. Checks QnA authentication policy name with a set of strings. QnA authentication policy name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Password Authentication Policy Name	PASSWORD_AUTH_POLICY_NAME	Password authentication policy name is non-empty. Checks Password authentication policy name with a set of strings. Password authentication policy name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
General Authentication Policy Name	GENERAL_AUTH_POLICY_NAME	General authentication policy name is non-empty. Checks General authentication policy name with a set of strings. General authentication policy name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
RADIUS Authentication Policy Name	RADIUS_AUTH_POLICY_NAME	RADIUS authentication policy name is non-empty. Checks RADIUS authentication policy name with a set of strings. RADIUS authentication policy name length is between 1 and 64 Does not contain invalid characters (ASCII 0-31).
Kerberos Authentication Policy Name	KERBEROS_AUTH_POLICY_NAME	Kerberos authentication policy name is non-empty. Checks Kerberos authentication policy name with a set of strings. Kerberos authentication policy name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Mechanism Name	MECHANISM_NAME	Mechanism name is non-empty. Does not contain invalid characters (ASCII 0-31). Checks mechanism name with a set of strings.
Mechanism Status	MECHANISM_STATUS	Checks for the following values: MECHANISM_STATUS_ENABLE MECHANISM_STATUS_DISABLED
Radius Client IP Address	RADIUS_CLIENT_IP	Radius client IP address is non-empty. Radius client IP address length is between 7 and15. Does the following checks: It should contain integers and ‘.’ It should contain three dots
Radius Client Shared Secret	RADIUS_ClIENT_SHARED_SECRET	Radius client shared secret is non-empty. Radius client shared secret length is between 1 and 1024.
Radius Client Description	RADIUS_CLIENT_DESC	Radius client description length is between 0 and 256. Does not contain invalid characters (ASCII 0-31).
Radius Client Authentication Type	RADIUS_CLIENT_AUTH_TYPE	Radius client shared secret is non-empty. Checks for the following values: OTT INBAND
Radius Client Maximum Chunk Size	RADIUS_CLIENT_MAX_CHUNK_SIZE	RADIUS client maximum chunk size is between 50 and 200.
Radius Version	RADIUS_VERSION	Checks for the following values: 1 2
Duplicate Question and Answers	DUPLICATE_QUESTION_AND_ANSWER	Questions are not duplicate. Answers are not duplicate. Question is not same as answer.
Token Type	AUTH_TOKEN_TYPE	Checks for the following values: DEFAULT_TOKEN NATIVE_TOKEN OTP_TOKEN SAML11_TOKEN SAML20_TOKEN NO_TOKEN
Configuration Name	CONFIG_NAME	Configuration name is non-empty. Configuration name length is between 1 and64. Does not contain invalid characters (ASCII 0-31).
Pin	PIN	Pin is non-empty. Pin length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
OTP Maximum Length	OTP_MAX_LENGTH	OTP maximum length is between 4 and 64.
OTP Minimum Length	OTP_MIN_LENGTH	OTP minimum length is between 4 and 64.
Last Strike Time	LAST_STRIKE_TIME	Checks for valid date format.
Last Failed Time	LAST_FAILED_TIME	Checks for valid date format.
Last Succeeded Time	LAST_SUCCEEDED_TIME	Checks for valid date format.
Credential Status	CRED_STATUS	Checks for the following values: ACTIVE LOCKED DISABLED REVOKED REISSUED VERIFIED
Certificate Serial Number	CERT_SERIAL_NUMBER	Certificate serial number is non-empty. Certificate serial number length is between 1 and32. Checks for the following characters: 0 – 9 a – f A - F
Password Minimum and Maximum Length	PWD_MIN_LENGTH	Password minimum length is lesser than password maximum length.
QnA Minimum and Maximum Questions	MIN_QUESTIONS	QnA minimum questions is lesser than QnA maximum questions.
Questions and Correct Answers	QNA_NUM_QUESTION_TO_ASK	Number of correct answers is lesser than number of questions.
Host Name	HOST_NAME	Host name is non-empty. Host name length is between 1 and 64 Does not contain invalid characters (ASCII 0-31).
URI	URI_NAME	URI is non-empty. URI length is between 1 and 1024. Does not contain invalid characters (ASCII 0-31).
Connection Timeout	CONNECTION_TIMEOUT	Connection timeout is between 0 and 2147483647.
Read Timeout	READ_TIMEOUT	Read timeout is between 0 and 2147483647.
Idle Timeout	IDLE_TIMEOUT	Idle timeout is between 0 and 2147483647.
Minimum Connections	MIN_CONNECTIONS	Minimum connections is between 0 and 2147483647.
Maximum Connections	MAX_CONNECTIONS	Maximum connections is between 0 and 2147483647.
WebFort Event ID	WF_EVENT_ID	Checks for the set of valid events.
Instance name	INSTANCE_NAME	Instance name is non-empty. Instance name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Log Level	LOG_TXN_LOG_LEVEL	Minimum database connections is between 1 and 3.
Minimum DB Connections	MIN_DB_CONNECTIONS	Minimum database connections is between 1 and 128.
Maximum DB Connections	MAX_DB_CONNECTIONS	Maximum database connections is between 1 and 512.
Maximum DB Connections Against Minimum	MAX_DB_CONNECTIONS	Maximum database connections are less than minimum database connections.
Increment DB Connections	INC_DB_CONNECTIONS	Increment database connections must be greater than 0. Increment database connections must be less than maximum database connections-minimum database connections.
ArcotID Unsigned Attribute Key (No validation on value)	AID_UNSIGNED_ATTRIB_KEY	Attributes with name USERID and ORG are not allowed because these are created while creating ArcotID PKI. Therefore, these values cannot be modified.
Custom Attributes	NOTES_KEY/ NOTES_VALUE/ NOTES	Does not contain invalid characters (ASCII 0-31). Custom attribute string length must be between 0 and 1024.
SSL Trust Store Group Name	SSL_TRUST_STORE_GROUP_NAME	SSL trust store group name is non-empty. SSL trust store group name length is between 1 and 64. Does not contain invalid characters (ASCII 0-31).
Minimum Threads	MIN_THREADS	Minimum thread count is between 1 and 1024.
Maximum Threads	MAX_THREADS	Maximum thread count is between 1 and 1024.
Threads Minimum and Maximum Count	MIN_THREADS	Minimum thread count is less than maximum thread count.
Additional Input	ADDITIONAL_INPUTS_NAME	Does not contain invalid characters (ASCII 0-31).
Server Statistics Option	STATS_OPTION	Checks for the following values: CONSOLIDATED PER_PROTOCOL DATABASE UDS_CLIENT MAXVAL
Numeric Instance Attribute	parameterName that is passed to the function	Checks only if the numeric instance attributes are used.
Display Name	DISPLAY_NAME	Display name is non-empty. Display name length is between 0 and 256. Does not contain invalid characters (ASCII 0-31).
Logo URL	LOGO_URL	Checks if the URL format is valid.
Password Challenge Validity	PASSWORD_CHALLENGE_TIMEOUT_SECS	Password challenge validity is between 1 and 7200.
ArcotID Card Name	AUTH_CARD_NAME	ArcotID PKI Card Name is non-empty. ArcotID PKI Card Name length is between 1 and 8.
Duplicate Questions	DUPLICATE_QUESTIONS	Questions are not duplicate.
Duplicate Answers	DUPLICATE_ANSWERS	Answers are not duplicate.
Partial password Length	PARTIAL_PWD_LENGTH	Partial password length is between 0 and 64.
QnA Shuffle Mode	QNA_SHUFFLE_MODE	Checks for the following values: RANDOM ALTERNATIVE
QnA Shuffle Flag	QNA_SHUFFLE_FLAG	Checks for the following values: SHUFFLE_ALWAYS SHFFULE_AFTER_SUCCESS_AUTH
QnA Return Mode	QNA_RETURN_MODE	Checks for the following values: STATIC RANDOM
OATH One-Time Password Length	OATH_OTP_LENGTH	OATH One-Time Password length is between 4 and 32.
OATH One-Time Password Token Type	OATH_OTP_TYPE	Checks for the following values: HOTP TOTP
OATH One-Time Password Authentication Look Ahead Count	OATH_OTP_AUTH_LOOK_AHEAD	OATH One-Time Password Authentication look ahead count is between 0 and 99999.
OATH One-Time Password Authentication Look Back Count	OATH_OTP_AUTH_LOOK_BACK	OATH One-Time Password Authentication look back count is between 0 and 99999.
OATH One-Time Password Synchronization Look Ahead Count	OATH_OTP_RESYNC_LOOK_AHEAD	OATH One-Time Password Synchronization look ahead count is between 0 and 99999.
OATH One-Time Password Synchronization Look Back Count	OATH_OTP_RESYNC_LOOK_BACK	OATH One-Time Password Synchronization look back count is between 0 and 99999.