Previous Topic: Password AuthenticationNext Topic: Partial Password Authentication

CA AuthMinder Web Services GuideAuthenticating UsersPassword AuthenticationComplete Password Authentication

Complete Password Authentication

In this method, the security application prompts the user for complete password. If the password entered by the user is correct, then the authentication is considered successful.

The following topics for performing the complete password authentication are covered in this section:

Preparing the Request Message

The VerifyPasswordRequestMessage is used to verify the password provided by the users. The following table lists the elements of this message.

Element

Mandatory

Description

clientTxnId

No

Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

userName

Yes

The unique identifier of the user.

orgName

No

The organization name to which the user belongs to.

password

Yes

The password provided by the user.

tokenType

No

The type of authentication token that is expected from AuthMinder Server after successful authentication. See "Verifying the Authentication Tokens" for more information.

challengeID

No

The unique identifier of the challenge returned by AuthMinder Server.

Note: The challengeID is not required for complete password verification.

additionalInput/pairs

No

AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs.

  • name (The name with which you want to create the key pair.)
  • value (The corresponding value for name.)

    Note: You can add more than one of these elements.

Some of the pre-defined additional input parameters include:

  • AR_WF_LOCALE_ID
    Specifies the locale that AuthMinder will use while returning the messages back to your calling application.
  • AR_WF_CALLER_ID
    This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information.

Invoking the Web Service

To perform regular password authentication:

  1. Implement the logic to collect the user’s password.
  2. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the VerifyPassword operation. See chapter, "Managing Web Services Security" for more information on these details.
  3. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
  4. Use VerifyPasswordRequestMessage and construct the input message.
  5. Invoke the VerifyPassword operation of the ArcotWebFortAuthSvc service to verify the password provided by the user. Optionally, you can also specify the token type that must be returned to the user after successful authentication by using the tokenType element.

    This operation returns VerifyPasswordResponseMessage, which provides the transaction details, credential details, and token information.

Interpreting the Response Message

For successful transactions, the response message, VerifyPasswordResponseMessage returns the elements explained in Verify Signed Challenge Response Message in Step 2: ArcotID PKI Authentication. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.