Previous Topic: ArcotID OTP (ArcotID OTP-OATH) AuthenticationNext Topic: EMV OTP (ArcotID OTP-EMV) Authentication

CA AuthMinder Web Services GuideAuthenticating UsersArcotID OTP (ArcotID OTP-OATH) Synchronization

ArcotID OTP (ArcotID OTP-OATH) Synchronization

The following topics for synchronizing the ArcotID OTPs are covered in this section:

Preparing the Request Message

The SynchronizeArcotOTPRequestMessage is used to synchronize the client and server ArcotID OTPs. The following table lists the elements of this message.

Element

Mandatory

Description

clientTxnId

No

Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

userName

Yes

The unique identifier of the user.

orgName

No

The organization name to which the user belongs to.

otpList

Yes

The subsequent client ArcotID OTPs to which the Server OTP has to be synchronized.

tokenType

No

The type of authentication token that is expected from AuthMinder Server after successful authentication. See "Verifying the Authentication Tokens" for more information.

additionalInput/pairs

No

AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs.

  • name (The name with which you want to create the key pair.)
  • value (The corresponding value for name.)

    Note: You can add more than one of these elements.

Some of the pre-defined additional input parameters include:

  • AR_WF_LOCALE_ID
    Specifies the locale that AuthMinder will use while returning the messages back to your calling application.
  • AR_WF_CALLER_ID
    This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information.

Invoking the Web Service

To synchronize the client and server ArcotID OTPs:

  1. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the SynchronizeArcotOTP operation. See chapter, "Managing Web Services Security" for more information on these details.
  2. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
  3. Use SynchronizeArcotOTPRequestMessage and construct the input message.
  4. Invoke the SynchronizeArcotOTP operation of the ArcotWebFortAuthSvc service to synchronize the server ArcotID OTP with the client ArcotID OTP. Optionally, you can also specify the token type that must be returned to the user after successful authentication by using the tokenType element.

    This operation returns SynchronizeArcotOTPResponseMessage, which provides the transaction details, credential details, and token information.

Interpreting the Response Message

For successful transactions, the response message, SynchronizeArcotOTPResponseMessage returns the elements explained in Verify Signed Challenge Response Message in Step 2: ArcotID PKI Authentication. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.