Previous Topic: Input Data ValidationsNext Topic: User Attributes Validation Checks

CA AuthMinder Web Services GuideInput Data ValidationsAuthMinder Validation Checks

AuthMinder Validation Checks

The following table lists the validation checks that are performed by AuthMinder.

Attribute

Parameter Name

Validation Criteria

Protocol Status

PROTOCL_STATUS

Checks for the following values:

  • PROTOCOL_STATUS_ACTIVE
  • PROTOCOL_STATUS_DISABLED

Port Number

PORT_NUMBER

Length is between 1 and 65535 characters.

Port Type

PORT_TYPE
  • Is non-empty
  • Checks for the following values:
  • TCP
  • SSL
  • UDP

Client Root ID

CLIENT_ROOT_ID

Checks with a set of client root IDs

Server Certificate chain encoding

SERVER_CERT_CHAIN_ENCODING
  • Server certificate chain encoding is non-empty.
  • Checks for the PEM format.

Server Certificate Chain

SERVER_CERT_CHAIN

Server certificate chain is valid.

Client Certificate Chain

CLIENT_CERT_CHAIN

Client certificate chain is valid.

Client Root CA Certificate

CLIENT_ROOT_CA_CERT

Client root CA certificate is valid.

Server Root CA Certificate

SERVER_ROOT_CA_CERT

Server root CA certificate is valid.

Client Root CA Certificates Count

CLIENT_ROOT_CA_CERT

Checks the count of CA certificate is non-zero.

Client Root ID

CLIENT_ROOT_ID

Checks with a set of client root IDs.

Server Certificate Chain Encoding

SERVER_CERT_CHAIN_ENCODING
  • Server certificate chain encoding is non-empty.
  • Checks for the PEM format.

Server Certificate Chain

SERVER_CERT_CHAIN

Server certificate chain is valid.

Client Certificate Chain

CLIENT_CERT_CHAIN

Client certificate chain is valid.

Client Root CA Certificate

CLIENT_ROOT_CA_CERT

Client root CA certificate is valid.

Server Root CA Certificate

SERVER_ROOT_CA_CERT

Server root CA certificate is valid.

Client Root CA Certificate count

CLIENT_ROOT_CA_CERT

Checks the count of CA certificates is non-zero.

Server Private Key Encoding

SERVER_PRIVATE_KEY_ENCODING
  • Server private key encoding is non-empty.
  • Checks for the PEM format.

Locale Name

LOCALE_NAME
  • Locale name is non-empty.
  • Checks locale name with the ISO set of locales.

Client Root CA Path

CLIENT_ROOT_CA_PATH

Client root CA path is non-empty.

Server ID

SERVER_ID
  • Port number > 1.
  • Checks with a set of server identifiers.

Client Root CA Certificate Encoding

CLIENT_ROOT_CA_CERT_ENCODING
  • Client root CA certificate encoding is non-empty.
  • Checks for the PEM format.

Certificate Common Name

CERT_COMMON_NAME
  • Certificate common name is non-empty.
  • Certificate common name length is between 1 and 256.
  • Does not contain invalid characters (ASCII 0-31).

Certificate Country Name

COUNTRY_NAME
  • Certificate country name is non-empty.
  • Certificate country name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Certificate Organization Name

ORG_NAME
  • Certificate organization name is non-empty.
  • Certificate organization name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Certificate Organization Unit Name

ORG_UNIT_NAME
  • Certificate organization unit name is non-empty.
  • Certificate organization unit name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Certificate State Name

STATE_NAME
  • Certificate state name is non-empty.
  • Certificate state name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Certificate Locality Name

LOCALITY_NAME
  • Certificate locality name is non-empty.
  • Certificate locality name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Certificate Start Date

START_TIME

Checks for valid date format.

Certificate End Date

END_TIME

Checks for valid date format.

PKI Certificate

PKI_CERTIFICATE

PKI certificate is valid.

PKI Key

PKI_KEY

PKI key is valid.

Certificate Chain and Key Pair

PRIVATE_KEY_PAIR

Certificate chain and key pair are valid.

PKCS12 Certificate Chain

PKCS12_CERT_CHAIN_KEY

PKCS12 certificate chain is valid.

PKCS7 Certificate Chain

PKCS12_CERT_CHAIN_KEY

PKCS7 certificate chain is valid.

User ID

USER_ID

Minimum value of user ID must be greater than 1.

Group ID

GROUP_ID

Minimum value of group ID must be greater than 1.

Create Time

CREATE_TIME

Checks for valid date format.

Last Modified Time

LAST_MODIFIED_TIME

Checks for valid date format.

Start and End Date

START_END_DATES

Start date < End date.

User Attribute Name

USER_ATTR_NAME

User Attribute Name is non-empty.

WebFort organization name

(checks for the organization name is ‘\n’, else go for the validation)

ORG_NAME
  • Organization name is non-empty.
  • Organization name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

User Existence Check

USER_EXISTENCE_CHECK

Value of user existence check is 0 or 1.

User Active Check

USER_ACTIVE_CHECK

Value of user active check is 0 or 1.

Kerberos User Name

KERBEROS_USER_NAME
  • Kerberos user name is non-empty.
  • Kerberos user name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Kerberos Domain Name

KERBEROS_DOMAIN_NAME
  • Kerberos domain name is non-empty.
  • Kerberos domain name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Kerberos Password

KERBEROS_PASSWORD
  • Kerberos password is non-empty.
  • Kerberos password length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Authentication User Password

 

AUTH_USER_PASSWORD
  • User password is non-empty.
  • User password is between 1 and 64.
  • Checks user password against to a set of strings.
  • Does not contain invalid characters (ASCII 0-31).

Password Maximum Length

PWD_MAX_LENGTH
  • Minimum value of password maximum length must be greater than 4.
  • Maximum value of password maximum length must be less than 64.

Password Minimum Length

PWD_MIN_LENGTH
  • Minimum value of password minimum length must be greater than 4.
  • Maximum value of password minimum length must be less than 64.

Password Minimum Special Character Length

PWD_SPECIAL_CHAR_MIN_LENGTH
  • Minimum value of password special character length must be greater than 0.
  • Maximum value of password special character minimum length must be less than 64.

Password Minimum Alphabetic Character Length

PWD_ALPHA_CHAR_MIN_LENGTH
  • Minimum value of password alphabetic character length must be greater than 0.
  • Maximum value of password alphabetic character length must be less than 64.

Password Minimum Numeric Character Length

PWD_NUMERIC_CHAR_MIN_LENGTH
  • Minimum value of password numeric character length must be greater than 0.
  • Maximum value of password numeric character length must be less than 64.

Password Strength Configuration

PASSWORD_STRENGTH

Password strength attribute length must be less than the password length.

Question

AUTH_QUESTIONS
  • Question is non-empty.
  • Question length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Answer

AUTH_ANSWERS
  • Answer is non-empty.
  • Answer length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Number of Questions

NUM_OF_QNA
  • Number of questions must be greater than the minimum number of questions.
  • Number of questions must be lesser than the maximum number of questions.

Number of Questions to Ask

QNA_NUM_QUESTION_TO_ASK
  • Minimum questions to ask must be greater than 1.
  • Maximum questions to ask must be lesser than 10.

Minimum Number of Correct Answers Required

QNA_MIN_ANS_REQUIRED
  • Minimum correct answers must be greater than 1.
  • Minimum correct answers must be less than 10.

QnA Maximum Questions

MAX_QUESTIONS
  • Minimum value of maximum questions must be greater than 1.
  • Maximum value of maximum questions must be less than 10.

QnA Minimum Questions

MIN_QUESTIONS
  • Minimum value of minimum questions must be greater than 2.
  • Maximum value of minimum questions must be less than 10.

QnA Challenge Timeout in Seconds

QNA_CHALLENGE_TIMEOUT_SECS

QnA challenge timeout in seconds must be between 1 and 7200.

Plain Key Type

PLAIN_KEY_TYPE
  • Plain key type is non-empty.
  • Checks for the RSA value.

Arcot Key Type

ARCOT_KEY_TYPE
  • Plain key type is non-empty.
  • Checks for the RSA value.

Plain Key Length

PLAIN_KEY_LENGTH

Plain key length value must be between 512 and 4096.

Arcot Key Length

ARCOT_KEY_LENGTH

Arcot key length is between 512 and 4096.

ArcotID Challenge Timeout in Seconds

ARCOTID_CHALLENGE_TIMEOUT_SECS

The ArcotID PKI challenge timeout in seconds is between 1 and 7200.

ArcotID Unsigned Attribute Key Check

AID_UNSIGNED_ATTRIB_KEY

Unsigned attribute key is either USERID or ORG.

Warning Period in Days

WARNING_PERIOD_DAYS

Warning period in days is greater than 0.

Grace Period in Days

GRACE_PERIOD_DAYS

Grace period in days is greater than 0.

Auto Unlock Period in Hours

AUTO_UNLOCK_PERIOD_HOURS

Auto-unlock period in hours is greater than 0.

Authentication OTT Token

AUTH_OTT_TOKEN
  • OTT token is non-empty.
  • OTT token length is between 4 and 64.

OTT Length

OTT_LENGTH

Value of OTT length is between 5 and 240.

OTT Timeout in Seconds

OTT_TIMEOUT

Value of OTT timeout in seconds is between 1 and 172800.

OTP Length

OTP_LENGTH

Value of OTP length is between 4 and 64.

OTP Type

OTP_TYPE

Checks for numeric and alphanumeric values.

OTP Multiple Usage Count

OTP_MULTIPLE_USAGE_COUNT

Multiple usage count of OTP is between 1 and 99999.

Global Authentication Token Timeout in Seconds

GLOBAL_AUTH_TOKEN_TIMEOUT_SECS

Global authentication token timeout in seconds is between 1 and 172800.

Maximum Strikes

MAX_STRIKES

Maximum strike count is between 1 and 100.

Transaction Algorithm ID

TRANSALGO_ID

Checks for the following values:

  • NATIVE_PLAIN_CS
  • NATIVE_PLAIN_CI
  • NATIVE_SHA1_CS
  • NATIVE_SHA1_CI

Organization Credential Configuration Name

ORG_CRED_CONFIG_NAME

Organization credential configuration name is non-empty.

ArcotID Credential Configuration Name

ARCOTID_CRED_CONFIG_NAME
  • ArcotID PKI credential configuration name is non-empty.
  • Checks ArcotID PKI credential configuration name with a set of strings.
  • ArcotID PKI credential configuration name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

OTP Credential Configuration Name

OTP_CRED_CONFIG_NAME
  • OTP credential configuration name is non-empty.
  • Checks OTP credential configuration name against to a set of strings.
  • OTP credential configuration name length is between 1 and 64
  • Does not contain invalid characters (ASCII 0-31).

QnA Credential Configuration Name

QNA_CRED_CONFIG_NAME
  • QnA credential configuration name is non-empty.
  • Checks QnA credential configuration name with a set of strings.
  • QnA credential configuration name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Password Credential Configuration Name

UP_CRED_CONFIG_NAME
  • Password credential configuration name is non-empty.
  • Checks Password credential configuration name with a set of strings.
  • Password credential configuration name length is between 1 and 64
  • Does not contain invalid characters (ASCII 0-31).

ArcotID Authentication Policy Name

ARCOTID_AUTH_POLICY_NAME
  • ArcotID PKI authentication policy name is non-empty.
  • Checks ArcotID PKI authentication policy name with a set of strings.
  • ArcotID PKI authentication policy name length is between 1 and 64
  • Does not contain invalid characters (ASCII 0-31).

OTP Authentication Policy Name

 

OTP_AUTH_POLICY_NAME
  • OTP authentication policy name is non-empty.
  • Checks OTP authentication policy name with a set of strings.
  • OTP authentication policy name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

QnA Authentication Policy Name

 

QNA_AUTH_POLICY_NAME
  • QnA authentication policy name is non-empty.
  • Checks QnA authentication policy name with a set of strings.
  • QnA authentication policy name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Password Authentication Policy Name

 

PASSWORD_AUTH_POLICY_NAME
  • Password authentication policy name is non-empty.
  • Checks Password authentication policy name with a set of strings.
  • Password authentication policy name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

General Authentication Policy Name

 

GENERAL_AUTH_POLICY_NAME
  • General authentication policy name is non-empty.
  • Checks General authentication policy name with a set of strings.
  • General authentication policy name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

RADIUS Authentication Policy Name

 

RADIUS_AUTH_POLICY_NAME
  • RADIUS authentication policy name is non-empty.
  • Checks RADIUS authentication policy name with a set of strings.
  • RADIUS authentication policy name length is between 1 and 64
  • Does not contain invalid characters (ASCII 0-31).

Kerberos Authentication Policy Name

 

KERBEROS_AUTH_POLICY_NAME
  • Kerberos authentication policy name is non-empty.
  • Checks Kerberos authentication policy name with a set of strings.
  • Kerberos authentication policy name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Mechanism Name

MECHANISM_NAME
  • Mechanism name is non-empty.
  • Does not contain invalid characters (ASCII 0-31).
  • Checks mechanism name with a set of strings.

Mechanism Status

MECHANISM_STATUS

Checks for the following values:

  • MECHANISM_STATUS_ENABLE
  • MECHANISM_STATUS_DISABLED

Radius Client IP Address

RADIUS_CLIENT_IP
  • Radius client IP address is non-empty.
  • Radius client IP address length is between 7 and15.
  • Does the following checks:
  • It should contain integers and ‘.’
  • It should contain three dots

Radius Client Shared Secret

RADIUS_ClIENT_SHARED_SECRET
  • Radius client shared secret is non-empty.
  • Radius client shared secret length is between 1 and 1024.

Radius Client Description

RADIUS_CLIENT_DESC
  • Radius client description length is between 0 and 256.
  • Does not contain invalid characters (ASCII 0-31).

Radius Client Authentication Type

RADIUS_CLIENT_AUTH_TYPE
  • Radius client shared secret is non-empty.
  • Checks for the following values:
  • OTT
  • INBAND

Radius Client Maximum Chunk Size

RADIUS_CLIENT_MAX_CHUNK_SIZE

RADIUS client maximum chunk size is between 50 and 200.

Radius Version

RADIUS_VERSION

Checks for the following values:

  • 1
  • 2

Duplicate Question and Answers

DUPLICATE_QUESTION_AND_ANSWER
  • Questions are not duplicate.
  • Answers are not duplicate.
  • Question is not same as answer.

Token Type

AUTH_TOKEN_TYPE

Checks for the following values:

  • DEFAULT_TOKEN
  • NATIVE_TOKEN
  • OTP_TOKEN
  • SAML11_TOKEN
  • SAML20_TOKEN
  • NO_TOKEN

Configuration Name

CONFIG_NAME
  • Configuration name is non-empty.
  • Configuration name length is between 1 and64.
  • Does not contain invalid characters (ASCII 0-31).

Pin

PIN
  • Pin is non-empty.
  • Pin length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

OTP Maximum Length

OTP_MAX_LENGTH

OTP maximum length is between 4 and 64.

OTP Minimum Length

OTP_MIN_LENGTH

OTP minimum length is between 4 and 64.

Last Strike Time

LAST_STRIKE_TIME

Checks for valid date format.

Last Failed Time

LAST_FAILED_TIME

Checks for valid date format.

Last Succeeded Time

LAST_SUCCEEDED_TIME

Checks for valid date format.

Credential Status

CRED_STATUS

Checks for the following values:

  • ACTIVE
  • LOCKED
  • DISABLED
  • REVOKED
  • REISSUED
  • VERIFIED

Certificate Serial Number

CERT_SERIAL_NUMBER
  • Certificate serial number is non-empty.
  • Certificate serial number length is between 1 and32.
  • Checks for the following characters:
  • 0 – 9
  • a – f
  • A - F

Password Minimum and Maximum Length

PWD_MIN_LENGTH

Password minimum length is lesser than password maximum length.

QnA Minimum and Maximum Questions

MIN_QUESTIONS

QnA minimum questions is lesser than QnA maximum questions.

Questions and Correct Answers

QNA_NUM_QUESTION_TO_ASK

Number of correct answers is lesser than number of questions.

Host Name

HOST_NAME
  • Host name is non-empty.
  • Host name length is between 1 and 64
  • Does not contain invalid characters (ASCII 0-31).

URI

URI_NAME
  • URI is non-empty.
  • URI length is between 1 and 1024.
  • Does not contain invalid characters (ASCII 0-31).

Connection Timeout

CONNECTION_TIMEOUT

Connection timeout is between 0 and 2147483647.

Read Timeout

READ_TIMEOUT

Read timeout is between 0 and 2147483647.

Idle Timeout

IDLE_TIMEOUT

Idle timeout is between 0 and 2147483647.

Minimum Connections

MIN_CONNECTIONS

Minimum connections is between 0 and 2147483647.

Maximum Connections

MAX_CONNECTIONS

Maximum connections is between 0 and 2147483647.

WebFort Event ID

WF_EVENT_ID

Checks for the set of valid events.

Instance name

INSTANCE_NAME
  • Instance name is non-empty.
  • Instance name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Log Level

LOG_TXN_LOG_LEVEL

Minimum database connections is between 1 and 3.

Minimum DB Connections

MIN_DB_CONNECTIONS

Minimum database connections is between 1 and 128.

Maximum DB Connections

MAX_DB_CONNECTIONS

Maximum database connections is between 1 and 512.

Maximum DB Connections Against Minimum

MAX_DB_CONNECTIONS

Maximum database connections are less than minimum database connections.

Increment DB Connections

INC_DB_CONNECTIONS
  • Increment database connections must be greater than 0.
  • Increment database connections must be less than maximum database connections-minimum database connections.

ArcotID Unsigned Attribute Key

(No validation on value)

AID_UNSIGNED_ATTRIB_KEY

Attributes with name USERID and ORG are not allowed because these are created by default while creating ArcotID PKI. Therefore, these values cannot be modified.

Custom Attributes

NOTES_KEY/ NOTES_VALUE/ NOTES
  • Does not contain invalid characters (ASCII 0-31).
  • Custom attribute string length must be between 0 and 1024.

SSL Trust Store Group Name

SSL_TRUST_STORE_GROUP_NAME
  • SSL trust store group name is non-empty.
  • SSL trust store group name length is between 1 and 64.
  • Does not contain invalid characters (ASCII 0-31).

Minimum Threads

MIN_THREADS

Minimum thread count is between 1 and 1024.

Maximum Threads

MAX_THREADS

Maximum thread count is between 1 and 1024.

Threads Minimum and Maximum Count

MIN_THREADS

Minimum thread count is less than maximum thread count.

Additional Input

ADDITIONAL_INPUTS_NAME

Does not contain invalid characters (ASCII 0-31).

Server Statistics Option

STATS_OPTION

Checks for the following values:

  • CONSOLIDATED
  • PER_PROTOCOL
  • DATABASE
  • UDS_CLIENT
  • MAXVAL

Numeric Instance Attribute

parameterName that is passed to the function

Checks only if the numeric instance attributes are used.

Display Name

DISPLAY_NAME
  • Display name is non-empty.
  • Display name length is between 0 and 256.
  • Does not contain invalid characters (ASCII 0-31).

Logo URL

LOGO_URL

Checks if the URL format is valid.

Password Challenge Validity

PASSWORD_CHALLENGE_TIMEOUT_SECS

Password challenge validity is between 1 and 7200.

ArcotID Card Name

AUTH_CARD_NAME
  • ArcotID PKI Card Name is non-empty.
  • ArcotID PKI Card Name length is between 1 and 8.

Duplicate Questions

DUPLICATE_QUESTIONS

Questions are not duplicate.

Duplicate Answers

DUPLICATE_ANSWERS

Answers are not duplicate.

Partial password Length

PARTIAL_PWD_LENGTH

Partial password length is between 0 and 64.

QnA Shuffle Mode

QNA_SHUFFLE_MODE

Checks for the following values:

  • RANDOM
  • ALTERNATIVE

QnA Shuffle Flag

QNA_SHUFFLE_FLAG

Checks for the following values:

  • SHUFFLE_ALWAYS
  • SHFFULE_AFTER_SUCCESS_AUTH

QnA Return Mode

QNA_RETURN_MODE

Checks for the following values:

  • STATIC
  • RANDOM

OATH One-Time Password Length

OATH_OTP_LENGTH

OATH One-Time Password length is between 4 and 32.

OATH One-Time Password Token Type

OATH_OTP_TYPE

Checks for the following values:

  • HOTP
  • TOTP

OATH One-Time Password Authentication Look Ahead Count

OATH_OTP_AUTH_LOOK_AHEAD

OATH One-Time Password Authentication look ahead count is between 0 and 99999.

OATH One-Time Password Authentication Look Back Count

OATH_OTP_AUTH_LOOK_BACK

OATH One-Time Password Authentication look back count is between 0 and 99999.

OATH One-Time Password Synchronization Look Ahead Count

OATH_OTP_RESYNC_LOOK_AHEAD

OATH One-Time Password Synchronization look ahead count is between 0 and 99999.

OATH One-Time Password Synchronization Look Back Count

OATH_OTP_RESYNC_LOOK_BACK

OATH One-Time Password Synchronization look back count is between 0 and 99999.