Previous Topic: Authenticating LDAP UsersNext Topic: Using Directory Service Attributes

RiskMinder Web Services Developer's GuideManaging Users and AccountsAuthenticating LDAP UsersUsing the LDAP Password

Using the LDAP Password

Administration Console uses the LDAP authentication mechanism to authenticate the users whose accounts are available in the LDAP repository. In this case, users log in to the Console by specifying their LDAP user name and password.

To use the LDAP authentication mechanism to authenticate users, you must use the authenticateUser operation. This section walks you through the following steps for authenticating users using the LDAP authentication mechanism:

Preparing the Request Message

The following table lists the elements of the authenticateUserRequest message.

Element

Mandatory

Description

UserCredential/userId/orgName

No

The name of the organization to which the user belongs.

Note: If the organization name is not passed, then the Default Organization is used for the operation.

UserCredential/userId/userName

Yes

The unique identifier with which the user is identified in the system.

UserCredential/userId/userRefId

No

The identifier used as a reference to track different operations performed by a user.

UserCredential/userCredential/type

Yes

The credential that has to be used to authenticate the user. You must set the type as password.

clientTxId

No

The unique transaction identifier that your calling application can include. This identifier helps in tracking the related transactions.

Invoking the Web Service

To authenticate users using the LDAP authentication mechanism:

  1. (Optional) Include the authentication and authorization details in the header of the authenticateUser operation. See "Managing Web Services Security" for more information on the header elements.
  2. Use the authenticateUserRequest elements to collect the user and credential information, as listed in the table.
  3. Use the authenticateUserRequest message and construct the input message by using the details specified in the preceding step.
  4. Invoke the authenticateUser operation of the ArcorUserRegistrySvc service to set the user information.

    This operation returns the authenticateUserResponse message that includes the transaction identifier and the authentication token. See the following section for more information on the response message.

Interpreting the Response Message

The response message, authenticateUserResponse, returns the transaction identifier and the authentication token in the SOAP envelope header. The SOAP body includes the authentication status for a successful transaction and the Fault response for an error condition.

See the following table for more information on the elements returned for a successful transaction. Refer to appendix, Exceptions and Error Codes" if there are any errors.

Element

Description

Header Elements

udsTransactionID

The unique identifier of the transaction performed by using UDS.

authToken

The authentication token that is returned if the credential verification to access the Web service was successful. This token eliminates the need for you to present the authentication credential for successive access to the Web service.

By default, the authentication token is valid for one day, after which you need to authenticate again.

Body Elements

AuthResult/status

The authentication status of the user in the LDAP. Possible values are:

  • SUCCESS
  • FAILURE