CA Auth ID PKI for Authentication
CA Auth ID PKI is a challenge-response type of authentication, where CA Strong Authentication Server provides a challenge. The signed challenge is sent by the CA Auth ID PKI Client to the CA Strong Authentication Server through the application. The following topics are explained in this section:
aa813test
2112353
CA Auth ID PKI is a challenge-response type of authentication, where CA Strong Authentication Server provides a challenge. The signed challenge is sent by the CA Auth ID PKI Client to the CA Strong Authentication Server through the application. The following topics are explained in this section:
- CA Auth ID PKI Download
- CA Auth ID PKI Authentication
For successful CA Auth ID PKI authentication, you must ensure that you have integrated CA Auth ID PKI Client with application, as discussed in "Integrating CA Auth ID PKI Client with Application".
The CA Auth ID PKI download and authentication can be in multiple ways, see "Understanding CA Strong Authentication WorkFlows" for more information. This section focuses on the APIs that are used for these operations.
CA Auth ID PKI Download
To perform CA Auth ID PKI authentication, the CA Auth ID PKI of the user has to be present on the system from where the authentication request is originating. If the CA Auth ID PKI is not present, then it needs to be downloaded to the system. In such a case the user must perform a secondary authentication before the CA Auth ID PKI is downloaded.
To download the CA Auth ID PKI:
- (Optional) If you are implementing a plug-in, then invoke the setAdditionalInput() method in the AdditionalInput class to obtain an object that implements the class.See "Preparing Additional Input" for more information.
- Invoke the getArcotID() method of the ArcotIDAuth interface to fetch the CA Auth ID PKI of the user to your application.This method returns an instance of the ArcotIDResponse interface, which will have the CA Auth ID PKI of the user.
- The user’s CA Auth ID PKI is set in the HTML or Java Server Page (JSP).
- Invoke the ImportArcotID() client-side API to download the CA Auth ID PKI from your application to the end user’s system.
CA Auth ID PKI Authentication
To perform CA Auth ID PKI authentication:
- (Optional) If you are implementing a plug-in, then invoke the setAdditionalInput() method in the AdditionalInput class to obtain an object that implements the class.See "Preparing Additional Input" for more information.
- Invoke the getChallenge() method of the ArcotIDAuth interface to retrieve the challenge form the CA Strong Authentication Server.This method returns an instance of the ArcotIDChallengeResponse, which has the transaction details and also the challenge from the server.
- The challenge is sent to the end user through HTML Page.
- Invoke the CA Auth ID PKI Client-side method, SignChallengeEx() to sign the challenge.The application collects the CA Auth ID PKI password and the challenge is signed by the CA Auth ID PKI Client using the CA Auth ID PKI password.
- Invoke the verifySignedChallenge() method of the ArcotIDAuth interface to verify the signed challenge. Optionally, you can also specify the token type that must be returned to the useraftersuccessful authentication by using the AuthTokenType class.This method returns an instance of the AuthResponse interface, which provides the transaction details, credential details, and token information.