Step 1 CA Auth ID PKI Download
To perform CA Auth ID PKI authentication, the CA Auth ID PKI of the user has to be present on the system from where the authentication request is originating. If the CA Auth ID PKI is not present, then it needs to be downloaded to the system. In such a case the user must perform a secondary authentication before the CA Auth ID PKI is downloaded.
aa813test
2112623
To perform CA Auth ID PKI authentication, the CA Auth ID PKI of the user has to be present on the system from where the authentication request is originating. If the CA Auth ID PKI is not present, then it needs to be downloaded to the system. In such a case the user must perform a secondary authentication before the CA Auth ID PKI is downloaded.
The ArcotWebFortAuthSvc provides the GetCA Auth ID operation that contains the elements to download the CA Auth ID PKI of the users.
This section covers the following topics for downloading CA Auth ID PKI of the users:
- Preparing the Request Message
- Invoking the Web Service
- Interpreting the Response Message
Preparing the Request Message
The GetCA Auth IDRequestMessage is used to send the CA Auth ID PKI download request to CA Strong Authentication Server. The following table lists the elements of this message:
Element | Mandatory | Description |
clientTxnId | No | Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions. |
userName | Yes | The unique identifier of the user whose CA Auth ID PKI has to be downloaded. |
orgName | No | The organization name to which the user belongs to. |
additionalInput/pairs | No | CA Strong Authentication’s additionalInput element enables you to set additional inputs if you want to augment CA Strong Authentication’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs. name (The name with which you want to create the key pair.) value (The corresponding value for name.) Some of the pre-defined additional input parameters include: AR_WF_LOCALE_ID
Specifies the locale that CA Strong Authentication will use while returning the messages back to your calling application. AR_WF_CALLER_ID
This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information. Note: The additionalInput element is available at the end of the request message. You can add more than one of these elements. |
Invoking the Web Service
To download the CA Auth ID PKI:
- (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the GetArcotID operation. See the section, "Managing Web Services Security" for more information on the header elements.
- (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
- Use GetArcotIDRequestMessage and construct the input message. See the table in the preceding section.
- Invoke the GetArcotID operation of the ArcotWebFortAuthSvc service to fetch the CA Auth ID PKI of the user to your application.This operation returns an instance of the GetArcotIDResponseMessage, which provides the CA Auth ID PKI of the user and transaction details. For more information, see the table containing information about the elements that the response message, GetArcotIDResponseMessage, returns.
- The user’s CA Auth ID PKI is set in the HTML or Java Server Page (JSP).
- Invoke the ImportArcotID client-side API to download the CA Auth ID PKI from your application to the end user’s system.
Refer to
CA Auth ID Client Reference Guide
for more information on the ImportArcotID function. CA Auth ID PKI Client provides the SDK in JavaScript programming language.Interpreting the Response Message
For successful transactions, the response message, GetArcotIDResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See the section, "Error Codes" for more information on the SOAP error messages.
Element | Description |
arcotID | The CA Auth ID PKI of the user in the base-64 encoded format. |
transactionDetails | Contains the following details of the transaction: message
A string that defines the status of the operation. reasoncode
Unique code that is sent by CA Strong Authentication Server if the operation fails. responseCode
Unique code that is sent by CA Strong Authentication Server if the operation fails. transactionID
Unique identifier of the transaction. additionalOutput
The output for the additionalInput that was passed to CA Strong Authentication Server. |