Verifying User Attributes
You can authenticate the users of an organization (mapped to LDAP repository) by using their LDAP attributes. You must use the performQnAVerification operation to perform this authentication. This section walks you through the following topics related to this operation:
aa813test
2112902
You can authenticate the users of an organization (mapped to LDAP repository) by using their LDAP attributes. You must use the performQnAVerification operation to perform this authentication. This section walks you through the following topics related to this operation:
- Preparing the Request Message
- Invoking the Web Service
- Interpreting the Response Message
Preparing the Request Message
The following table lists the elements of the QnAVerificationRequest message:
Element | Mandatory | Description |
username | Yes | The unique identifier of the user whose attributes you want to verify. |
orgname | Yes | The name of the LDAP organization to which the user belongs to. |
attributes/attribute | Yes | The name (attrName) and value (attrValue) of the attribute that has to be verified. |
ignorecase | Yes | Specifies whether the case of the attribute values passed in the input must match the case of the values stored in the directory service. Possible values are: 0: Indicates that the case must match. 1: Indicates that the case of the input values will be ignored. |
clientTxId | No | The unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions. |
Invoking the Web Service
To authenticate users with their LDAP attributes:
- (Optional) Include the authentication and authorization details in the header of the performQnAVerification operation. See the section, "Manage Web Services Security" for more information on the header elements.
- Use the performQnAVerificationRequest elements to collect the user, organization, and attribute information, as listed in the preceding table.
- Use the QnAVerificationRequest message and construct the input message by using the details obtained in preceding step.
- Invoke the performQnAVerification operation of the ArcotUserRegistrySvc service to fetch the values of the user attributes that are stored in directory service.This operation returns the QnAVerificationResponse message that includes the transaction identifier, authentication token, and verification result. See the following section for more information on the response message.
Interpreting the Response Message
The response message, QnAAVerificationResponse, returns the transaction identifier and the authentication token in the SOAP envelope header. The SOAP body includes the verification result for each attribute and the Fault response for an error condition.
See the following table for more information on the elements returned for a successful transaction. See the section, "Error Codes" if there are any errors.
Element | Description |
Header Elements | |
udsTransactionID | The unique identifier of the transaction that is performed using UDS. |
authToken | The authentication token that is returned if the credential verification to access Web services was successful. This token eliminates the need for you to present the authentication credential for successive access to the Web services. By default, the authentication token is valid for one day, after which you need to authenticate again. |
Body Elements | |
QnAResponseAttribute/name | The name of the user attribute that was verified. |
QnAResponseAttribute/result | The result of the verification. Possible values are: MATCHED NOT_MATCHED NOT_VERIFIED NOT_FOUND |