Verifying Password Type Credentials for Authentication
The authentication requests that are presented to the CA Strong Authentication Server must specify the type of credential that has to be used to process the requests. In case of RADIUS and ASSP authentication requests, the input requests do not have the provision to specify the type of credential. By default, RADIUS uses One-Time Password and ASSP uses password credential for authentication.
aa821test
2112389
The authentication requests that are presented to the CA Strong Authentication Server must specify the type of credential that has to be used to process the requests. In case of RADIUS and ASSP authentication requests, the input requests do not have the provision to specify the type of credential. By default, RADIUS uses One-Time Password and ASSP uses password credential for authentication.
To support any password-based authentication mechanisms for RADIUS and ASSP, or to map any input request with an unknown credential type to a particular password-based authentication mechanism you must create the
Credential Type Resolution
configuration. You can map the input request to any of the following credentials that CA Strong Authentication supports:- Password
- OTP
- OATH OTP
- CA Auth ID OTP-OATH
- CA Auth ID OTP-EMV
- RADIUS OTP
- LDAP Password
- Native Token
If a particular input request uses the credential resolution configuration, then the verifyPlain method in the PlainAuth interface is invoked to process that request. Based on the configuration, the incoming user credential will be mapped to the credential that it is configured to.
To use this feature, you should have configured the created credential type resolution using the Administration Console. Refer to
CA Strong Authentication Administration Guide
for more information.To verify a password type credential:
- Implement the logic to collect the password from the user.
- (Optional) If you are implementing a plug-in, then invoke the setAdditionalInput() method in the AdditionalInput class to obtain an object that implements the class.See "Preparing Additional Input" for more information.
- Invoke the verifyPlain() method of the PlainAuth interface to verify the password of the user. Optionally, you can also specify the token type that must be returned to the useraftersuccessful authentication by using the AuthTokenType class.This method returns an instance of the AuthResponse interface, which provides the transaction details, credential details, and token information.