Password Input Elements
The upInput element contains the elements that are required for creating Password credential. The following table lists the elements for Password:
aa821test
2112686
The upInput element contains the elements that are required for creating Password credential. The following table lists the elements for Password:
Element | Mandatory | Description |
password | No | The password that the user needs to use for Password authentication. |
Invoking the Web Service
To create credentials for a user:
- (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the CreateCredential operation. See the section, "Manage Web Services Security" for more information on these details.
- Use the userName and orgName elements to fetch the details of the user for whom the credentials must be created.
- Depending on the type of credential you want to create, use the respective<CredentialName>Input element to obtain the credential information.The input required for each credential is different. For example, password is needed for Password as well as CA Auth ID PKI, while questions and corresponding answers are required for QnA credentials.
- (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.This type provides the additional information that is set as a name-value pair.
- Use CreateCredentialRequestMessage and construct the input message by using the details obtained in preceding steps.
- Invoke the CreateCredential operation of the ArcotWebFortIssuanceSvc service to create the credentials.This operation returns an instance of the CreateCredentialResponseMessage that includes the credential and transaction details.
Interpreting the Response Message
For successful transactions, the response message, CreateCredentialResponseMessage returns the elements explained in the following table. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See the section, "Error Codes" for more information on the SOAP error messages.
Method | Description |
User and Common Credential Information | |
userName | The unique identifier of the user. |
orgName | The organization to which the user belongs to. |
status | The status of the credential. Following are the supported values: ACTIVE (1)
The credential is active and can be used for authentication. LOCKED (2)
The credential is locked when the user consecutively fails to authenticate for the maximum number of negative attempts configured. For example if the maximum attempts configured is 3, then the third attempt with wrong credential will lock the credential. DISABLED (3)
The credential is disabled by the administrator. DELETED (4)
The credential of the user is deleted from the database. EXPIRED (5)
The credential of the user has expired. VERIFIED (50)
The credential is verified when the OTP submitted by the user is authenticated by CA Strong Authentication Server successfully. Note: This status is applicable only for OTP. |
remainingUsageCount | The number of times the credential can be used. |
createTime | The time when the credential was created. |
lastUpdatedTime | The time when the credential was updated last time. |
validityStartTime | The timestamp from when the credential is valid. |
validityEndTime | The date after which the credential expires. |
disableStartTime | The time when the credential has to be disabled. |
disableEndTime | The time when the disabled credential has to be enabled. |
numberOfFailedAuthAttempts | The total number of failed authentication attempts permitted for the user. |
lastSuccessAuthAttemptTime | The time when the last authentication attempt succeeded. |
lastFailedAuthAttemptTime | The time when the last authentication attempt failed. |
profileName | The profile name with which the credential was created. |
profileVersion | The version number of the profile. |
notes | The custom attributes that are set for the credential. |
CA Auth ID Output | |
unsignedAttributes | The unsigned attributes of the CA Auth ID PKI. |
CA Auth ID | The CA Auth ID PKI that is created for the user. |
OTP Output | |
otp | The OTP of the user. |
usageCount | Number of times the OTP can be used. |
OATH OTP Output | |
tokenID | The unique identifier of the OATH token. |
type | The type of OATH OTP, whether it is HOTP or TOTP. |
counterOffSet | The OATH OTP count on the server. |
ArcotOTP Output | |
card | The CA Auth ID OTP of the user. |
type | The type of CA Auth ID OTP, whether it is HOTP or TOTP. |
counterOffSet | The CA Auth ID OTP count on the server. |
EMV OTP Output | |
card | The EMV OTP of the user. |
counterOffSet | The EMV OTP count on the server. |
QnA Output | |
questions | The questions set for the user. |
Transaction Details | |
message | Indicates the status of the transaction. |
reasonCode | Unique code that is sent by CA Strong Authentication Server if the operation fails. |
responseCode | Code returned by the SDK in case of errors. |
transactionID | The unique identifier of the transaction. |
additionalOutput | The output for the additionalInput that was passed to CA Strong Authentication Server. |