Credential Type Resolution Configurations

The authentication requests that are presented to CA Strong Authentication Server must specify the type of credential that has to be used to process the request. In case of RADIUS and ASSP authentication requests, the input requests do not specify the type of credential. By default, RADIUS uses One-Time Password and ASSP uses password credential for authentication.
aatest
2112642
The authentication requests that are presented to CA Strong Authentication Server must specify the type of credential that has to be used to process the request. In case of RADIUS and ASSP authentication requests, the input requests do not specify the type of credential. By default, RADIUS uses One-Time Password and ASSP uses password credential for authentication.
To support any password-based authentication mechanisms for RADIUS and ASSP, or to use verifyPlain authentication, you must create the
Credential Type Resolution
configuration. You can map the input request to any of the following password type of credentials that CA Strong Authentication supports:
  • Password
  • One-Time Password
  • One-Time Token (OTT)
  • OATH OTP
  • CA Auth ID OTP OATH
  • CA Auth ID OTP EMV
  • LDAP Password
  • Native Token
The credTypeResolutionConfigs element of the createRequest message is used to configure credential types.
The following table lists the elements of this message:
Element
Mandatory
Description
name
No
Name for the configuration.
status
No
Indicates the status of the configuration.
credType
No
The type of credential that has to be used to authenticate users with this credential type resolution configuration. Following are the supported values:
1
: For password
4
: For OTP
5
: For OTT
7
: For OATH OTP
8
: For CA Auth ID OTP-OATH
9
: For CA Auth ID OTP-EMV
10
: For LDAP password
11
: For Native token
userAttributeForCredType
No
The custom attributes of the user that defines the credential type to be used to authenticate the user. Include credType as one of the attributes.
Note:
The user attributes that you provide here must match the attributes that you have specified for the user during user creation.