Create Users in the CA Strong Authentication Database

This section walks you through the following topics for creating the users:
aatest
2112746
This section walks you through the following topics for creating the users:
  • Preparing the Request Message
  • Invoking the Web Service
  • Interpreting the Response Message
Preparing the Request Message
The createUserRequest message is used to create users in the CA Strong Authentication database. The following table lists the elements of this request message:
Element
Mandatory
Description
userId/orgName
No
The name of the organization to which the user must belong to.
Note:
If the organization name is not passed, then the Default Organization is used for the operation.
userID/userName
Yes
The unique identifier with which the user is identified in the system.
userId/userRefId
No
The unique identifier that is assigned to the user when they are created. This identifier is used as a reference to track different operations performed by a user.
dateCreated
No
The timestamp when the user was created in the system.
Note:
Not applicable for the createUserRequest operation.
dateModified
No
The timestamp when the user details were last modified.
Note:
Not applicable for the createUserRequest operation.
emailId
Yes
The email ID of the user that has to be registered. The default qualifier is EMAILID.
Note:
You can repeat this entry if you want to configure multiple email IDs for a user, and accordingly use the qualifier based on the email types configured using Administration Console. Refer to the
CA Strong Authentication Administration Guide
for more information on configuring multiple email IDs.
telephoneNumber
Yes
The telephone number of the user that has to be registered. The default qualifier is TELEPHONE.
Note:
You can repeat this entry if you want to configure multiple telephone numbers for a user, and accordingly use the qualifier based on the telephone types configured using Administration Console. Refer to the CA Strong Authentication Administration Guide for more information on configuring multiple telephone numbers.
firstName
No
The first name of the user.
middleName
No
The middle name of the user.
lastName
No
The last name of the user.
pam
No
The Personal Assurance Message (PAM) that is displayed to the user when they try to access a resource protected by CA Strong Authentication.
pamImageURL
No
The URL which contains the image that is displayed to the user, when they try to access a resource protected by CA Strong Authentication.
image
No
The picture that the user wants to upload to identify themselves.
status
No
The status of the user. To create the user, the status must be ACTIVE.
customAttribute
No
The additional user information that you want to pass as a name-value pair.
name
Indicates the name of the attribute that you want to create.
value
Indicates the corresponding value for the name.
startLockTime
No
The timestamp when the user has to be deactivated.
endLockTime
No
The timestamp when the deactivated user has to be activated.
account/accountType
Yes
 
Only
if the account element is defined.
The attribute that qualifies the account ID and provides additional context about the usage of the account ID.
account/accountID
No
The alternate identifier that is used to identify the user in addition to the user name. The account ID is also known as account.
account/accountStatus
No
The status of the account. Following are the supported values:
0-9: Indicates that the account is in the INITIAL state.
10-19: Indicates that the account is in the ACTIVE state.
20-29: Indicates that the account is in the INACTIVE state.
30-39: Indicates that the account is in the DELETED state.
>39: Indicates that the account state is UNKNOWN.
account/accountIDAttribute
No
The alternate identifier that is used to identify the user in the system.
Note:
You
cannot
pass more than three account ID attributes for a user.
account/dateCreated
No
The timestamp when the account ID was created.
Note:
Not applicable for the createUserRequest operation.
account/dateModified
No
The timestamp when the account ID was last modified.
Note:
Not applicable for the createUserRequest operation.
account/accountCustomAttribute
No
The additional account information that you want to pass as a name-value pair.
attributeName
Indicates the name of the attribute that you want to create.
attributeValue
Indicates the corresponding value for the name.
clientTxId
No
The unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.
Invoking the Web Service
To create users in the CA Strong Authentication database:
  1. (Optional) Include the authentication and authorization details in the header of the createUser operation. See the section, "Managing Web Services Security" for more information on the header elements.
  2. Use the createUserRequest elements to provide the user information.
  3. Use the createUserRequest message and construct the input message by using the details obtained in preceding step.
  4. Invoke the createUser operation of the ArcotUserRegistrySvc service to create users.
    This operation returns the createUserResponse message that includes the transaction identifier and the authentication token. See the following section for more information on the response message.
Interpreting the Response Message
The response message, createUserResponse, returns the transaction identifier and the authentication token in the SOAP envelope header. These elements are explained in the following table. The SOAP body returns a success message if the operation was performed successfully. If there are any errors, then the Fault response is returned. See the section, "Error Codes" for more information on the SOAP error messages.
Element
Description
udsTransactionID
The unique identifier of the transaction that is performed using UDS.
authToken
The authentication token that is returned if the credential verification to access Web services was successful. This token eliminates the need for you to present the authentication credential for successive access to the Web services.
By default, the authentication token is valid for
one
day, after which you need to authenticate again.