Authentication Web Service
Authentication is required before any usage of the XPI services, except authorization
which may be used for on-demand authentication, i.e. it will ask for additional authentication
if the subject does not have the appropriate authentication level. Once authenticated
the subject will be populated with security identities, i.e. principals. It is possible to add own
principals to the subject; make sure they do not collide with any reserved principal names. Depending on the configuration it may be necessary to authenticate
using more than one method when accessing a resource.
When using PortWise OCRA it is possible to use an application generated challenge, which may or may not be a representation of a text to be signed.
When using this mode, the challenge should be sent in the subject, with the key 'challenge', and the generated OTP in the password item. Username, challenge and password are mandatory.
Endpoint Services
| Name |
authenticate |
| Description |
Authenticates a subject using the specified method.
|
| Input |
| subject |
a Subject representing the entity to be
authenticated. The subject must contain the required credentials.
Optional. You can specify a prioritized list of notification channels to be used in the authentication. The list is separated with ';'.
This will only matter on methods that use notifications, and if not set, the configured default will be used.
|
| method |
an integer with the ID of the authentication method to be used.
Check the Administrator for authentication method's ID.
|
|
| Output |
The supplied Subject populated with username and
session principals, all the credentials will be removed.
|
| Since |
5.2 |
| Faults |
|
| Name |
logout |
| Description |
Logs out a subject by releasing any pending server resources and removes the authentication
principals.
|
| Input |
| subject |
the Subject representing the entity to be
logged out.
|
|
| Output |
The supplied Subject with the authentication principals
removed.
|
| Since |
5.2 |
| Faults |
|
Java Example
This example shows how to make an authentication call that requires a challenge, error handling omitted.
AuthenticateService locator = new AuthenticateService();
Authenticate service = locator.getAuthentication();
MapItem username = new MapItem();
username.setKey("username");
username.setValue("billy".getBytes(StandardCharsets.UTF_8));
MapItem password = new MapItem();
password.setKey("password");
password.setValue("secret".getBytes(StandardCharsets.UTF_8));
MapItem channels = new MapItem();
channels.setKey("channels");
channels.setValue("First SMS Channel 1; Secondary Channel".getBytes(StandardCharsets.UTF_8));
MapItem msgTemplate = new MapItem();
msgTemplate.setKey("msgtemplate");
msgTemplate.setValue("This is a custom message. Your OTP is {0} which is valid for {1} seconds from {2} and is for user {3}".getBytes(StandardCharsets.UTF_8));
creds.add(msgTemplate);
MapItem usermobile = new MapItem();
usermobile.setKey("usermobile");
usermobile.setValue("User mobile number".getBytes(StandardCharsets.UTF_8));
creds.add(usermobile);
MapItem useremail = new MapItem();
useremail.setKey("useremail");
useremail.setValue("User email Id".getBytes(StandardCharsets.UTF_8));
creds.add(useremail);
Subject subject = new Subject();
subject.getCredentials().add(username);
subject.getCredentials().add(password);
subject.getCredentials().add(channels);
subject.setLanguage("en");
try {
subject = service.authenticate(subject, 2);
} catch (ChallengeException ce) {
String msg = null;
int passwordIndex = -1;
subject = ce.getFaultInfo().getSubject();
List<MapItem> creds = subject.getCredentials();
for (MapItem item : subject.getCredentials()) {
if (item.getKey().equals("replymsg")) {
msg = new String(item.getValue());
} else if (item.getKey().equals("password")) {
passwordIndex = creds.indexOf(item);
}
}
...
creds.get(passwordIndex).setValue("token".getBytes(StandardCharsets.UTF_8));
subject = service.authenticate(subject, 2);
}
...
service.logout(subject);
Copyright © 1999-2023, Technology Nexus Secured Business Solutions AB. All rights reserved.