Self Service User Authentication Service Usage Guidelines. Copyright 2013, CionSystems Inc.

Similar documents
Cloud Identity Management Tool Quick Start Guide

Enterprise Self Service Quick start Guide

Active Directory Manager Pro New Features

Active Directory Reporter Quick start Guide

formerly Help Desk Authority HDAccess Administrator Guide

Sample Configuration: Cisco UCS, LDAP and Active Directory

Security whitepaper. CloudAnywhere.

Active Directory Change Notifier Quick Start Guide

Security Analytics Engine 1.0. Help Desk User Guide

Strong Authentication for Microsoft SharePoint

Companion for MS Analysis Server, v4

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

Defender Delegated Administration. User Guide

Dell One Identity Cloud Access Manager How to Configure vworkspace Integration

4.0. Offline Folder Wizard. User Guide

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Active Directory Manager Pro Quick start Guide

DIGIPASS Authentication for Windows Logon Product Guide 1.1

Synology SSO Server. Development Guide

Adeptia Suite LDAP Integration Guide

Setup Reset Password Portal. CloudAnywhere. Auteur Emmanuel Dreux

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

ZIMPERIUM, INC. END USER LICENSE TERMS

Centrify Mobile Authentication Services

Strong Authentication for Cisco ASA 5500 Series

Dell InTrust Preparing for Auditing Microsoft SQL Server

Strong Authentication for Microsoft TS Web / RD Web

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

APPLICATION NOTE. Secure Personalization with Transport Key Authentication. ATSHA204A, ATECC108A, and ATECC508A. Introduction.

formerly Help Desk Authority Quest Free Network Tools User Manual

idp Connect for OutSystems applications

Oracle Directory Services Integration with Database Enterprise User Security O R A C L E W H I T E P A P E R F E B R U A R Y

Microsoft Active Directory Oracle Enterprise Gateway Integration Guide

CRM to Exchange Synchronization

MasterCard In tern et Gatew ay Service (MIGS)

Experian Username and Password Self Service Facility. User Guide

Understanding Enterprise Cloud Governance

An Oracle White Paper September Directory Services Integration with Database Enterprise User Security

Qualtrics Single Sign-On Specification

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Self Help Guides. Create a New User in a Domain

AD Self-Service Suite for Active Directory

Understanding and Configuring Password Manager for Maximum Benefits

Active Directory Self-Service FAQ

CA Performance Center

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Dell One Identity Cloud Access Manager How to Develop OpenID Connect Apps

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Dell One Identity Quick Connect for Cloud Services 3.6.0

Terms and Conditions. Wisconsin Department of Safety and Professional Services Application Hosting Agreement

Introduction to Version Control in

Centrify Mobile Authentication Services for Samsung KNOX

OpenLDAP Oracle Enterprise Gateway Integration Guide

Quest Privilege Manager Console Installation and Configuration Guide

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Dell Statistica. Statistica Document Management System (SDMS) Requirements

ChangeAuditor 6.0 For Windows File Servers. Event Reference Guide

Dell One Identity Quick Connect for Cloud Services 3.6.1

Enabling Single Sign- On for Common Identity using F5

ChangeAuditor 5.6. For Windows File Servers Event Reference Guide

Using Premium Automatic Call Distribution for Call Centers

Print Management. User's Guide

MiSync Personal for Beams

Aras Innovator Authentication Setup

Web Services Credit Card Errors A Troubleshooter

Manage Oracle Database Users and Roles Centrally in Active Directory or Sun Directory. Overview August 2008

Strong Authentication for Juniper Networks

CUSTOMER SAP Afaria Windows Phone and Windows 8.1 Enrollment

Spotlight Management Pack for SCOM

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Organized, Hybridized Network Monitoring

Getting the Most From. Your Help Desk

BES10 Self-Service. Version: User Guide

CA Nimsoft Service Desk

DualShield Authentication Platform

Copyright Sagicor Life Insurance Company. All rights reserved.

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

PHP Integration Kit. Version User Guide

Dell One Identity Cloud Access Manager How To Deploy Cloud Access Manager in a Virtual Private Cloud

Online Account Management Service The Reliant Online Account Management Service consists of the following features:

Security Features in Password Manager

New Security Features

Defender 5.7. Remote Access User Guide

Deliver Oracle BI Publisher documents to Microsoft Office SharePoint Server An Oracle White Paper July 2008

Enterprise Reporter Report Library

Application Note. Intelligent Application Gateway with SA server using AD password and OTP

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

DIGIPASS as a Service. Google Apps Integration

PowerLink for Blackboard Vista and Campus Edition Install Guide

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

PocketSuite Terms of Service. Last modified: November 2015

How To Set Up Chime For A Coworker On Windows (Windows) With A Windows 7 (Windows 7) On A Windows 8.1 (Windows 8) With An Ipad (Windows).Net (Windows Xp

Agent Configuration Guide

SolarWinds Technical Reference

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

formerly Help Desk Authority HDAccess User Manual

1. Install the SOAP Toolkit 3.0 on your computer. This is freely available from msdn.microsoft.com.

Transcription:

Self Service User Authentication Service Usage Guidelines

Table of Contents User Authentication Service Functionality... 2 WebService URL:... 2 Methods Exposed by Service... 2 AuthenticateUser... 2 ValidateTwoFactorAuthentication... 5 UserEvent... 8 GetUserDetails... 9 Error Codes... 10

User Authentication Service Functionality User Authentication service is Web Service exposed as part of Self-service application. This web service is exposed to external clients to authenticate the users with Self-service application. The external client just needs to provide User Name, password and Security Question with Answers or SMSPinNumber. The web service will take this information validate against either Active Directory or Open Ldap based on the Data Source mechanism chosen in Self-service application. WebService URL: First add the WebService Reference to Client Application. URL: http://ipaddress/selfservice/services/userauthenticationservice.asmx Methods Exposed by Service AuthenticateUser This method will validate the Username and password against Ldap Source and returns the Security Questions configured for that user or SMSPinNumber send to respective User mobile number and also returns Authentication Token. Security Questions or SMSPinNumber depends on Two Factor Authentication Type of SelfService Configurations screen. If Two Factor Authentication Type is not selected in SelfService application, then this will not return Security Questions and SMSPinNumber to that User. Then ValidateSecurity Answers method will not execute so it will return UserName, DistinguishedName, LogonDateTime. Input: AuthenticateUser method will accept UserAuthenticationRequest entity as Input Parameter. The UserAuthenticationRequest entity has following properties. User, SecurityQuestion [],UserAuthenticationToken and SMSPinNumber. Note : SecurityQuestion [], UserAuthenticationToken and SMSPinNumber these properties will not use in AuthenticateUser method, it will be used in ValidateTwoFactorAuthentication method. User property contains UserName and Password. These two only passing as input parameters for AuthenticateUser method.

UserName and Password sends as Input Parameters with Encryption using CionEncryptionManager. Output: AuthenticateUser method will return UserAuthenticationResponse entity as response. The UserAuthenticationResponse has following properties. The Output of this method depends upon Configurations in SelfService Application. If Two Factor Authentication Type is SecurityQuestions then it will return Security Questions or Two Factor Authentication Type is SMSPinNumber then SMSPinNumber Code will generate and sends it to User mobile number. If any of these two options(securityquestions or SMSPinNumber) are not selected in SelfService Two Factor Authentication then return Output as User Name, DistinguishedName and LogonDateTime. If Two FactorAuthenticationType is SMSPinNumber then SMSPinNumber Code will be generated and send it to User Mobile number. SecurityQuestion[] This is Security Questions Collection. Once User name and password is validated, service will return the security questions which are configured by user in SelfService application. These question along with answers needs to attach in Request object and send to Service for Two Factor authentication. EnableTwoFactorAuthentication This is Boolean value. If Two Factor Authentication is enabled in SelfService application then returns true otherwise false. UserAuthenticationToken This is a unique token generated by server and sends to client. The same Token should send to Server as part of request for Two Factor authentication. If Two Factor Authentication is disabled in SelfService application then UserAuthenticationToken value will not return by the service. TwoFactorAuthType This property returns Type of TwoFactor Authentication configured in SelfService application. Possible values are Security Questions or SMSPinNumber and None if disabled two factor authentication. UserLogonDetails This property contains UserName, FirstName, LastName, LogonTime and DistinguishedName UserName This UserName is part of request for further method (ValidateTwoFactorAuthentication). ResponseStatus This property contains few Sub Properties. They are,

a). StatusCode - This will provide Status code as 1000, 1001 and 1003. b). Message This will provide Message for Success/Fail/Error. c). Exception - This property contains few sub properties they are, i). Code - This property will provide error code. Ex: 6000, 6001... So on. ii).description This will provide Error code message. Ex: UserName should not be empty. Please enter username. iii). Severity This property provides error priority they are, Critical, High, Medium, Low and Information. iv). Timestamp - This will provide date time in ticks. Note: If EnableTwoFactorAuthentication is set to false then client not require to call ValidateTwoFactorAuthentication method. The AuthenticateUser method itself will return sufficient information (Username, DistinguishedName, LogonDateTime to authenticate the client. ValidateResponse: If the Status Code of Response object is 1000 then the Request is Success. If the Status Code of Response object is 1001 then the Request is Fail. If the Status Code of Response object is 1003 then the Request is Error. Sample Code: Calling Service : Password should Pass with encryption as below. ServiceReference1.UserAuthenticationServiceSoapClient clnt = new ServiceReference1.UserAuthenticationServiceSoapClient(); ServiceReference1.UserAuthenticationRequest req = new ServiceReference1.UserAuthenticationRequest(); string encpasssword = GetEncryptedPassword(txtUserName.Text, txtpassword.text) req.user = new UserSecurityTestApplication.ServiceReference1.User() { UserName = txtusername.text, Password = encpasssword }; ServiceReference1.UserAuthenticationResponse resp = clnt.authenticateuser(req); Protect Password With Encryption Library: Here UserName and Password are Encrypting using CionEncryptionManager. For this add two dlls references (CionEncryptionManager and CionEncryptionHelper) private string GetEncryptedPassword(string username, string plainpassword)

{ IPAddress[] iplist = Dns.GetHostAddresses(Dns.GetHostName()); string ipaddress = string.empty; foreach (IPAddress tmpaddress in iplist) { if (tmpaddress.addressfamily == AddressFamily.InterNetwork) { ipaddress = tmpaddress.tostring(); break; } } CionFramework.Utils.EncryptionManager encriptionmanager = new CionFramework.Utils.EncryptionManager(ipAddress); string usermd5 = encriptionmanager.md5encrypt(txtusername.text); CionFramework.Utils.EncryptionKeyGenerator enckeygen = new CionFramework.Utils.EncryptionKeyGenerator(); string enckeyforpwd = enckeygen.generatekey(usermd5, IPAddress(), 24); CionFramework.Utils.EncryptionManager encmanagerpwd = new CionFramework.Utils.EncryptionManager(encKeyForPwd); string encryptpasssword = encmanagerpwd.tripledesencrypt(txtpassword.text); return encryptpasssword; } Validating Response : Response Object will provide UserName, FirstName, LastName, LogonTime, DistinguishedName (These are in UserAuthDetails property). SecurityQuestions, UserAuthenticationToken, ResponseStatus, EnableTwoFactorAuthentication and TwoFactorAuthType. resp.responsestatus.statuscode // 1000,1001 and 1003. resp.responsestatus.message //If error, it will show message (Success/Fail/Error). resp.responsestatus.exception.code // If error, it will show Error code. resp.responsestatus.exception.description // Error Code Description. ValidateTwoFactorAuthentication This will validate the Authentication Token which is issues for the same user in first request.if the Token is valid then it will validate the Two Factor Authentication (Security question Answers or SMSPinNumber code).

Input: Here input parameter depends upon Two Factor Authentication Type. If Two Factor Authentication Type is SecurityQuestions then accepts Answers and QuestionIds as input parameters. If Two Factor Authentication Type is SMSPinNumber then accepts SMSPinNumber code as input parameter. ValidateTwoFactorAuthentication method will accept UserAuthenticationRequest entity as Input Parameter. The UserAuthenticationRequest entity has following properties. Answer Its will take Security Answers for user Configured Security Questions. Here Answers should be sent with Encrypted using CionEncryptionManager dll. UserAuthenticationToken This is Unique token generated by server and sends to client. So that the Client should send to Server as part for request for further communication with Server. UserName It is for sending User name to validate Security Questions or SMSPinNumber to that user. QuestionId - This will accepts question Ids for those User Configured Security Questions while registration. QuestionName This property for show Question names. SMSPinNumber The Generated SMSPinNumber code which was sent to user mobile number has to be passed as input parameter to validate SMSPinNumber. This Generated Code will be valid before Twenty Four hours to got SMS. Output: ValidateTwoFactorAuthentication method will return UserAuthenticationResponse entity as response. The UserAuthenticationResponse has following properties. UserLogonDetails This property contains UserName, FirstName, LastName, LogonTime and DistinguishedName ResponseStatus This property contains few Sub Properties. They are, a). StatusCode - This will provide Status code as 1000, 1001 and 1003. b). Message This will provide Message for Success/Fail/Error. c). Exception - This property contains few sub properties they are, i). Code - This property will provide error code. Ex: 6000, 6001... So on. ii).description This will provide Error code message. Ex: UserName should not be empty. Please enter username. iii). Severity This property provides error priority, possible priorities are,

Critical, High, Medium, Low and Information. iv). Timestamp - This will provide date time in ticks. ValidateResponse: If the Status Code of Response object is 1000 then the Request is Success. If the Status Code of Response object is 1001 then the Request is Fail. If the Status Code of Response object is 1003 then the Request is Error. Sample Code: Calling Service: Answers should with encryption. Input parameters: UserName, QuestionIds, Answers(with Encrypted) and User UserAuthenticationToken. ServiceReference1.UserAuthenticationRequest req = new ServiceReference1.UserAuthenticationRequest(); ServiceReference1.SecurityQuestion[] securityques = resp.securityquestions; for (int j = 0; j < securityques.length; j++) { if (securityques [j].questionid == 1) securityques [j].answer = 2WKUml+xQUk=; if (securityques [j].questionid == 2) securityques [j].answer = ZBwRidAP2Gg= ; if (securityques [j].questionid == 3) securityques [j].answer = 2WKUml+xQUk= ; } req.user = new UserSecurityTestApplication.ServiceReference1.User() { UserName = username }; req.securityquestions = securityques; req.userauthenticationtoken = resp.userauthenticationtoken; ServiceReference1.UserAuthenticationResponse resp = ValidateTwoFactorAuthentication (req); clnt. Validating Response: resp. DistinguishedName resp.username resp.logondatetime resp.responsestatus.statuscode // 1000,1001 and 1003. resp.responsestatus.message //If error, it will show message (Success/Fail/Error). resp.responsestatus.exception.code // If error, it will show Error code. resp.responsestatus.exception.description // Error Code Description.

UserEvent This method will stores the data in database about user event. Input: This UserEvent method is Boolean return type method. UserEvent method will accept UpdateEntities entity as Input Parameter. The UpdateEntities entity has following properties. UserName, EntityID, EntityType, SubEntityID, SubEntityType, EventType, Value, ValueType, EventDescription and EventDate. These properties are set to UpdateEntities entity (Request Object) object to store the data in Database (USER_EVENT ) table. Output: If Boolean Type returns true then Data has stored successfully in database, if returns false then failed in storing data in database. ValidateResponse: If returns type is true, then Request is Successfully stored or else returns false then Failed in storing data in Database table. Sample Code: Request Object: ServiceReference1.UpdateEntities entity = new ServiceReference1.UpdateEntities(); entity.userid = txtuserid.text; entity.entityid = Convert.ToInt32(txtEntityId.Text); entity.entitytype = txtentitytype.text; entity.subentityid = Convert.ToInt32(txtSubEntityId.Text); entity.subentitytype = txtsubentitytype.text; entity.eventtype = txteventtype.text; entity.value = txtvalue.text; entity.valuetype = txtvaluetype.text; entity.eventdescription = txteventdescription.text; entity.eventdate = Convert.ToDateTime("2012-11-07 14:21:32"); bool isvalid = clnt.userevent(entity); If returns true then the data stored Successfully. If returns false then failed to store data in database table.

GetUserDetails This method will returns the User details like FirstName, LastName and EmailId of the User when we provide user Distinguishedname. Input: This GetUserDetails method is UserDetailsResponse return type object. GetUserDetails method will accept UserDetailsRequest entity as Input Parameter. The UserDetailsRequest entity with the property List<String> UserDistinguishedNameList. This property are set to UserDetailsRequest entity (Request Object) object to get the user details (FirstName, LastName and Email) from LDAP/ActiveDirectory. Output: If List<UserDetails> UserDetailsList Type returns Count greater than zero (0) it returns Exception (ErrorCode 6015), if the user distinguishedname is invalid it returns Exception (ErrorCode 6016), if the user distinguishedname is Empty ValidateResponse: If the Status Code of Response object is 1000 then the Request is Success. If the Status Code of Response object is 1001 then the Request is Fail. If the Status Code of Response object is 1003 then the Request is Error. Sample Code: Request Object: ServiceReference1. UserDetailsRequest entity = new ServiceReference1. UserDetailsRequest (); string[] distnames = txtmultidistnames.text.split(new char[] { ';' }); ServiceReference1.ArrayOfString objarr = new ServiceReference1.ArrayOfString(); foreach (string item in distnames) { objarr.add(item); } req.userdistinguishednamelist = objarr; resp = clnt.getuserdetails(req);

//// Binding response user details to grid DataTable dtusrdtls = new DataTable(); dtusrdtls.columns.add("firstname", typeof(string)); dtusrdtls.columns.add("lastname", typeof(string)); dtusrdtls.columns.add("email", typeof(string)); DataRow dr = null; ServiceReference1.UserDetails[] usrdtls = resp.userdetailslist; foreach (ServiceReference1.UserDetails UserAttributes in usrdtls) { dr = dtusrdtls.newrow(); dr["firstname"] = UserAttributes.FirstName; dr["lastname"] = UserAttributes.LastName; dr["email"] = UserAttributes.EmailAddress; dtusrdtls.rows.add(dr); } dgvusrdtls.datasource = dtusrdtls; Error Codes Status codes and Messages for all methods. 6000 - Username should not be empty. Please provide valid username 6001 Client is not registered as a trusted party in SelfService. 6002 - User account is blocked. Please contact administrator. 6003 User account is not registered in SelfService application. Please Register. 6004 - Please provide valid answers. 6005 - Answers are required for Authentication. Please enter. 6006 - User Login failed. Please provide valid credentials. 6007 - Please enter valid One Time Password. 6008 - User account is locked. Please contact administrator. 6009 - User Authentication Token is Invalid. 6010 - Please provide Two Factor Authentication Values. 6011 - User account is disabled. Please contact administrator. 6012 - Password should not be empty. Please provide valid password. 6013 - User must change password at next logon. Please login to SelfService. 6014 - Unable to perform operation at this time. Please retry after few minutes or Contact Administrator. 6015 - Invalid Distinguishedname. 6016 - Distinguishedname should not be empty. Please provide Distinguishedname. 6017 - Password is Expired please reset your password. 6018.- "User Account is locked or disabled. Please contact administrator Note: Any Service connection failure cases should be handled by the Client Application.

Contact Notes: For technical support or feature requests, please contact us at Support@CionSystems.com or 425.605.5325. For sales or other business inquiries, we can be reached at Sales@CionSystems.com or 425.605.5325. If you d like to view a complete list of our Management solutions, please visit us online at www.cionsystems.com. Disclaimer The information in this document is provided in connection with CionSystems products. No license, express or implied, to any intellectual property right is granted by this document or in connection with the sale of CionSystems products. EXCEPT AS SET FORTH IN CIONSYSTEMS LICENSE AGREEMENT FOR THIS PRODUCT, CIONSYSTEMS INC. ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. IN NO EVENT SHALL CIONSYSTEMS INC. BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL,PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF CIONSYSTEMS INC. HAS BEEN ADVISED IN WRITING OF THE POSSIBILITY OF SUCH DAMAGES. CionSystems may update this document or the software application without notice. CionSystems Inc 16625 Redmond Way, Ste M106 Redmond, WA 98052 425.605.5325 This guide is provided for informational purposes only, and the contents may not be reproduced or transmitted in any form or by any means without our written permission.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information