000021368 - How to correctly handle New PIN Rejected in custom RSA Authentication Agent

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021368
Applies ToRSA ACE/Agent 5.0.3 Authentication API
IssueHow to correctly handle New PIN Rejected in custom RSA Authentication Agent
SD_Pin(...) returns resultcode 1 (ACM_ACCESS_DENIED)
Cause

Calling API function SD_Pin() when not in new PIN mode is invalid and returns ACM_ACCESS_DENIED. In the code segment below, the call "SD_Pin(SdiHandle, "") is equivalent to AceCancelPin() and aborts the new pin processing:

int iRes;

iRes = SD_Pin(SdiHandle,sNewPin);   //invalid PIN

if( iRes!= ACM_NEW_PIN_ACCEPTED)

{

      SD_Pin(SdiHandle, "");   //ABORTS new pin processing!!

      //.. User prompted for new pin, user enters valid pin

      iRes= SD_Pin(SdiHandle , sNewPin );

      // return value unexpectedly = ACM_ACCESS_DENIED

} 

Resolution

To correct this issue, remove the SD_Pin(SdiHandle, "") call as shown below:

 

int iRes;

iRes = SD_Pin(SdiHandle,sNewPin);  //invalid PIN

if( iRes!= ACM_NEW_PIN_ACCEPTED)

{

      //.. User prompted for change pin, user enters valid pin

      iRes= SD_Pin(SdiHandle , sNewPin );

      // return value reflects valid attempt to set the PIN

}

Legacy Article IDa22705

Attachments

    Outcomes