000034532 - Get query -> GET_USER_CREDENTIAL is Returning Different Results in RSA Adaptive Authentication (OnPrem) 7.3 P1

Document created by RSA Customer Support Employee on Dec 13, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034532
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.3 P1
IssueIn AAOP version 7.3 P1 the SOAP Query()->GET_USER_CREDENTIALS will return credentialType EXTERNALMETHOD1 ,EXTERNALMETHOD2 and
EXTERNALMETHOD3. Customer was asking why this functionality was added as the behaviour is different from 7.1 P6.
Sample SOAP query and response from AA 7.1 P6:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> 
<soapenv:Body>
<ns1:queryResponse xmlns:ns1="http://ws.csd.rsa.com">
<ns1:queryReturn xsi:type="ns1:QueryResponse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns1:identificationData>
<ns1:delegated>false</ns1:delegated>
<ns1:transactionId>0ff7-:15ef93c1851:80d4fcf_TRX</ns1:transactionId>
<ns1:userName>fi11</ns1:userName>
<ns1:userStatus>NOTENROLLED</ns1:userStatus>
<ns1:userType>PERSISTENT</ns1:userType>
</ns1:identificationData>
<ns1:messageHeader>
<ns1:apiType>DIRECT_SOAP_API</ns1:apiType>
<ns1:requestType>QUERY</ns1:requestType>
<ns1:timeStamp>2016-10-31T20:18:07.160Z</ns1:timeStamp>
<ns1:version>6.0</ns1:version>
</ns1:messageHeader>
<ns1:statusHeader>
<ns1:reasonCode>0</ns1:reasonCode>
<ns1:reasonDescription>Operations were completed successfully</ns1:reasonDescription>
<ns1:statusCode>200</ns1:statusCode>
</ns1:statusHeader>
<ns1:userCredentials>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
</ns1:userCredentials>
</ns1:queryReturn>
</ns1:queryResponse>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ws:query xmlns:ws="http://ws.csd.rsa.com">
<ws:request>
<ws:actionTypeList>
<ws:genericActionTypes>GET_USER_CREDENTIAL</ws:genericActionTypes>
</ws:actionTypeList>
<ws:identificationData>
<ws:userName>fi1</ws:userName>
<ws:userStatus>VERIFIED</ws:userStatus>
<ws:userType>PERSISTENT</ws:userType>
</ws:identificationData>
<ws:messageHeader>
<ws:apiType>DIRECT_SOAP_API</ws:apiType>
<ws:requestType>QUERY</ws:requestType>
<ws:version>6.0</ws:version>
</ws:messageHeader>
<ws:securityHeader>
<ws:callerCredential>${#TestCase#callerCredential}</ws:callerCredential>
<ws:callerId>${#TestCase#callerId}</ws:callerId>
<ws:method>PASSWORD</ws:method>
</ws:securityHeader>
</ws:request>
</ws:query>
</soapenv:Body>
</soapenv:Envelope>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns1:queryResponse xmlns:ns1="http://ws.csd.rsa.com">
<ns1:queryReturn xsi:type="ns1:QueryResponse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns1:identificationData>
<ns1:delegated>false</ns1:delegated>
<ns1:transactionId>eef7-:15ef93c1851:80d4fcf_TRX</ns1:transactionId>
<ns1:userName>fi1</ns1:userName>
<ns1:userStatus>VERIFIED</ns1:userStatus>
<ns1:userType>PERSISTENT</ns1:userType>
</ns1:identificationData>
<ns1:messageHeader>
<ns1:apiType>DIRECT_SOAP_API</ns1:apiType>
<ns1:requestType>QUERY</ns1:requestType>
<ns1:timeStamp>2016-10-31T20:18:32.378Z</ns1:timeStamp>
<ns1:version>6.0</ns1:version>
</ns1:messageHeader>
<ns1:statusHeader>
<ns1:reasonCode>0</ns1:reasonCode>
<ns1:reasonDescription>Operations were completed successfully</ns1:reasonDescription>
<ns1:statusCode>200</ns1:statusCode>
</ns1:statusHeader>
<ns1:userCredentials>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>OOBEMAIL</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>USER_DEFINED</ns1:credentialType>
</ns1:credential>
</ns1:userCredentials>
</ns1:queryReturn>
</ns1:queryResponse>
</soapenv:Body>
</soapenv:Envelope>

Sample SOAP query and response from AA 7.3 P1:
 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ws:query xmlns:ws="http://ws.csd.rsa.com">
<ws:request>
<ws:actionTypeList>
<ws:genericActionTypes>GET_USER_CREDENTIAL</ws:genericActionTypes>
</ws:actionTypeList>
<ws:identificationData>
<ws:userName>fid5</ws:userName>
<ws:userStatus>VERIFIED</ws:userStatus>
<ws:userType>PERSISTENT</ws:userType>
</ws:identificationData>
<ws:messageHeader>
<ws:apiType>DIRECT_SOAP_API</ws:apiType>
<ws:requestType>QUERY</ws:requestType>
<ws:version>6.0</ws:version>
</ws:messageHeader>
<ws:securityHeader>
<ws:callerCredential>${#TestCase#callerCredential}</ws:callerCredential>
<ws:callerId>${#TestCase#callerId}</ws:callerId>
<ws:method>PASSWORD</ws:method>
</ws:securityHeader>
</ws:request>
</ws:query>
</soapenv:Body>
</soapenv:Envelope>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<ns1:queryResponse xmlns:ns1="http://ws.csd.rsa.com">
<ns1:queryReturn xsi:type="ns1:QueryResponse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ns1:identificationData>
<ns1:delegated>false</ns1:delegated>
<ns1:transactionId>fff7-:628506ca851:843a5631_TRX</ns1:transactionId>
<ns1:userName>fid5</ns1:userName>
<ns1:userStatus>VERIFIED</ns1:userStatus>
<ns1:userType>PERSISTENT</ns1:userType>
</ns1:identificationData>
<ns1:messageHeader>
<ns1:apiType>DIRECT_SOAP_API</ns1:apiType>
<ns1:requestType>QUERY</ns1:requestType>
<ns1:timeStamp>2016-11-28T19:19:04.951Z</ns1:timeStamp>
<ns1:version>6.0</ns1:version>
</ns1:messageHeader>
<ns1:statusHeader>
<ns1:reasonCode>0</ns1:reasonCode>
<ns1:reasonDescription>Operations were completed successfully</ns1:reasonDescription>
<ns1:statusCode>200</ns1:statusCode>
</ns1:statusHeader>
<ns1:userCredentials>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>EXTERNALMETHOD2</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>EXTERNALMETHOD3</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>EXTERNALMETHOD1</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>QUESTION</ns1:credentialType>
</ns1:credential>
<ns1:credential>
<ns1:credentialStatus>ACTIVE</ns1:credentialStatus>
<ns1:credentialType>OTP</ns1:credentialType>
</ns1:credential>
</ns1:userCredentials>
</ns1:queryReturn>
</ns1:queryResponse>
</soapenv:Body>
</soapenv:Envelope>

 
ResolutionThis behaviour is configurable. The above methods were added in 7.3 P1 for external, client managed, plugins. If the Customer does not wish to see these in the SOAP response, they can comment out these from c-config-acsp.xml file. This will require removal of following entry from /RSA/configs/c-config-acsp.xml
Comment out the three tags shown below, do restart of AA services and test. 
<ref bean ="EXTERNALMETHOD1_METADATA_ENTRY"/> 
<ref bean ="EXTERNALMETHOD2_METADATA_ENTRY"/> 
<ref bean ="EXTERNALMETHOD3_METADATA_ENTRY"/> 


 

Attachments

    Outcomes