000035620 - Query end user registration date using SOAP in RSA Adaptive Authentication (OnPrem) 7.x

Document created by RSA Customer Support Employee on Oct 18, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035620
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.x
IssueWhat would be the sample SOAP request for getting the registration timestamp for a given registered user?
What would be the sample SOAP request for getting the registration timestamp for ALL the registered users?
ResolutionQ1) What would be the sample SOAP request for getting the registration timestamp for a given registered user?
A/ There is a method  that brings this information, but it also brings additional data.  It is the getUserChangeHistory method (in the AA Admin service).
This is a sample request for the getUserChangeHistory method:

<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ " xmlns:adm="http://admin.ws.csd.rsa.com">
   <soapenv:Header />
   <soapenv:Body>
      <adm:getUserChangeHistory>
         <adm:in0>
            <adm:adminID>admin</adm:adminID>
            <adm:userName>user</adm:userName>
            <adm:securityHeader>
               <adm:callerCredential>password</adm:callerCredential>
               <adm:callerId>callerId</adm:callerId>
            </adm:securityHeader>
            <adm:userStatus xmlns:xsi="http://www.w3.org/2001/ XMLSchema-instance" xsi:nil="true" />
         </adm:in0>
      </adm:getUserChangeHistory>
   </soapenv:Body>
</soapenv:Envelope>

Q2) What would be the sample SOAP request for getting the registration timestamp for ALL the registered users?
A/ It is not available.  The previous SOAP request sent is used to request information for a single user and not for a batch or all users (since different organization sizes can have millions of users, and this query would not be efficient).  It can be done more efficiently by querying the database tables.
 
NotesThis query can be done in the database by joining the tables:
SELECT *
FROM USERCHANGEHISTORY B
INNER JOIN Users A ON A.Id = B.UserID
WHERE CHANGETYPE = 'C'
-- AND USERNAME = ''
Adding the “ChangeType = V” where clause would provide the timestamp when the user was verified and not the date when the user actually registered (when it was created in the database), but it is also helpful information depending on what is needed.  The user  state can change many times to “Verified” so this filter may retrieve multiple records.
A warning note on performance:
The Users table is frequently used by the AA system so it is highly recommended not to add much load through additional queries to that table in business hours.
If there is the need to run batch queries or queries over ALL users, the recommendation is to do it when the server has the lowest transactional load.  Else, it would impact the response time and performance of the system.
Single user queries may not have much impact if they are not done frequently.

Attachments

    Outcomes