000032570 - How to Implement Device Binding in Adaptive Authentication (OnPrem) 7.1

Document created by RSA Customer Support Employee on Jan 4, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000032570
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Adaptive Authentication (OnPrem)
RSA Version/Condition: 7.1
 
IssueCustomer is inquiring enabling device binding. Can you please recommend some strategies and best practices on how to achieve this goal? 
ResolutionSent the Workflows and Processes Guide which contains the SOAP calls for creating user bindings.  Included a sample below:


Create User with Binding SOAP Request for Allow Action
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ws="http://ws.csd.rsa.com">
<soapenv:Header/>
<soapenv:Body>
<ws:createUser>
<ws:request>
<ws:actionTypeList>
<ws:genericActionTypes>SET_USER_STATUS</ws:genericActionTypes>
</ws:actionTypeList>
<ws:deviceRequest>
<ws:httpAccept>text/xml,application/xml,application/xhtml+xml,
text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
</ws:httpAccept>
<ws:httpAcceptChars>ISO-8859-1,utf-8;q=0.7,*;q=0.7</ws:httpAcceptChars>
<ws:httpAcceptEncoding>gzip,deflate</ws:httpAcceptEncoding>
<ws:httpAcceptLanguage>en-us,en;q=0.5</ws:httpAcceptLanguage>
<ws:httpReferrer>http://localhost:8880/reference_application/
PreLogin.do?scenario=flow2</ws:httpReferrer>
<ws:ipAddress>72.14.207.99</ws:ipAddress>
<ws:userAgent>Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US;
rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12</ws:userAgent>
</ws:deviceRequest>
<ws:identificationData>
<ws:delegated>true</ws:delegated>
<ws:userName>user</ws:userName>
<ws:userStatus>VERIFIED</ws:userStatus>
<ws:userType>PERSISTENT</ws:userType>
</ws:identificationData>
<ws:messageHeader>
<ws:apiType>DIRECT_SOAP_API</ws:apiType>
<ws:requestType>CREATEUSER</ws:requestType>
<ws:version>7.0</ws:version>
</ws:messageHeader>
<ws:securityHeader>
<ws:callerCredential>password</ws:callerCredential>
<ws:callerId>callerId</ws:callerId>
<ws:method>PASSWORD</ws:method>
</ws:securityHeader>
<ws:deviceManagementRequest>
<ws:actionTypeList>
<ws:deviceActionTypes>UPDATE_DEVICE</ws:deviceActionTypes>
</ws:actionTypeList>
<ws:deviceData>
<ws:bindingType>HARD_BIND</ws:bindingType>
<ws:newLabel>device_label</ws:newLabel>
</ws:deviceData>
</ws:deviceManagementRequest>
<ws:runRiskType>ALL</ws:runRiskType>
</ws:request>
</ws:createUser>
</soapenv:Body>
</soapenv:Envelope>

 

Also sent a copy of the WS API Reference Guide which has some further details about binding.  The section below is from page 38.
 
Step 6: Add User Information to the Database
In this step of the process:


a. If you have not already committed the user enrollment information to the



database, the collected session information is committed by submitting a

request message (6) to the updateUser method.

b. Set the userStatus to VERIFIED, if the user has supplied enough information

during the enrollment process. Setting the user status to VERIFIED confirms

user enrollment.


If you are using Positive Device Identification, which uses tokens or Flash Shared
Objects, you must bind the user device at this step. You can allow the user to
determine the label for the user device, for example, work, home, or other. For more
information about binding the user device, see the Integration Guide.

Outcomes