Get Java Auth API sample code to authenticate consistently with 'Requires Name Lock' enabled

3 years ago

Originally Published: 2008-01-16

Article Number

000057127

Issue

Cause Java Auth API sample code to authenticate consistently when "Requires Name Lock" enabled
With "Requires Name Lock" disabled, the SecurID Java Authentication SDK sample code authenticates successfully.
With "Requires Name Lock" enabled, authentications may now fail with "ACCESS DENIED, name lock required" logged at the Authentication Manager.

Cause

The sample code as written collects the username to be authenticated from the command line and immediately sends a name lock to the Authentication Manager.
The sample code then prompts for a passcode and sends it to the Auth Manager once entered by the user.
If > 30 seconds have elapsed since the name lock was accepted by the Authentication Manager the name lock will have expired and the ACCESS DENIED error message above will be seen in the Auth Manager activity log.

Resolution

Modify the sample code to send the name lock after all user credentials have been gathered:

...
private void auth() throws Exception

    {
        String userName;
        String passCode;
        AuthSession session;

session = api.createUserSession();
userName = io.input("Username: ");

int authStatus = AuthSession.ACCESS_DENIED;

for (int i = 0; i < 3 && authStatus != AuthSession.ACCESS_OK; i++)
{

            //don?t do the lock yet
            //authStatus = session.lock(userName);
            passCode = io.input("Passcode: ");
            //have everything?now do name lock and send passcode
            authStatus = session.lock(userName);
            authStatus = session.check(userName, passCode);
            authStatus = finalizeAuth(authStatus, session);
            switch (authStatus)

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles