Our Web development team is trying to get this information from the RSA database. They're not seeing any specific AA or AAAdmin call in the API to get this information....
The CHALLENGE_AUTH_METHOD column of EVENT_LOG keeps the data for the Auth method available for user in the analyze response with the minimum Auth level. It is not possible to track whether the user was actually challenged by the question or any other auth method(s) and therefore, this information can’t be pulled out in the existing implementation.
We only use the challenge questions and no other auth method, are you
saying that we cannot pull this information from the database reliably?
Enterprise Systems Administration and Support
Assuming that only auth method configured for the rules that are resulting in a challenge is "Question" then the below query will give the challenge question failures count.
select COUNT(*) from <db_name>.<db_schema>.EVENT_LOG where CHALLENGE_AUTH_METHOD = 'QUESTION' AND CHALLENGE_SUCCESSFUL = 'N';
hope this helps.
I think there is no specific webservice call to retrieve such information. In the Authenticate response, we have the below block, which is always returning back the failCount as 1, even though I failed 2nd or 3rd time in the same session.
<ns1:challengeQuestionMatchResult> <ns1:failCount>1</ns1:failCount> <ns1:matchCount>0</ns1:matchCount> </ns1:challengeQuestionMatchResult>
Not sure this is how it should be or this is a bug, which is reporting 1 always irrespective of multiple failures.
But, if you would like to retrieve the count from the database, use the below DB query.
select u.username, u.status, a.acspname, a.counts from RSA_CORE.users u join RSA_CORE.acspuseraccount a on u.id=a.userid where username='<your LoginName here>'
Thanks for the update!!!
Retrieving data ...