According to the RSA Authentication Agent API 8.6 for C Developer's Guide, AceContinueAuth() has 5 possible return values:
- ACM_OK = 0 (defined in sdacmvls.h)
- ACE_INVALID_ARG = 800 (defined in acclnt.h)
- ACE_ERR_INVALID_HANDLE = 101 (defined in acclnt.h
- ACE_NOT_ENOUGH_STORAGE = 750 (defined in acclnt.h)
- ACE_TOO_MANY_CALLERS = 700 (defined in acclnt.h)
However, I've encountered a scenario where AceContinueAuth() returns another value that's not listed above: 6, which I'm assuming corresponds to ACM_NEW_PIN_REQURED (defined in sdacmvls.h). The scenario I refer to is Test 1 / 7 for RSA Ready Certification, which tests for if the agent can handle delivering a System Generated PIN. After I enter my username and tokencode, I am asked if I wish to have the system generate a PIN. I enter "y", and that's when AceContinueAuth() returns 6.
Is this some issue with the documentation and/or API, or is there something about what AceContinueAuth() should return that I'm not understanding? I feel like it should be returning ACM_OK = 0.
From the Agent API Developer's Guide:
Note: The return value of AceContinueAuth indicates the success or failure of the
function, not of the authentication in progress. To get the actual authentication status,
use the AceGetAuthenticationStatus function with the handle returned from
AceStartAuth.
You can find examples of how this can be done in the sample applications included in the SDK.