Hello,
I'm trying to verify a token with the Authentication Manager API.
Here's my body request:
{ "clientId": "rsa2.myDomain.com",
"subjectName": "myRSAmanagerUserName",
"context": {
"messageId": "9obadcde-6eab-40a3-a4a1-e9e92b8n74ez"
},
"subjectCredential": {
"methodId": "SECURID",
"collectedInputs": {
"name": "SECURID",
"value": "65989800"
}
}
}
And here's the response.
Why don't I just get a true / false on my token?
* token was generated with your token generation tool
{
"context": {
"authnAttemptId": "81544eac-29a3-4505-a878-6d53831d74c6",
"messageId": "dfc8d62a-c83f-4cd1-ad5d-cb609ab87ac4",
"inResponseTo": "9obadcde-6eab-40a3-a4a1-e9e92b8n74ez"
},
"credentialValidationResults": [],
"attemptResponseCode": "CHALLENGE",
"attemptReasonCode": "AUTHENTICATION_REQUIRED",
"challengeMethods": {
"challenges": [
{
"methodSetId": null,
"requiredMethods": [
{
"methodId": "SECURID",
"priority": null,
"versions": [
{
"versionId": "1.0.0",
"methodAttributes": [],
"valueRequired": true,
"referenceId": null,
"prompt": {
"promptResourceId": "SecurID.Resource.Prompt.Passcode",
"defaultText": "Enter passcode:",
"formatRegex": null,
"defaultValue": null,
"valueBeingDefined": false,
"sensitive": true,
"minLength": null,
"maxLength": null,
"promptArgs": []
}
}
]
}
]
}
]
}
}
A second question I have is how is the token associated with the user that generated it?
Let's say a user generates a token on his mobile app, and then needs to input that token into a desktop website.
How is the token associated with a username in the mobile app and how would an external web application on another machine have access to that username to pass along to the API?
Thanks.