AnsweredAssumed Answered

Unable to verify token

Question asked by Aviv Niego on Aug 26, 2019

Hello,

 

I'm trying to verify a token with the Authentication Manager API.

Here's my body request:

 

{ "clientId": "rsa2.myDomain.com",
  "subjectName": "myRSAmanagerUserName",
  "context": {
      "messageId": "9obadcde-6eab-40a3-a4a1-e9e92b8n74ez"
  },
  "subjectCredential": {
     "methodId": "SECURID",
     "collectedInputs": {
          "name": "SECURID",
          "value": "65989800"
     }
  }   
}

 

And here's the response.

Why don't I just get a true / false on my token?

* token was generated with your token generation tool

 

{
    "context": {
        "authnAttemptId": "81544eac-29a3-4505-a878-6d53831d74c6",
        "messageId": "dfc8d62a-c83f-4cd1-ad5d-cb609ab87ac4",
        "inResponseTo": "9obadcde-6eab-40a3-a4a1-e9e92b8n74ez"
    },
    "credentialValidationResults": [],
    "attemptResponseCode": "CHALLENGE",
    "attemptReasonCode": "AUTHENTICATION_REQUIRED",
    "challengeMethods": {
        "challenges": [
            {
                "methodSetId": null,
                "requiredMethods": [
                    {
                        "methodId": "SECURID",
                        "priority": null,
                        "versions": [
                            {
                                "versionId": "1.0.0",
                                "methodAttributes": [],
                                "valueRequired": true,
                                "referenceId": null,
                                "prompt": {
                                    "promptResourceId": "SecurID.Resource.Prompt.Passcode",
                                    "defaultText": "Enter passcode:",
                                    "formatRegex": null,
                                    "defaultValue": null,
                                    "valueBeingDefined": false,
                                    "sensitive": true,
                                    "minLength": null,
                                    "maxLength": null,
                                    "promptArgs": []
                                }
                            }
                        ]
                    }
                ]
            }
        ]
    }
}

 

 

A second question I have is how is the token associated with the user that generated it?

Let's say a user generates a token on his mobile app, and then needs to input that token into a desktop website.

How is the token associated with a username in the mobile app and how would an external web application on another machine have access to that  username to pass along to the API?

 

Thanks.

Outcomes