Models, attributes, and error codes - PingFederate

RSA SecurID Integration Kit

bundle: pingfederate-rsa-securid-ik
ft:publication_title: RSA SecurID Integration Kit
Product_Version_ce
category: Administrator; Audience; ContentType; English; Integration; Language; Product; Productdocumentation; RSASecurID; integrationdocx; pingfederate
ContentType_ce: Integration; Product documentation

When using the RSA SecurID IdP Adapter through the PingFederate authentication API, the adapter uses the following state models, action models, objects, and error codes.

State models

Status	Response Model	Action	Description
`SECURID_CREDENTIAL_REQUIRED`	`username (String Optional)` `remainingTries (int)` `allowUsernameEdits (boolean)` `authFailed (boolean)` `resetFailed (boolean)`	`checkCredential` `validatePasscode` `useAlternateMethod` cancel	The SecurID credential is required for authentication.
`SECURID_NEXT_TOKENCODE_REQUIRED`	`authFailed (boolean)` `additionalErrorInfo (string)`	`checkNextTokencode` `cancel`	The next tokencode is required for authentication.
`SECURID_NEXT_CODE_REQUIRED`	`authFailed (boolean)` `additionalErrorInfo (string)`	`checkNextTokencode` `useAlternateMethod` `cancel`	The next tokencode is required for authentication (relevant only when you've integrated the Authentication Manager with the Cloud Authentication Service).
`SECURID_TOKEN_REQUIRED`	`authFailed (boolean)` `additionalErrorInfo (string)`	`checkNextTokencode` `useAlternateMethod` `cancel`	The SecureID Authenticate one-time passcode (OTP) is required for authentication (relevant only when you've integrated the Authentication Manager with the Cloud Authentication Service).
`SECURID_CAS_CHALLENGE_METHOD_REQUIRED`	`challengeMethodIds (array)` `challengeMethods (array of challengeMethodInfo objects)` `authFailed (boolean)` `resetFailed (boolean)`	`selectChallengeMethod` `cancel`	The user needs to select a Cloud Authentication Service challenge method.
`SECUREID_CAS_APPROVE_METHOD_PENDING_VERIFICATION`	`responseCode (string)` `reasonCode (string)`	`poll` `useAlternateMethod` `cancel`	The SecureID Cloud Authentication Service's `APPROVE` method request has been initiated and is pending verification.
`SECURID_REAUTHENTICATION_REQUIRED`	There is no model for this state.	`checkPasscode` `useAlternateMethod` `cancel`	A passcode is required for re-authentication.
`SECURID_SYSTEM_PIN_RESET_REQUIRED`	`pin (String)`	`continue` `useAlternateMethod` `cancel`	A new pin is generated for the user.
`SECURID_USER_PIN_RESET_REQUIRED`	`pinMinLength (int)` `pinMaxLength (int)` `pinAlphabeticCharCount (int)` `pinNumericCharCount (int)` `pinAlphaNumeric (boolean)` `pinResetMessage (string)` `authFailed (boolean)`	`resetPin` `useAlternateMethod` `cancel`	The user needs to reset the pin.

Action Models

Action	Request Model	Errors	Description
`checkCredential`	`username (String)` `passcode (String)`	Error: `VALIDATION_ERROR` Error Detail: `USERNAME_REQUIRED` Error Detail: `USERNAME_NOT_NEEDED`	Authenticate using SecureID credential.
`checkNextTokencode`	`tokencode (String)`		Wait until the tokencode changes, then enter the next tokencode.
`checkPasscode`	`passcode (String)`		Re-authenticate using the passcode. Wait until the passcode changes, then enter the next passcode.
`validatePasscode`	`passcode (String)`		Authenticate using the passcode.
`useAlternateMethod`	This action has no model.	Error: `VALIDATON_ERROR` Error Detail: `INVALID_REQUEST`	Use an alternate authentication method. This action is required to initiate the selection of a different method.
`checkTokencode`	`tokencode (string)`		Enter SecurID Authenticate OTP code.
`selectChallengeMethod`	`input (String)`	Error: `VALIDATION_ERROR` Error Detail: `UNEXPECTED_METHOD`	The user needs to select a Cloud Authentication Service challenge method. Valid supported methods are `SECURID`, `APPROVE`, and `TOKEN`.
`poll`	This action has no model.	Error: `VALIDATION_ERROR` Error Detail: `REQUEST_FAILED`	Poll for the status of the `APPROVE` method request.
`resetPin`	`newPin (String)` `confirmPin (String)`	Error: `VALIDATION_ERROR` Error Detail: `PIN_MISMATCH` Error Detail: `INVALID_PIN`	Reset the pin used to get a passcode.
`cancel`	This action has no model.		Cancels the current authentication flow.

Attributes

Attribute	Type	Description
`username`	String	The username used in first-factor authentication.
`RemainingTries`	int	The number of tries left.
`pin`	String	The new pin that the system generated for the user.
`pinMinLength`	int	The minimum length needed for the pin.
`pinMaxLength`	int	The maximum length needed for the pin.
`pinAlphabeticCharCount`	int	The minimum number of letters needed for the pin.
`pinNumericCharCount`	int	The minimum number of numbers needed for the pin.
`pinAlphaNumeric`	boolean	Whether the pin can be alphanumeric.
`allowUsernameEdits`	boolean	Username is not editable if the adapter is being used in second-factor authentication.
`authFailed`	boolean	Whether this attempt is the result of a failed authorization attempt.
`resetFailed`	boolean	Whether this attempt is the result of a failed pin reset attempt.
`additionalErrorInfo`	String	Additional error info if the current attempt resulted in a failed authorization.
`challengeMethodIds`	Arrays of strings	The challenge method IDs values that are configured and supported by the Cloud Authentication Service policy. The adapter returns all values received from the CAS but only supports the `APPROVE`, `SECURID` and `TOKEN` methods within.
`pinResetMessage`	String	Pin reset requirement.

`ChallengeMethodInfo` object

Parameter name	Type	Description
`methodId`	String	The authentication method ID.
`methodPromptDefaultText`	String	Provides a text prompt for the user to obtain the data that must be provided to complete authentication.
`methodAvailable`	Boolean	Indicates if the method is available or not. This value is false until the user registers a device or method.
`challengeMethodSet`	`ChallengeMethodSet` object	The `ChallengeMethodSet` object as received from RSA Authentication Manager. For internal details, see the RSA Authentication API Developer's Guide.

Error codes

An error code is returned if the call flow state has not reached a dead end, and the user can still authenticate with a device.

Detail level error codes
Error code	Message	userMessageKey	Parent code
`INVALID_USERNAME`	Username is not needed for second-factor authentication.	`rsa.securid.error.invalid.username`	`VALIDATION_ERROR`
`USERNAME_REQUIRED`	Username is required.	`rsa.securid.error.missing.username`	`VALIDATION_ERROR`
`PIN_MISMATCH`	The two pins entered are not the same.	`rsa.securid.error.pin.mismatch`	`VALIDATION_ERROR`
`INVALID_PIN`	The pin entered is invalid.	`rsa.securid.error.invalid.pin`	`VALIDATION_ERROR`
`USE_ALTERNATE_AUTHENTICATION_METHOD_NOT_SUPPORTED`	The use of an alternate authentication method is not supported.	`rsa.securid.error.use.alternate.authentication.method.not.supported`	`REQUEST_FAILED`
`UNEXPECTED_METHOD`	The authentication method provided is invalid, unavailable, or not supported by the adapter.	`rsa.securid.error.unexpected.method`	`VALIDATION_ERROR`