When using the RSA SecurID IdP Adapter through the PingFederate authentication API, the adapter uses the following state models, action models, objects, and error codes.
State models
Status | Response Model | Action | Description |
---|---|---|---|
|
|
|
The SecurID credential is required for authentication. |
|
|
|
The next tokencode is required for authentication. |
|
|
|
The next tokencode is required for authentication (relevant only when you've integrated the Authentication Manager with the Cloud Authentication Service). |
|
|
|
The SecureID Authenticate one-time passcode (OTP) is required for authentication (relevant only when you've integrated the Authentication Manager with the Cloud Authentication Service). |
|
|
|
The user needs to select a Cloud Authentication Service challenge method. |
|
|
|
The SecureID Cloud Authentication Service's
|
|
There is no model for this state. |
|
A passcode is required for re-authentication. |
|
|
|
A new pin is generated for the user. |
|
|
|
The user needs to reset the pin. |
Action Models
Action | Request Model | Errors | Description |
---|---|---|---|
|
|
|
Authenticate using SecureID credential. |
|
|
Wait until the tokencode changes, then enter the next tokencode. |
|
|
|
Re-authenticate using the passcode. Wait until the passcode changes, then enter the next passcode. |
|
|
|
Authenticate using the passcode. |
|
|
This action has no model. |
|
Use an alternate authentication method. This action is required to initiate the selection of a different method. |
|
|
Enter SecurID Authenticate OTP code. |
|
|
|
|
The user needs to select a Cloud Authentication Service challenge
method. Valid supported methods are |
|
This action has no model. |
|
Poll for the status of the |
|
|
|
Reset the pin used to get a passcode. |
|
This action has no model. |
Cancels the current authentication flow. |
Attributes
Attribute | Type | Description |
---|---|---|
|
String |
The username used in first-factor authentication. |
|
int |
The number of tries left. |
|
String |
The new pin that the system generated for the user. |
|
int |
The minimum length needed for the pin. |
|
int |
The maximum length needed for the pin. |
|
int |
The minimum number of letters needed for the pin. |
|
int |
The minimum number of numbers needed for the pin. |
|
boolean |
Whether the pin can be alphanumeric. |
|
boolean |
Username is not editable if the adapter is being used in second-factor authentication. |
|
boolean |
Whether this attempt is the result of a failed authorization attempt. |
|
boolean |
Whether this attempt is the result of a failed pin reset attempt. |
|
String |
Additional error info if the current attempt resulted in a failed authorization. |
|
Arrays of strings |
The challenge method IDs values that are configured and supported
by the Cloud Authentication Service policy. The adapter returns
all values received from the CAS but only supports the
|
|
String |
Pin reset requirement. |
ChallengeMethodInfo
object
Parameter name | Type | Description |
---|---|---|
|
String |
The authentication method ID. |
|
String |
Provides a text prompt for the user to obtain the data that must be provided to complete authentication. |
|
Boolean |
Indicates if the method is available or not. This value is false until the user registers a device or method. |
|
|
The For internal details, see the RSA Authentication API Developer's Guide. |
Error codes
An error code is returned if the call flow state has not reached a dead end, and the user can still authenticate with a device.
Error code | Message | userMessageKey | Parent code |
---|---|---|---|
|
Username is not needed for second-factor authentication. |
|
|
|
Username is required. |
|
|
|
The two pins entered are not the same. |
|
|
|
The pin entered is invalid. |
|
|
|
The use of an alternate authentication method is not supported. |
|
|
|
The authentication method provided is invalid, unavailable, or not supported by the adapter. |
|
|