Page created: 10 Jun 2021
|
Page updated: 8 Feb 2022
When using the RSA SecurID IdP Adapter through the PingFederate authentication API, the adapter uses the following state models, action models, objects, and error codes.
State models
Status | Response Model | Action | Description |
---|---|---|---|
SECURID_CREDENTIAL_REQUIRED |
|
|
The SecurID credential is required for authentication. |
SECURID_NEXT_TOKENCODE_REQUIRED |
|
The next tokencode is required for authentication. | |
SECURID_REAUTHENTICATION_REQUIRED |
|
A passcode is required for re-authentication. | |
SECURID_SYSTEM_PIN_RESET_REQUIRED |
|
|
A new pin is generated for the user. |
SECURID_USER_PIN_RESET_REQUIRED |
|
|
The user needs to reset the pin. |
Action Models
Action | Request Model | Errors | Description |
---|---|---|---|
checkCredential |
|
|
Authenticate using SecureID credential. |
checkNextTokencode |
|
Wait until the tokencode changes, then enter the next tokencode. | |
checkPasscode |
|
Re-authenticate using the passcode. Wait until the passcode changes, then enter the next passcode. | |
resetPin |
|
|
Reset the pin used to get a passcode. |
Attributes
Attribute | Type | Description |
---|---|---|
username | String | The username used in first-factor authentication. |
RemainingTries | int | The number of tries left. |
pin | String | The new pin that the system generated for the user. |
pinMinLength | int | The minimum length needed for the pin. |
pinMaxLength | int | The maximum length needed for the pin. |
pinAlphabeticCharCount | int | The minimum number of letters needed for the pin. |
pinNumericCharCount | int | The minimum number of numbers needed for the pin. |
pinAlphaNumeric | boolean | Whether the pin can be alphanumeric. |
allowUsernameEdits | boolean | Username is not editable if the adapter is being used in second-factor authentication. |
authFailed | boolean | Whether this attempt is the result of a failed authorization attempt. |
resetFailed | boolean | Whether this attempt is the result of a failed pin reset attempt. |
pinResetMessage | String | Pin reset requirement. |
Error codes
An error code is returned if the call flow state has not reached a dead end, and the user can still authenticate with a device.
Error code | Message | userMessageKey | Parent code |
---|---|---|---|
INVALID_USERNAME | Username is not needed for second-factor authentication. | rsa.securid.error.invalid.username | VALIDATION_ERROR |
USERNAME_REQUIRED | Username is required. | rsa.securid.error.missing.username | VALIDATION_ERROR |
PIN_MISMATCH | The two pins entered are not the same. | rsa.securid.error.pin.mismatch | VALIDATION_ERROR |
INVALID_PIN | The pin entered is invalid. | rsa.securid.error.invalid.pin | VALIDATION_ERROR |