When using the RSA SecurID IdP Adapter through the PingFederate authentication API, the following flow is used for pin reset requests. This is initiated in the web browser.
- The status of
SECURID_CREDENTIAL_REQUIRED
is returned in the response to the API client. - The API client displays the information returned by PingFederate.
- The user enters the corresponding SecurID credential.
- The API client invokes the
checkCredential
action. - Depending on the user pin creation method configured in RSA SecurID, one of the following
occurs:
- The status of
SECURID_SYSTEM_PIN_RESET_REQUIRED
is returned with system generated pin. - The status of
SECURID_USER_PIN_RESET_REQUIRED
is returned with criteria required for the new pin.
- The status of
- The API client notifies the user that pin reset is required and displays the corresponding data.
- The user resets the pin.
- The API client invokes the following action based on the status received in step 5:
continue
if the status returned before wasSECURID_SYSTEM_PIN_RESET_REQUIRED
.resetPin
if the status returned before wasSECURID_USER_PIN_RESET_REQUIRED
.
- The status of
SECURID_REAUTHENTICATION_REQUIRED
is returned. - The API client notifies the user that re-authentication is required.
- The user re-authenticates with a passcode.
- The API client invokes the
checkPasscode
action.