Check Authorization (SCC_CHECK_AUTH) Service Operation

This service operation uses the User Manager adapter to validate a user name (user ID) and password combination against your user management system. The service operation provides an additional facility to return authorization information for an authenticated user. The service operation also authenticates a user using the PeopleTools user management system.

A call to the SCC_CHECK_AUTH service operation verifies whether the supplied user name and password combination is correct using the configured user management system. If the user name and password combination is correct, then the user is signed into the PeopleSoft system. Optionally, this service operation can return Role Based Access control (RBAC) authorization information for the authenticated user. The service caller can include optional role filter criteria in the request. The optional role filter criteria is compared against the PeopleSoft RBAC information associated with the user profile, and the matching role information is then returned to the client. This means that the user has access to the returned roles. All users accessing the SCC_CHECK_AUTH operation have an Anonymous status until they have been successfully authenticated. Anonymous users only have minimal system access.

Use SCC_CHECK_AUTH to allow a user to access your system through a front door, such as a login page, and to validate role authorization information.

The Check Authorization service operation:

  1. Verifies whether the input parameters exist (user name and password and optional Role filters).

  2. Calls the user management adapter to validate the user name and password combination.

  3. Matches the roles to the user profile roles and returns only roles that are common, if the optional role filters are provided.

  4. Prepares the response message. The service operation either signs in the user to the PeopleSoft system or returns an error. An error is returned when:

    • The input parameters, user name and password, are invalid.

    • The user name and password combination cannot be authenticated using the user management system.

The Check Authorization User service operation includes the following messages:

Input message: SCC_CHECK_AUTH_REQ

The following diagram shows the input parameters that the SCC_CHECK_AUTH service operation receives from a calling online transaction. For example, the user login page:

This example illustrates the fields and controls on the SCC_CHECK_AUTH_REQ Message Parameters. You can find definitions for the fields and controls later on this page.

SCC_CHECK_AUTH_REQ Message Parameters

The following input parameters are mandatory for the login page to pass to the service operation:

  • User name

  • Password

The following is an example of the SCC_CHECK_AUTH_REQ message that the SCC_CHECK_AUTH service operation receives from a login page:

<?xml version="1.0"?>
<SCC_CHECK_AUTH_REQ>
	<SCC_USERNAME>KANGA</SCC_USERNAME>
	<SCC_PASSWORD>Rooly</SCC_PASSWORD>
		<AUTHORIZATION>
			<ROLE>
				<ROLENAME>CS - Prospect</ROLENAME>
				<ROLENAME>CS - Student</ROLENAME>
			</ROLE>
<		/AUTHORIZATION>
</SCC_CHECK_AUTH_REQ>

Output message: SCC_CHECK_AUTH_RESP

The following diagram shows the output parameter that the SCC_CHECK_AUTH service operation passes to the calling online transaction:

This example illustrates the fields and controls on the SCC_CHECK_AUTH_RESP Message Parameters. You can find definitions for the fields and controls later on this page.

SCC_CHECK_AUTH_RESP Message Parameters

The following is an example of the SCC_CHECK_AUTH_RESP message that the SCC_CHECK_AUTH service operation transmits to the calling online transaction: 

<?xml version="1.0"?>
<SCC_CHECK_AUTH_RESP xmlns="http://xmlns.oracle.com/Enterprise/services">
	<AUTHORIZATION>
		<ROLE>
			<ROLENAME>CS - Student</ROLENAME>
		</ROLE>
	</AUTHORIZATION>
</SCC_CHECK_AUTH_RESP>

Fault message: SCC_FAULT_RESP

See Create User Account (SCC_USERREG_CREATEACCT) Service Operation, Fault message: SCC_FAULT_RESP.