aggregate the response from UAS challenge and factory gateway apis. also if required may call the factor api which can be rest based.
post
/authn/v1
Returns a list of challenge preferred by user. Also in case the number of factors that can be used to challenge user is one and the prompt is also one, then challenge process can be initiated. Also passive factors, i.e, factors with no interaction required from user, can be initiated once the init is complete which will make the request to challenge the user. Example of such factors are Email OTP, SMS OTP, TOTP, Push Notification etc.
Request
There are no request parameters for this operation.
Supported Media Types
- application/xml
- application/json
Root Schema : schema
Type:
object
AuthnRequest contains user and context information to fetch challenges and initalize authn
Show Source
-
clientInfo(required): object
ClientInfo
Information about the calling service provider.
-
context(required): object
UserContext
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated. Default to 300 seconds (5 Mins)
-
userInfo: object
UserInfo
User information provided by the caller to identify the user in the system. This is an optional parameter.
Nested Schema : ClientInfo
Type:
object
Information about the calling service provider.
Show Source
-
clientId(required): string
Identifier of the client that uniquely identify the client
-
clientSecret(required): string
client secret that is used to validate the client
-
ctype: string
Provides the information regarding the mechanism available for user interaction.
Nested Schema : UserContext
Type:
object
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
Show Source
-
assuranceLevel: object
assuranceLevel
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
-
correlationId: string
transaction id provided by the challenge api if called previously.
-
customContext(required): object
CustomContext
Additional context present in the user request.
Nested Schema : UserInfo
Type:
object
User information provided by the caller to identify the user in the system. This is an optional parameter.
Show Source
-
groups: array
groups
The groups that user belongs to.
-
locale: string
The current locale of the user which will override preferred locale in user preference.
-
uniqueUserId: string
Immutable ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId(required): string
The user unique identitifer in the UAS system.
Nested Schema : assuranceLevel
Type:
object
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
Nested Schema : CustomContext
Type:
object
Additional context present in the user request.
Show Source
-
currentauthlevel: integer
current authentication level of the user, if any at the time of making the challenge request.
-
headers: array
headers
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
-
ipAddr(required): string
incoming ip address
-
ipforwarded: string
x-Forwarded-for from the user environment
-
ldapattributes: array
ldapattributes
ldap atrributes of user
-
ldapgroup: array
ldapgroup
ldap groups of the user
-
requestedauthlevel: integer
requested authn level of the user
-
resource: string
Resource requested by the user.
-
userAgent: string
user-agent string from the user request
-
userCookies: array
userCookies
Cookies present in the user access request.
Nested Schema : headers
Type:
array
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : ldapattributes
Type:
array
ldap atrributes of user
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : userCookies
Type:
array
Cookies present in the user access request.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : KeyValPair
Type:
object
Key-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
object
associated value.
Root Schema : schema
Type:
object
AuthnRequest contains user and context information to fetch challenges and initalize authn
Show Source
-
clientInfo(required): object
ClientInfo
Information about the calling service provider.
-
context(required): object
UserContext
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated. Default to 300 seconds (5 Mins)
-
userInfo: object
UserInfo
User information provided by the caller to identify the user in the system. This is an optional parameter.
Nested Schema : ClientInfo
Type:
object
Information about the calling service provider.
Show Source
-
clientId(required): string
Identifier of the client that uniquely identify the client
-
clientSecret(required): string
client secret that is used to validate the client
-
ctype: string
Provides the information regarding the mechanism available for user interaction.
Nested Schema : UserContext
Type:
object
Additional context that can be provided by the caller while calling the preferecences API including assurance level, cookies, header, ip address, resource urls, user agents etc.
Show Source
-
assuranceLevel: object
assuranceLevel
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
-
correlationId: string
transaction id provided by the challenge api if called previously.
-
customContext(required): object
CustomContext
Additional context present in the user request.
Nested Schema : UserInfo
Type:
object
User information provided by the caller to identify the user in the system. This is an optional parameter.
Show Source
-
groups: array
groups
The groups that user belongs to.
-
locale: string
The current locale of the user which will override preferred locale in user preference.
-
uniqueUserId: string
Immutable ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId(required): string
The user unique identitifer in the UAS system.
Nested Schema : assuranceLevel
Type:
object
requested assurance level by the end user. The field needs to be populated by service provider based on the requested resource.
Nested Schema : CustomContext
Type:
object
Additional context present in the user request.
Show Source
-
currentauthlevel: integer
current authentication level of the user, if any at the time of making the challenge request.
-
headers: array
headers
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
-
ipAddr(required): string
incoming ip address
-
ipforwarded: string
x-Forwarded-for from the user environment
-
ldapattributes: array
ldapattributes
ldap atrributes of user
-
ldapgroup: array
ldapgroup
ldap groups of the user
-
requestedauthlevel: integer
requested authn level of the user
-
resource: string
Resource requested by the user.
-
userAgent: string
user-agent string from the user request
-
userCookies: array
userCookies
Cookies present in the user access request.
Nested Schema : headers
Type:
array
Headers, if any, present in the user access request. The content will be provided as input for rule execution.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : ldapattributes
Type:
array
ldap atrributes of user
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : userCookies
Type:
array
Cookies present in the user access request.
Show Source
-
Array of:
object KeyValPair
Key-value pair which can be used generically.
Nested Schema : KeyValPair
Type:
object
Key-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
object
associated value.
Response
Supported Media Types
- application/xml
- application/json
200 Response
Success
Root Schema : AuthnResponse
Type:
object
The object describes the options available to end user for challenge otherwise also return the default challenge mechanism as per service provider.
Show Source
-
apiResponse: object
StatusInfo
Status of the fetch challenge info request. It contains the information required to process the user authentication request.
-
challengecontext: object
InitContext
-
challengeInfo: array
challengeInfo
A user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
-
challengeselectiontext: string
Message to be displayed to select one of multiple challenges
-
cookies: array
cookies
Cookies present in the user access request.
-
correlationId: string
transaction id provided by the challenge api. Also this field contains previous id used within the session to update store.
-
nonce: string
random string to identify the future request. This will change in each response and the lastest nonce is expected in the finalize call.
-
resource: string
The resource for which the access was requested. This will be returned only when the user is authenticated and no further challenge is needed.
Nested Schema : StatusInfo
Type:
object
Status of the fetch challenge info request. It contains the information required to process the user authentication request.
Show Source
-
code: integer
Code representing the challenge status.
-
message: string
Error message generated if the server is unable to process the request.
-
status(required): string
status of the fetch challenge info for user request. It will be one of the following authenticated/pending verification/pending identification/failed/error/missing registration/challenge blocked.
Nested Schema : InitContext
Type:
Show Source
object
-
factorAttributes: array
factorAttributes
-
factorKey: string
the name of the factor that is selected by end user.
-
failureURL: string
Resource where flow should be redirected to in case of failed challenge. Most times this will be URL of the finalizerChallenge.
-
groupId: string
Group Id or app-name as applicable for user.
-
requestParams: array
requestParams
-
successURL: string
Resource where flow should be redirected to in case of successful challenge.
-
timeToLiveInSec: integer
duration of the blocking call when initiating blocking call. After the duration, the blocking call will be invalidated.
-
uniqueUserId: string
Immutable ID of the user in the external systems. If this is present, then it takes precedence over userId + groupId combination.
-
userId: string
Unique identifier of the user. May be further qualified by groupId.
Nested Schema : challengeInfo
Type:
array
A user can be challenged in many ways, the object will contain all the possible ways a user can be authenticated. In case the user information is not available in the request, the Default challenge mechanism as per the service provider configuration will be present.
Show Source
-
Array of:
object FactorChallengeInfo
information required to process user request using the factors available to it will be present in the object.
Nested Schema : factorAttributes
Type:
Show Source
array
-
Array of:
object UserFactorAttribute
A map represented as an array of entries.
Nested Schema : requestParams
Type:
Show Source
array
-
Array of:
object KeyValPair_2
Key-value pair which can be used generically.
Nested Schema : UserFactorAttribute
Type:
object
A map represented as an array of entries.
Show Source
-
userAttributeName: string
Name of factor specific attribute for this user.
-
userAttributeValue: string
Value of factor specific attribute for this user.
Nested Schema : KeyValPair_2
Type:
object
Key-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
Content that needs to be provided.
Nested Schema : value
Type:
object
Content that needs to be provided.
Nested Schema : FactorChallengeInfo
Type:
object
information required to process user request using the factors available to it will be present in the object.
Show Source
-
displayOrder(required): integer
The order of display to user when multiple factors are present
-
factorContext(required): object
FactorContext
The context required by factor to process the user authentication request.
-
factorKey: string
key of the factor that can be used for registration.
-
factorName(required): string
name of the factor
-
factorUrl(required): string
URL of the factor
Nested Schema : FactorContext
Type:
object
The context required by factor to process the user authentication request.
Show Source
-
challengeAttrMap(required): array
challengeAttrMap
-
isSelected(required): boolean
if this is the selected option as per the user preference.
-
prompts(required): array
prompts
the display prompt will contain one or more prompts that can be further selected by user.
-
promptselectmessage: string
Message to select one of the challenge prompts.
Nested Schema : challengeAttrMap
Type:
Show Source
array
-
Array of:
object FactorAttribute
A map represented as an array of entries.
Nested Schema : prompts
Type:
array
the display prompt will contain one or more prompts that can be further selected by user.
Show Source
-
Array of:
object Prompt
Prompt the can be displayed to end user
Nested Schema : FactorAttribute
Type:
object
A map represented as an array of entries.
Show Source
-
factorAttributeName: string
Name of factor specific attribute.
-
factorAttributeValue: string
Value of factor specific attribute.
-
isValidated: boolean
If the given attribute is validated. Some attributes do not require validation hence this field is optional.
-
isVerified: boolean
is the given attribute is verified. Some attributes does not require verification hence this field is optional.
Nested Schema : Prompt
Type:
object
Prompt the can be displayed to end user
Show Source
-
challengeText: string
Message to be displayed on the challenge screen.
-
name: string
friendly name of the device or the prompt.
-
prompt: string
Masked device info.
-
prompttext: string
Message string that can be displayed to end user for selection.
-
requiredInputType: string
Enumeration of none/text/radio/checkbox/textarea/waitingpage
-
selected: boolean
if this particular prompt is selected.
-
validated: boolean
if the prompt is validated
-
verified: boolean
if the prompt is verified
Nested Schema : KeyValPair
Type:
object
Key-value pair which can be used generically.
Show Source
-
key(required): string
Key that can be used to fetch the related value.
-
value(required): object
value
associated value.
Nested Schema : value
Type:
object
associated value.
400 Response
if the authn request failed due to validation of parameters.