User Administration

The user administration functions allow managing user's authenticators.

Mandatory Server Settings

ORG_ADMIN_USERNAME

<Org admin user of HID Authentication Service Tenant>

(e.g., john.doe@abcorg.com)

ORG_ADMIN_PASSWORD

<Password for the Org admin user>

(e.g., Password01)

KONY_APP_KEY

<App key of the fabric application>

(e.g., h728h89031832jdy9292)

KONY_APP_SECRET

<App secret of the fabric application>

(e.g., 89bv2894673792003jy2)

PASSWORD_AUTHTYPE

<Static Password Authenticator>

(e.g., AT_STDPWD)

View Sample Server Settings

User Administration Component Functions

No public function is exposed. All the functions are called from the UI provided with the component.

Method Name Prerequisites Input Parameters Events Purpose

login

None

Username,

Password

OnValidatePasswordSuccess,

onValidatePasswordFailure

Perform administrator login.

resetPassword

None

Username

OnResetPasswordSuccess,

onResetPasswordFailure

Reset login fail count if it exceeds threshold.

viewAuthenticators

None

Username

OnViewAuthenticatorsSuccess,

onViewAuthenticatorsFailure

Display authenticators of users.

enableDisableAuthenticator

viewAuthenticators

Username,

Status,

AuthType,

active

OnEnableDisableSuccess,

onEnableDisableFailure

Enable or disable authenticator for user.

User Administration Processors

Processor code will be hidden and it will be attached to integration or orchestration services. For more details see HID User Administration Processors.

HID User Administration Processors

Names Description Used by (ServiceName-Operation)

SearchUserPreProcessor

If "authType" is "STD_PWD", takes the value from the configuration properties of "PASSWORD_AUTHTYPE", or else takes the actual value and will set to request.

UserAdministration - SearchUser

SearchUserPostProcessor

Processes the output of the SearchUser API and adds an error flag to the request if noUserRecords, if userActive empty or with the FALSE flag. If the "authType" present in request is not available in authenticator (results of SearchUser), then updates the "AuthExists" flag to false. If present, updates as true.

UserAdministration - SearchUser

GetAuthenticatorPreProcessor

Pre-processes the output of SearchUser and checks userExists or AuthExists. If anything is not present, adds the appropriate errorMessage to the request. If no error, then adds userid and authType to the request.

UserAdministration - getAuthenticator

GetAuthenticatorPostProcessor

Processes the output and gets "consecutiveFailed", then adds the same to the request. If there is any error, "sequenceFailed" is true.

UserAdministration - getAuthenticator

GetpasswordPolicyPreProcessor

Pre-processes the output of "GetAuthenticatorPostProcessor", if did not get "consecutiveFailed" then adds an error message "Consecutive failed is empty". If the value is present, then adds "authType" and "consecutiveFailed" to the request(Input Map).

UserAdministration - getPasswordPolicy

GetpasswordPolicyPostProcessor

Processes the output of "GetPasswordPolicy", then keeps the value of "disableThreshold" in the request. If there is any error, "sequenceFailed" is true.

UserAdministration - getPasswordPolicy

ResetAuthFailCountPreProcessor

Gets "authType", "userid", "consecutiveFailed", "disableThreshold" from the request. If consecutiveFailed != disableThreshold, adds an error message "Account Not locked", sets "sequenceFailed" flag to true. If no error, adds "authType", "userid" to the request(inputMap).

UserAdministration - resetAuthFailCount

ResetAuthFailCountPostProcessor

Processes the output and if any error, keeps in details in "errorMsgDetail". If no error, sets OpStatus to 0 and updates status as true.

UserAdministration - resetAuthFailCount

PasswordResetOrchPostProcessor

Checks if the "sequenceFailed" flag in the request is true, adds an error Message.

ResetPassword (Orchestration)

GetAuthenticatorsLoopingPostProcessor

This is the orchestration service of the "getAuthenticator" integration service. If there are any eerors, adds them to an error message.

AuthenticatorOrchServices - getAuthenticatorLooping(Orchestration)

GetAuthenticatorsLoopingOrchPostProcessor

Processes the output of "SearchUserEnableDisableAuthenticator" and "getAuthenticatorLooping". If there are any erros in the respective processors, adds an error message.

EnableDisableAuthenticator - DisplayAuthenticators (Orchestration)

SearchUserEnableDisablePostProcessor

Processes the output of "SearchUserEnableDisableAuthenticator" and adds an error flag to request if noUserRecords, if userActive empty or with the FALSE flag. If no authenticators are present for user, gives the "No Authenticators found" error message. If authenticators found, takes a count into "loop_count", concatenates all authenticators into single string and adds it to the result.

EnableDisableAuthenticator - DisplayAuthenticators

Note: The .jar for the processor code is HIDUserAdminProcessor.jar.

User Administration Services

Object Services

ServiceName DataModel Mapping Purpose InputParams

HIDUserAdministration

ResetPassword

ResetPassword

Reset login fail count

authType, Filter(UserName)

HIDUserAdministration

GetAuthenticatorsLooping

GetAuthenticatorsLooping

Display authenticator

filter (username)

HIDUserAdministration

DoEnableDisableAuthenticator

DoEnableDisableAuthenticator

Enable/disable authenticator

active, authType, status, userId

HID Fabric Services

Names Operation Name Service Type Description

OrgAdminScim

Login

Identity

Performs admin login.

UserAdministration

SearchUser

Integration

Searches for a user.

UserAdministration

getAuthenticator

Integration

Gets the Authenticator details of the user.

UserAdministration

getPasswordPolicy

Integration

Provides details of the password policy.

UserAdministration

resetAuthFailCount

Integration

Resets the password fail count to 0.

ResetPassword

ResetPassword

Orchestration

 

UserAdministration

SearchUserEnableDisableAuthenticator

Integration

Searches for a user.

AuthenticatorServices

getAuthenticator

Integration

Gives the authenticator details.

AuthenticatorOrchServices

getAuthenticatorLooping

Orchestration

Orchestration for getAuthenticator

EnableDisableAuthenticator

DisplayAuthenticators

Orchestration

Orchestration for "SearchUserEnableDisableAuthenticator" and "getAuthenticatorLooping".

UserAdministration

enableDisableAuthenticator

Integration

Enables or disables an authenticator.