User Administration
The user administration functions allow managing user's authenticators.
| Mandatory Server Settings |
ORG_ADMIN_USERNAME |
<Org admin user of HID Authentication Service Tenant> (e.g., john.doe@abcorg.com) |
|---|---|---|
|
ORG_ADMIN_PASSWORD |
<Password for the Org admin user> (e.g., Password01) |
|
|
KONY_APP_KEY |
<App key of the fabric application> (e.g., h728h89031832jdy9292) |
|
|
KONY_APP_SECRET |
<App secret of the fabric application> (e.g., 89bv2894673792003jy2) |
|
| Optional Server Settings | PASSWORD_AUTHTYPE | If the input is not AT_STDPWD, takes the input itself, or else takes AT_STDPWD. |
User Administration Component Functions
No public function is exposed. All the functions are called from the UI provided with the component.
| Method Name | Prerequisites | Input Parameters | Events | Purpose |
|---|---|---|---|---|
|
login |
None |
Username, Password |
OnValidatePasswordSuccess, onValidatePasswordFailure |
Perform administrator login. |
|
resetPassword |
None |
Username |
OnResetPasswordSuccess, onResetPasswordFailure |
Reset login fail count if it exceeds threshold. |
|
viewAuthenticators |
None |
Username |
OnViewAuthenticatorsSuccess, onViewAuthenticatorsFailure |
Display authenticators of users. |
|
enableDisableAuthenticator |
viewAuthenticators |
Username, Status, AuthType, active |
OnEnableDisableSuccess, onEnableDisableFailure |
Enable or disable authenticator for user. |
User Administration Processors
Processor code will be hidden and it will be attached to integration or orchestration services. For more details see HID User Administration Processors.
HID User Administration Processors
| Names | Description | Used by (ServiceName-Operation) |
|---|---|---|
|
SearchUserPreProcessor |
If "authType" is "STD_PWD", takes the value from the configuration properties of "PASSWORD_AUTHTYPE", or else takes the actual value and will set to request. |
UserAdministration - SearchUser |
|
SearchUserPostProcessor
|
Processes the output of the SearchUser API and adds an error flag to the request if noUserRecords, if userActive empty or with the FALSE flag. If the "authType" present in request is not available in authenticator (results of SearchUser), then updates the "AuthExists" flag to false. If present, updates as true. |
UserAdministration - SearchUser |
|
GetAuthenticatorPreProcessor |
Pre-processes the output of SearchUser and checks userExists or AuthExists. If anything is not present, adds the appropriate errorMessage to the request. If no error, then adds userid and authType to the request. |
UserAdministration - getAuthenticator |
|
GetAuthenticatorPostProcessor |
Processes the output and gets "consecutiveFailed", then adds the same to the request. If there is any error, "sequenceFailed" is true. |
UserAdministration - getAuthenticator |
|
GetpasswordPolicyPreProcessor |
Pre-processes the output of "GetAuthenticatorPostProcessor", if did not get "consecutiveFailed" then adds an error message "Consecutive failed is empty". If the value is present, then adds "authType" and "consecutiveFailed" to the request(Input Map). |
UserAdministration - getPasswordPolicy |
|
GetpasswordPolicyPostProcessor |
Processes the output of "GetPasswordPolicy", then keeps the value of "disableThreshold" in the request. If there is any error, "sequenceFailed" is true. |
UserAdministration - getPasswordPolicy |
|
ResetAuthFailCountPreProcessor |
Gets "authType", "userid", "consecutiveFailed", "disableThreshold" from the request. If consecutiveFailed != disableThreshold, adds an error message "Account Not locked", sets "sequenceFailed" flag to true. If no error, adds "authType", "userid" to the request(inputMap). |
UserAdministration - resetAuthFailCount |
|
ResetAuthFailCountPostProcessor |
Processes the output and if any error, keeps in details in "errorMsgDetail". If no error, sets OpStatus to 0 and updates status as true. |
UserAdministration - resetAuthFailCount |
|
PasswordResetOrchPostProcessor |
Checks if the "sequenceFailed" flag in the request is true, adds an error Message. |
ResetPassword (Orchestration) |
|
GetAuthenticatorsLoopingPostProcessor |
This is the orchestration service of the "getAuthenticator" integration service. If there are any eerors, adds them to an error message. |
AuthenticatorOrchServices - getAuthenticatorLooping(Orchestration) |
|
GetAuthenticatorsLoopingOrchPostProcessor |
Processes the output of "SearchUserEnableDisableAuthenticator" and "getAuthenticatorLooping". If there are any erros in the respective processors, adds an error message. |
EnableDisableAuthenticator - DisplayAuthenticators (Orchestration) |
|
SearchUserEnableDisablePostProcessor |
Processes the output of "SearchUserEnableDisableAuthenticator" and adds an error flag to request if noUserRecords, if userActive empty or with the FALSE flag. If no authenticators are present for user, gives the "No Authenticators found" error message. If authenticators found, takes a count into "loop_count", concatenates all authenticators into single string and adds it to the result. |
EnableDisableAuthenticator - DisplayAuthenticators |
User Administration Services
Object Services
| ServiceName | DataModel | Mapping | Purpose | InputParams |
|---|---|---|---|---|
|
HIDUserAdministration |
ResetPassword |
ResetPassword |
Reset login fail count |
authType, Filter(UserName) |
|
HIDUserAdministration |
GetAuthenticatorsLooping |
GetAuthenticatorsLooping |
Display authenticator |
filter (username) |
|
HIDUserAdministration |
DoEnableDisableAuthenticator |
DoEnableDisableAuthenticator |
Enable/disable authenticator |
active, authType, status, userId |
HID Fabric Services
| Names | Operation Name | Service Type | Description |
|---|---|---|---|
|
OrgAdminScim |
Login |
Identity |
Performs admin login. |
|
UserAdministration |
SearchUser |
Integration |
Searches for a user. |
|
UserAdministration |
getAuthenticator |
Integration |
Gets the Authenticator details of the user. |
|
UserAdministration |
getPasswordPolicy |
Integration |
Provides details of the password policy. |
|
UserAdministration |
resetAuthFailCount |
Integration |
Resets the password fail count to 0. |
|
ResetPassword |
ResetPassword |
Orchestration |
|
|
UserAdministration |
SearchUserEnableDisableAuthenticator |
Integration |
Searches for a user. |
|
AuthenticatorServices |
getAuthenticator |
Integration |
Gives the authenticator details. |
|
AuthenticatorOrchServices |
getAuthenticatorLooping |
Orchestration |
Orchestration for getAuthenticator |
|
EnableDisableAuthenticator |
DisplayAuthenticators |
Orchestration |
Orchestration for "SearchUserEnableDisableAuthenticator" and "getAuthenticatorLooping". |
|
UserAdministration |
enableDisableAuthenticator |
Integration |
Enables or disables an authenticator. |
