RapidIdentity Product Guide: New UI

Portal Challenge Authentication Method

If Federation calls out to retrieve the challenge set from Portal and challenge questions are either out of date or not setup, Federation will initiate the Portal challenge authentication setup.

Here is an example setup response from the server indicating that Portal challenge authentication setup is required as the next step:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "portalChallenge",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "step": {
    "type": "setup",
    "challengeSetup": {
      "targetId": "",
      "challengePolicy": {
        "id": "",
        "name": "",
        "noChallenge": false,
        "adminQuestions": [
          {
            "required": true,
            "question": "What is your favorite color"
          },
          {
            "required": true,
            "question": "What is your mother's maiden name"
          }
        ],
        "minAdminQuestionPoolSize": 2,
        "allowUserDefinedQuestions": true,
        "minUserQuestionPoolSize": 0,
        "maxUserQuestionPoolSize": 255,
        "minQuestionLength": 3,
        "maxQuestionLength": 255,
        "minAnswerLength": 3,
        "maxAnswerLength": 255,
        "numAdminAnswersForAuth": 2,
        "numUserAnswersForAuth": 0,
        "numHelpdeskQuestions": 0,
        "restrictWordsFromQuestion": false,
        "canSkipSetup": false,
        "enforceUniqueAnswers": true
      },
      "adminQuestions": [
        {
          "required": true,
          "question": "What is your favorite color"
        }
      ],
      "userQuestions": [],
      "helpdeskQuestions": []
    },
    "passwordRequired": false
  }
}

Note that the value of the type property is portalChallenge and the step type is setup.

In addition to sending the standard id, type, and step properties with the next request, answers must be provided for all values in the challengeQuestions array from the server response:

POST /idp/ws/rest/authn HTTP/1.1 
Content-Type: application/json 
Accept: application/json
{
  "type": "portalChallenge",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "step": {
    "type": "setup",
    "adminQuestions": [
      {
        "question": "What is your favorite color",
        "answer": "cyan"
      },
      {
        "question": "What is your mother's maiden name",
        "answer": "smith"
      }
    ],
    "userQuestions": [],
    "helpdeskQuestions": []
  }
}
Challenge:

If Federation calls out to retrieve the challenge set from Portal and challenge questions valid, Federation will initiate the Portal challenge authentication setup.

Here is an example challenge response from the server indicating that Portal challenge authentication is required as the next step:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "portalChallenge",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "step": {
    "type": "challenge",
    "challengeQuestions": [
      "What is your favorite color",
      "What is your mother's maiden name"
    ]
  }
}

Note that the value of the type property is portalChallenge and the step type is challenge.

In addition to sending the standard id, type, and step properties with the next request, a correct answer must be provided for all values in the challengeQuestions array from the server response:

POST /idp/ws/rest/authn HTTP/1.1 
Content-Type: application/json 
Accept: application/json
{
  "type": "portalChallenge",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "step": {
    "type": "challenge",
    "questionsAndAnswers": [
      {
        "question": "What is your favorite color",
        "answer": "cyan"
      },
      {
        "question": "What is your mother's maiden name",
        "answer": "smith"
      }
    ]
  }
}
Errors

If Federation calls out to retrieve the challenge set from Portal and that request fails, either because Portal could not be contacted or the user's password could not be retrieved from the directory, the authentication process will immediately fail. It will look something like this:

HTTP/1.1 200 OK 
Content-Type: application/json
{
  "type": "fail",
  "id": "931c4a40-2dc9-11e6-937b-005056c00008",
  "error": {
    "type": "simple",
    "message": "Failed to retrieve a Portal challenge"
  }
}