RapidIdentity Product Guide: New UI

RapidIdentity Authentication API Guides

There are three main API calls involved in the Modular Authentication API.

Table 283. API Endpoints

Endpoint

Description

GET /idp/ws/rest/authn/krb

Attempt to initialize the process with Kerberos SSO. See Kerberos.

GET /idp/ws/rest/authn

Initialize the authentication process and receive the initial authentication step. See Initialization.

POST /idp/ws/rest/authn

Submit an authentication step and receive the next step.



Each response from the server and associated request from the client is a JSON object which has at the very minimum a type and id field.

In a response from the server, the type field indicates the next authentication method required to proceed.

The id field is an opaque value which has no meaning in-and-of-itself.  All requests from the client should contain the same id value which was previously included in the response from the server.

During the authentication process, the server currently maintains session data using the Java HttpSession mechanism and this is bound to a particular client using a HTTP Cookie. This implies that the client must support cookies in order to use RapidFederation Modular Authentication.

The Authentication API Consumer allows access to all of the API endpoints listed in the table below.

Authentication Method API

Details

Username

This API should be used to identify a user by "username" and receive the idautoID of that user.

QR Code

This API should be used to identify a user by QR code and receive the idautoID of that user.

OTP

This API should be used to authenticate a user by OTP code.

Pictograph

This API should be used to authenticate a user by Pictograph code.

Pictograph authentication requires the client to first request a "challenge set" from the server. The response contains various inner and outer arrays. The inner arrays include objects that represent a set of images to be used to challenge the user, along with the valid choice for the user. The outer array contains "n" inner arrays where "n" is also the number of choices the user must answer correctly.

Important

When the client requests the Pictograph challenge for a particular user, the response will include a "cookie" string. This value must be included in the next request that includes the list of selected image IDs to successfully complete a Pictograph authentication.

PingMe

This API should be used to authenticate a user by PingMe code.

PingMe authentication is performed by first requesting the server send a PingMe notification to all of the target user's registered devices and then polling for the response.

Proximity Card

This API should be used to identify a user by proximity card (contactless smart card) and receive the idautoID of that user.

Exchange

The Exchange API may be used by the client to exchange claims previously received on behalf of an authenticating user.