Professional Documents
Culture Documents
Authentication Process
Manager
Web Service Specification
Version 2.5
March 2013
Revision: 8707
Table of Contents
Contact Us...........................................................................................................2
Preface.................................................................................................................3
Typographic Conventions.....................................................................................4
Overview of Product Features..............................................................................5
APM Methods.......................................................................................................6
preValidateUser...............................................................................................6
validateUser.....................................................................................................9
validateVerificationCode................................................................................14
createPattern.................................................................................................16
getVersion......................................................................................................19
saveWorkstationLog.......................................................................................20
For More Information.........................................................................................21
Appendix I Message Codes.............................................................................22
Appendix II End User License Agreement.......................................................25
Contact Us
Copyright 2013, AuthenWare Corporation and/or its affiliates. All rights
reserved.
This software and related documentation are protected by intellectual
property laws and provided under an End User License Agreement which
contains restrictions on use and disclosure. Except as expressly permitted
in your End User License Agreement or allowed by law, you may not use,
reproduce, copy, license, translate, modify, distribute, broadcast,
transmit, publish, perform, exhibit, or display any part, in any form, by
any means. Disassembly, decompilation, or reverse engineering of this
software, unless required by law for interoperability, is prohibited.
Please click here to view the End User License Agreement.
The information contained herein is subject to change without notice and
is not warranted to be error-free. If you find any errors, please report
them to us in writing.
This software is developed for multi-factor authentication. It is not
developed or intended to be a fail-safe software authentication
application. You shall be responsible to take all appropriate measures to
secure your data and and systems. AuthenWare Corporation and its
affiliates disclaim any liability for any consequential damages caused by
the use of this software application.
Preface
Audience: This manual is intended for programmers needing
information about the Authenware Authentication Process Manager (APM)
Web Service.
Overview: This document is intended to explain the methods used in the
Authenware APM Web Service. It is not a configuration guide, nor is it a
user guide. For information outside the scope of this manual, please refer
to the Related Documents section to find a guide that better meets your
needs.
Related Documents:
A_pxy_01_Authenware Authentication Process Manager Installation
A_pxy_02_Authenware Authentication Process Manager SSL
Implementation Guide
A_pxy_03_Authenware Authentication Process Manager User Guide
A_pxy_05_Authenware Authentication Process Manager Configuration
Guide
Summary:
The Authenware APM Web Service uses six main methods:
preValidateUser, validateUser, validateVerificationCode, createPattern,
Typographic Conventions
This document uses the following typographic conventions:
Type of Font
Used For:
Example
Consolas, 11 point,
gray
Method names
validateUser
Method invocations
String getVersion()
File names
Attribute names
APM Methods
The methods detailed here are provided by the Authenware APM server.
All methods are described below, along with details regarding their
invocation, input parameters, attributes, and output data.
preValidateUser
The preValidateUser method indicates whether or not the user exists, if
the user is trained and if the user has been validated within the last N
days, where N is set in the parameter minimumTrainingFrequency. [See
Authenware Authentication Process Manager Configuration Guide].
This method also returns the category and the name of the user's
device and whether or not it is supported by the Authenware technology.
Finally, this method returns the active verification code (OTP) if any and a
list of the user's patterns, including information such as pattern name,
creation date, if trained, etc.
Invocation
PreValidateUserOut preValidateUser(User user, Field field,
Property[] properties)
Input Parameters
user User: Represents the user to be authenticated in the
needs to
be authenticated.
administration portal.
properties Property[]: Establishes the properties necessary for the
pre-validation of the user. They could be sent and are as follows in the
table below.
Attributes:
table
below.
value String: Value of the property.
Property (name)
userEmail
userAgent
deviceCategory
device
patternName
Output Data
preValidateUserOut PreValidateUserOut:
userTrained
patternName
deviceCategory
device
userPattern
name String: Name of the action, from the list in the table
below.
# Possible Action
Description
loginUser
denyAccess
requestTraining
validateUser
Authenware APM. Each one has a code that uniquely identifies the
message and of what type it is. [See message code reference guide
(Appendix I).]
validateUser
The validateUser method allows the biometric validation of the user's
login, keeping in mind the user's group. It will create a user in the
Authenware Server if necessary, and will indicate that the user's pattern
needs to be trained.
It also verifies that the user's credentials have not changed since the last
valid entry; if they have changed, the method will request a retraining of
the pattern.
10
Invocation
ValidateUserOut validateUser(User user, Field field, String
signature, Property[] properties)
Input Parameters
user User: Represents the user to be authenticated in the
needs to be authenticated.
administration portal.
signature String: Authenware signature coming from the user's
interface (where the observed fields are) captured by the client's API
(Ex: API Client Mozilla Firefox.js) in JSON format.
validation of the user. They must all be sent and are as follows:
Attributes:
11
table below.
12
Property (name)
ip
isp
securityLevel
userGroup
userTrainingGroup
userPassword
userEmail
userCellPhone
13
device
patternName
splitOtp
Output Data
validateUserOut ValidateUserOut:
result boolean: Indicates whether the validateUser action was done
14
rate
otp
15
# Possible Action
Description
loginUser
denyAccess
requestTraining
requestQuickTraining
Note: the data included in statisticals will not be returned in the case
that the next action is of the type requestVerificationCode.
16
validateVerificationCode
When someone tries to enter the system with the correct credentials (Ex.
correct username and password) but their biometric pattern is not
correct, the Authenware APM (through the validateUser method) will
deny access and he will have to try again.
If the user accumulates N false tries (N is the parameter
NumberOfFailuresAllowed [See Authenware Authentication Process Manager
Invocation
ValidateVerificationCodeOut validateVerificationCode (User
user, Field field, String code)
Input Data
user User: Represents the user to be authenticated in the
17
needs to be authenticated.
name String: Name of the field as specified in the
administration portal.
code String: Alphanumeric code (OTP or One-Time Password) that
must be validated.
Output Data
ValidateVerificationCodeOut ValidateVerificationCodeOut:
result boolean: Indicates whether the action of validating the
the user validation. In the case that the correct validation code was
entered, the obtained properties are:
rate
18
# Possible Action
Description
loginUser
denyAccess
requestTraining
requestQuickTraining
requestNewPattern
Authenware APM. Each one has a code that uniquely identifies the
message and of what type it is. [See message code reference guide
(Appendix I).]
createPattern
This method is used to create a complete or partial biometric pattern, or
a completely new pattern for those users who already had an established
pattern.
19
Invocation
CreatePatternOut createPattern (User user, Field field,
String[] signatures, Property[] properties)
Input Data
user User: Represents the user who wants to create a pattern. Each
user is defined by his username (Ex. jperez) and the number of the
organization to which he belongs. This number is reserved for future
use and its value should be set to 1 (one).
Attributes:
Attributes:
needs to be authenticated.
administration portal.
signature String[]: Group of Authenware signatures coming from the
20
creation of the pattern. All must be sent, and are as follows in the
table below.
Attributes:
Property (name)
ip
isp
securityLevel
userEmail
userPassword
device
patternName
Output Data
createPatternOut CreatePatternOut:
result boolean: Indicates whether the action of creating the pattern
21
# Next Action
Description
loginUser
denyAccess
Authenware APM. Each one has a code that uniquely identifies the
message and of what type it is. [See message code reference guide
(Appendix I).]
getVersion
This method allows you to find out with which version of Authenware APM
you are interacting.
Invocation
String getVersion()
22
Output Data
version String: Indicates the version of Authenware APM.
saveWorkstationLog
This method is used to save the logs generated in workstations to the the
Authenware APM Server database.
Invocation
SaveWorkstationLogOut saveWorkstationLog(String
workstationIp, String workstationLog)
Input Data
workstationIp String: IP address of the workstation to which the log
belongs.
workstationLog String: Contains log's entries. Each one should have
23
Output Data
saveWorkstationLogOut SaveWorkstationLogOut:
result boolean: Indicates whether the action of saving workstation
Authenware APM Server. Each one has a code that uniquely identifies
the message and of what type it is. [See message code reference
guide later in this document.]
24
25
26
CODE
TYPE
ERROR
1001
1002
1003
4001
4002
4003
4004
4005
4006
4007
4008
4009
4010
4012
4013
4014
4015
4016
4023
4030
4031
4032
4033
4034
4035
4036
4040
4041
MESSAGE
27
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
WARNIN
G
6002
ERROR
8000
8001
8002
ERROR
ERROR
ERROR
8003
ERROR
8004
ERROR
8005
ERROR
9010
ERROR
9020
ERROR
9022
ERROR
TYPE
10001
10002
10003
10004
10006
10007
10008
INFO
INFO
INFO
INFO
WARNIN
G
ERROR
ERROR
ERROR
10009
ERROR
10010
ERROR
10005
MESSAGE
The user will be controlled by Authenware Server.
The user did not exist in Authenware Server.
The user was created in Authenware Server successfully.
The user will not be controlled by Authenware Server.
The user should train again because his credentials were
modified.
The verification code is incorrect.
The number of signatures is incorrect.
Error while accessing the Authenware Server service.
Error initializing the Authenware APM Server. Please check
the parameter file, database connection and Core
connection.
Error while creating the user.
28
10017
10018
10019
10020
ERROR
ERROR
ERROR
ERROR
WARNIN
G
WARNIN
G
ERROR
ERROR
ERROR
ERROR
10021
INFO
10022
10023
10024
10025
10026
10027
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
10028
ERROR
10029
10030
ERROR
ERROR
10031
ERROR
10032
ERROR
10033
10034
10035
10036
10037
10038
10039
10040
10041
10099
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
ERROR
10015
10016
29
30
Limitation of Liability.
LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE FOR DAMAGES FOR ANY CAUSE
RELATED TO OR ARISING OUT OF THIS AGREEMENT, WHETHER IN CONTRACT, NEGLIGENCE OR TORT, IN AN
AMOUNT THAT EXCEEDS THE TOTAL PORTION OF THE LICENSE FEES PAID BY LICENSEE TO LICENSOR
DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRIOR TO THE EVENT WHICH GAVE RISE TO SUCH
DAMAGES HEREUNDER. LICENSOR (AND ITS LICENSORS) SHALL NOT BE LIABLE TO LICENSEE UNDER ANY
LEGAL THEORY, WHETHER IN AN ACTION BASED ON A CONTRACT, TORT (INCLUDING NEGLIGENCE AND
STRICT LIABILITY) OR ANY OTHER LEGAL THEORY, HOWEVER ARISING, FOR ANY INCIDENTAL, SPECIAL,
EXEMPLARY OR CONSEQUENTIAL DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES RESULTING FROM
LOST PROFITS, INTERRUPTION OF BUSINESS, LOSS OF DATA OR PROGRAMS, LOSS OF USE OF COMPUTER
31
8
Early Termination. A party may terminate this Agreement: (a) by giving notice to the other party if
the other party materially breaches the Agreement (which shall include, without limitation, failure by Licensee
to make timely payments hereunder) and fails to cure such breach within 30 days of written notice thereof; or
(b) if the other party ceases to conduct business, becomes or is declared insolvent or bankrupt, is the subject
of any proceeding relating to its liquidation or insolvency which is not dismissed or stayed within ninety (90)
days or makes a general assignment for the benefit of its creditors.
9
Effects of Termination. Upon termination of this Agreement: (a) Licensees right to use the
Software shall automatically terminate; and (b) both parties will return or destroy the originals and all full or
partial copies of the Confidential Information of the other party (including any Software in Licensees
possession) and any other materials furnished hereunder within ten (10) days and, at the request of the other
party, shall certify in writing that all such materials have been returned or destroyed.
10.
General Provisions.
10.1
Export. Licensee shall comply with all then current Export Laws and Regulations of the United
States Government pertaining to the Software. Licensee hereby certifies that it will not directly or indirectly,
export, re-export, or transship the Software or related information, media, or products in violation of United
States laws, rules, and regulations.
10.2
Attorneys Fees. In addition to any other relief awarded, the prevailing party in any action arising
out of this Agreement will be entitled to its reasonable attorneys fees and costs.
10.3
Entire Agreement; Amendments. This Agreement, including any all Exhibits attached hereto and
agreements, policies and programs reference herein, constitutes the entire agreement between the parties with
respect to the subject matter contained herein and supersedes all prior proposals, agreements, negotiations,
correspondence, understandings, and other communications, whether written or oral, between Licensor and
Licensee. There are no promises, covenants or undertakings other than those expressly set forth herein. This
Agreement may not be modified except in writing signed by authorized representatives of Licensor and
Licensee. The parties agree that facsimile signatures of authorized representatives of the parties on this
Agreement will be binding.
10.4
Injunctive Relief. The parties agree that money damages will be inadequate in the event of a breach
of Section 3, 4 and 5 of this Agreement and that the non-breaching party shall be entitled to injunctive relief in
the event of such a breach without the necessity of posting a bond.
10.5
Discontinuation of Software or Support Services. Licensor reserves the right to discontinue supply
of any or all Software or to discontinue renewing the Support Services in the event Licensor (or its licensors)
generally discontinues active distribution of any or all of the Software or active provision of the Support
Services.
10.6
Force Majeure. Neither party shall be in default for, or held responsible for damages caused by
delay or failure to perform in full or in part its obligations under this Agreement (other than payment
obligations) where such delay or failure is due to circumstances, such as fires, strikes, acts of God or acts of
terrorism, which are beyond the control of the party.
10.7
Choice of Law and Forum. This Agreement shall be governed by, and construed in accordance
with, the laws of the State of Florida without reference to conflicts of laws rules, which would require
application of another substantive law. The United Nations Convention on Contracts for the International Sale
of Goods is specifically excluded from application to this Agreement. All disputes arising out of or relating to
this Agreement may only be brought in the state or federal courts located in Florida, and the parties hereby
agree and submit to the personal and exclusive jurisdiction and venue of these courts.
10.8
Third Party Beneficiary. Licensee agrees that Licensors licensors are intended to be third party
beneficiaries of this Agreement. Such licensors may bring direct action against Licensee for the breach of the
terms hereof that relate to the software or other materials provided by such licensors.
10.9
Verification. Licensee agrees that Licensor (or its licensors) may, upon five (5) business days prior
written notice, enter Licensees premises to verify Licensees compliance with the provisions of this
Agreement. Licensors inspections shall: (i) be limited to one annual inspection (unless Licensor believes that
it has just cause for multiple inspections); (ii) take place during Licensees normal business hours; and (iii)
involve inspection of only those records pertaining to the Licensor Software including copy locations. If
Licensee is found not to be in substantial compliance with this Agreement, Licensee shall pay the reasonable
32
YOU MUST READ THIS ENTIRE AUTHENWARE END USER SOFTWARE LICENSE AGREEMENT
("LICENSE AGREEMENT") CAREFULLY BEFORE ACCEPTING OR INSTALLING THIS APPLICATION.
IF YOU DO NOT AGREE TO THE TERMS OF THIS LICENSE AGREEMENT, YOU AGREE NOT TO
INSTALL. BY CLICKING "I ACCEPT" OR BY INSTALLING YOU AGREE TO BECOME A PARTY TO, AND
BE BOUND BY, THE TERMS OF THIS LICENSE AGREEMENT AND THIS LICENSE IS ENTERED INTO
BETWEEN AUTHENWARE CORPORATION AND THE ORGANIZATION EXECUTING THIS LICENSE
AGREEMENT ("YOU" AND "YOUR").
33