Symantec Access Management

  • 1.  Webfort GetOTP and FetchOTP

    Posted 05-19-2018 10:32 AM

    Can anyone explain the difference between below functions called by AFM to Webfort?

     

    1) FetchSecAuthOTPTask
    2) GetOTPTask

     

    In FetchOTP task, Webfort is fetching the creds and giving the response the AFM.

     

    In GetOTP task, webfort is again fetching the OTP, creating the creds and inserting it into the database and then sending the response to the AFM. 

     

    So, if GetOTP is fetching the OTP then why FetchSecAuthOTPTask is required?

     

    Sequence of queries ran by Webfort for both the operation(in webfort debug logs):

     

    FetchSecAuthOTPTask:

     

    05/07/18 22:18:15.265 DEBUG TXN_NATIVE   -282068112 00056170 - Query[OTPQuery_FetchRowByUser]-ID[ARWFOTP_SELECT_BY_USER]:[SELECT USERREFID, ORGNAME, DMDV, CREDID, USAGETYPE, VALIDITYSTARTDATE, VALIDITYENDDATE, DISABLESTARTDATE, DISABLEENDDATE, STRIKECOUNT, LASTSTRIKEDATE, LASTSUCCESSDATE, DATECREATED, DATEMODIFIED, NOTES, PROFILENAME, PROFILEVERSION, CREDSTATUS, USAGECOUNT, USAGECOUNTLIMIT, TRANSALGO, SUPHANDLER, PASSWORD FROM ARWFOTP WHERE ( USERREFID=? AND USAGETYPE=? )]

     

    05/07/18 22:18:15.275 DEBUG TXN_NATIVE   -282068112 00056170 - Query[ArWFIssuanceAuditLogQuery_Insert]-ID[ARWFISSUANCEAUDITLOG_INSERT]:[INSERT INTO ARWFISSUANCEAUDITLOG (DMDV, DCBN, RESPONSECODE, REASONCODE, CLIENTIPADDRESS, CALLERID, PROTOCOLID, PROTOCOLVERSION, USERAGENT, REFERRER, CLIENTSESSIONID, IP, TXNID, UDSTXNID, INSTANCENAME, OPERATIONID, LOCALE, RESPONSETIME, DATECREATED, ASSOCIATIONVERSION, ADDITIONALINFOINTERNAL, ADDITIONALINFOEXTERNAL, USERREFID, ORGNAME, USERNAME, ACTTYPE, ACTID, INUSERID, USAGETYPE, CREDID, CREDTYPE, CREDSTATUS, STRIKECOUNT, USAGECOUNT, USAGECOUNTLIMIT, VALIDITYSTARTDATE, VALIDITYENDDATE, PARAMNAME, PROFILENAME, PROFILEVERSION, NEWCREDID, PREISSUANCEEVENT, PREISSUANCEMODULENAME, PREISSUANCEMODULETYPE, PREISSUANCEEVENTRESULT, PREISSUANCEEVENTTXNID, PREISSUANCEEVENTMESSAGE, PROCISSUANCEEVENT, PROCISSUANCEMODULENAME, PROCISSUANCEMODULETYPE, PROCISSUANCEEVENTRESULT, PROCISSUANCEEVENTTXNID, PROCISSUANCEEVENTMESSAGE, POSTISSUANCEEVENT, POSTISSUANCEMODULENAME, POSTISSUANCEMODULETYPE, POSTISSUANCEEVENTRESULT, POSTISSUANCEEVENTTXNID, POSTISSUANCEEVENTMESSAGE) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)]

     

     

    GetOTPTask:

     

    05/07/18 22:18:15.444 DEBUG TXN_NATIVE   -282068112 00056171 - Query[OTPQuery_FetchRowByUser]-ID[ARWFOTP_SELECT_BY_USER]:[SELECT USERREFID, ORGNAME, DMDV, CREDID, USAGETYPE, VALIDITYSTARTDATE, VALIDITYENDDATE, DISABLESTARTDATE, DISABLEENDDATE, STRIKECOUNT, LASTSTRIKEDATE, LASTSUCCESSDATE, DATECREATED, DATEMODIFIED, NOTES, PROFILENAME, PROFILEVERSION, CREDSTATUS, USAGECOUNT, USAGECOUNTLIMIT, TRANSALGO, SUPHANDLER, PASSWORD FROM ARWFOTP WHERE ( USERREFID=? AND USAGETYPE=? )]

     

    05/07/18 22:18:15.464 DEBUG TXN_NATIVE   -282068112 00056171 - Query[ArWFIssuanceCredBaseQuery_DeleteRow]-ID[TEMPLATE_ISSUANCE_DELETE_CREDENTIAL_BY_USER]:[DELETE FROM ARWFOTP WHERE ( USERREFID=? AND USAGETYPE=? )]

     

    05/07/18 22:18:15.471 DEBUG TXN_NATIVE   -282068112 00056171 - Query[OTPQuery_Insert]-ID[ARWFOTP_INSERT]:[INSERT INTO ARWFOTP ( USERREFID, ORGNAME, DMDV, CREDID, USAGETYPE, VALIDITYSTARTDATE, VALIDITYENDDATE, DISABLESTARTDATE, DISABLEENDDATE, STRIKECOUNT, LASTSTRIKEDATE, LASTSUCCESSDATE, DATECREATED, DATEMODIFIED, NOTES, PROFILENAME, PROFILEVERSION, CREDSTATUS, USAGECOUNT, USAGECOUNTLIMIT, TRANSALGO, SUPHANDLER, PASSWORD ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ? )]

     

    05/07/18 22:18:15.482 DEBUG TXN_NATIVE   -282068112 00056171 - Query[ArWFIssuanceAuditLogQuery_Insert]-ID[ARWFISSUANCEAUDITLOG_INSERT]:[INSERT INTO ARWFISSUANCEAUDITLOG (DMDV, DCBN, RESPONSECODE, REASONCODE, CLIENTIPADDRESS, CALLERID, PROTOCOLID, PROTOCOLVERSION, USERAGENT, REFERRER, CLIENTSESSIONID, IP, TXNID, UDSTXNID, INSTANCENAME, OPERATIONID, LOCALE, RESPONSETIME, DATECREATED, ASSOCIATIONVERSION, ADDITIONALINFOINTERNAL, ADDITIONALINFOEXTERNAL, USERREFID, ORGNAME, USERNAME, ACTTYPE, ACTID, INUSERID, USAGETYPE, CREDID, CREDTYPE, CREDSTATUS, STRIKECOUNT, USAGECOUNT, USAGECOUNTLIMIT, VALIDITYSTARTDATE, VALIDITYENDDATE, PARAMNAME, PROFILENAME, PROFILEVERSION, NEWCREDID, PREISSUANCEEVENT, PREISSUANCEMODULENAME, PREISSUANCEMODULETYPE, PREISSUANCEEVENTRESULT, PREISSUANCEEVENTTXNID, PREISSUANCEEVENTMESSAGE, PROCISSUANCEEVENT, PROCISSUANCEMODULENAME, PROCISSUANCEMODULETYPE, PROCISSUANCEEVENTRESULT, PROCISSUANCEEVENTTXNID, PROCISSUANCEEVENTMESSAGE, POSTISSUANCEEVENT, POSTISSUANCEMODULENAME, POSTISSUANCEMODULETYPE, POSTISSUANCEEVENTRESULT, POSTISSUANCEEVENTTXNID, POSTISSUANCEEVENTMESSAGE) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)]

     

     

    Thanks.



  • 2.  Re: Webfort GetOTP and FetchOTP

    Posted 05-23-2018 07:38 AM

    Please find the update below.

     

    FetchSecAuthOTPTask : is used to fetch OTP while secondary authentication flow in case of increase auth to send OTP via SMS/EMAIL/PUSH
    GetOTPTask : is used to get OTP when user doesn't have OTP credential at all like user enrollment flow

     

    Thanks,
    Sharan



  • 3.  Re: Webfort GetOTP and FetchOTP

    Posted 05-23-2018 08:38 AM

    Yes. Thanks.

     

    I need to know why the queries of FetchSecAuthOTPTask is executed while GetOTPTask?

     

    Thanks,

    Nikunj



  • 4.  Re: Webfort GetOTP and FetchOTP
    Best Answer

    Posted 06-14-2018 07:57 AM

    Hi Nikunj,

     

    Usually in secondary authentication flow where OTP authentication is required, first FetchSecAuthOTPTask is invoked to check mainly the status of OTP credential (whether it is locked, deleted or disabled) for the  user. Hence you are finding the queries of FetchSecAuthOTPTask.

    In case credential status it ok or not found, then GetOTPTask is invoked to create a new OTP that is sent to user by e-mail or SMS.

     

    Thanks,
    Sharan



  • 5.  Re: Webfort GetOTP and FetchOTP

    Posted 06-15-2018 07:43 AM

    Great! Thanks Sharan.



  • 6.  Re: Webfort GetOTP and FetchOTP

    Posted 06-19-2018 10:11 AM

    KB is created for the same.

    why the queries of FetchSecAuthOTPTask is executed - CA Knowledge 

     

    Thanks,
    Sharan