Getting Started

Entrust Identity as a Service (IDaaS) Authentication API client provides integrations with the IDaaS Authentication API.

info

Read the installation instructions before continuing.

Create an Authentication API application in IDaaS

Go to your IDaaS Admin portal and navigate to Security > Applications.
Click + and then select Authentication API from the list of available applications.
In the General tab, enter the name and the description of your application.
Click Next.
In the Setup tab, set the Source of Client IP Address for Risk Conditions.
In the Complete tab, click Copy to copy the applicationID to your clipboard. You need the applicationID to initialize the Authentication API. Example: 9aaf0071-3f79-4663-9782-932c7d53c3da.
Add a resource rule to your Authentication API application.

Note

A resource rule must be added to your Authentication API application.

Available APIs

Identity as a Service uses three API calls to complete an authentication challenge:

Get User's Authenticators.
Select Authenticator.
Complete Authentication Challenge.

These API calls must be made sequentially to complete Identity as a Service authentication. The response to each API call contains information that is required to complete the next call. Completing each of these API calls, in order, allows users to log in to the application.

Available Authenticators

MACHINE
PASSWORD
EXTERNAL
KBA
TEMP_ACCESS_CODE
OTP
GRID
TOKEN
TOKENPUSH
FIDO
SMARTCREDENTIALPUSH
PASSWORD_AND_SECONDFACTOR
PASSTHROUGH

Initialize the Authentication API Client

In order the make the calls to the API, you need to initialize the Authentication API client using the applicationID you copied in step 6 above.

Java
CSharp
Python

import com.entrustdatacard.intellitrust.auth.ApiClient;
import com.entrustdatacard.intellitrust.auth.api.AuthenticationApi;
import com.entrustdatacard.intellitrust.auth.model.AuthenticatedResponse;
import com.entrustdatacard.intellitrust.auth.model.UserAuthenticateParameters;
import com.entrustdatacard.intellitrust.auth.model.UserChallengeParameters;

public class Main {
  private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
  private static final String HOST_NAME = "YOUR_HOST_NAME";

  public static void main(String args[]) throws Exception {
      // initialize the API client with the IDaaS hostname
      ApiClient apiClient = new ApiClient();
      apiClient.setBasePath(HOST_NAME);
  }
}

using com.entrustdatacard.intellitrust.auth.api;
using com.entrustdatacard.intellitrust.auth.Client;
using com.entrustdatacard.intellitrust.auth.model;

namespace Sample
{
    internal class AuthApiSample
    {
        private static readonly string HOST_NAME = "YOUR_HOST_NAME";
        private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";

        public static void Main()
        {
            Configuration configuration = new Configuration();
            configuration.BasePath = HOST_NAME;

            var authApi = new AuthenticationApi(configuration);
        }
    }
}

from IntelliTrust_Python_Authentication import ApiClient, Configuration
import IntelliTrust_Python_Authentication.api as apis
import IntelliTrust_Python_Authentication.models as models
import IntelliTrust_Python_Authentication.exceptions as exceptions

conf = Configuration(host="YOUR_HOST_NAME")
with ApiClient(conf) as api_client:
    # create an instance of the authentication API
    auth_api = apis.AuthenticationApi(api_client)

Try some API Requests

After initializing the client, you can make the API calls. The following example shows how to make the API calls to authenticate a user. To authenticate the user, the user must be registered in IDaaS and be assigned the required authenticators used for authentication.

Java
CSharp
Python

String authType = args[0];
String userId = args[1];

UserChallengeParameters challengeParms = new UserChallengeParameters();
challengeParms.setApplicationId(APPLICATION_ID);
challengeParms.setUserId(userId);

AuthenticatedResponse challengeResponse = authApi.userChallengeUsingPOST(authType, challengeParms);

String response = System.console().readLine("Enter response: ");
UserAuthenticateParameters authParms = new UserAuthenticateParameters()
    .setApplicationId(APPLICATION_ID)
    .setResponse(response)
authApi.userAuthenticateUsingPOST(authType, authParms, challengeResponse.getToken());

String userId = null;
do
{
    Console.WriteLine("Enter the User ID of existing user.");
    userId = Console.ReadLine().Trim();
} while (userId == null || userId.Length == 0);

String response = null;
do
{
    Console.WriteLine("Enter the authentication type (PASSWORD, OTP, KBA, etc.)");
    response = Console.ReadLine().Trim();
} while (response == null || response.Length == 0);

Console.WriteLine("Authenticating user " + userId);
UserAuthenticateParameters authParms = new UserAuthenticateParameters(applicationId: APPLICATION_ID, userId: userID);
AuthenticatedResponse challengeResponse = authApi.UserChallengeUsingPOST(authType, authParms);

userAuthenticateParameters = new UserAuthenticateParameters(applicationId: APPLICATION_ID, response: response);
authApi.UserAuthenticateUsingPOST(authType, userAuthenticateParameters, challengeResponse.Token );

auth_type = input("Enter the authentication type (PASSWORD, OTP, KBA, etc.): ")
user_id = input("Enter the User ID of existing user: ")

user_challenge_parameters = models.UserChallengeParameters(application_id=APPLICATION_ID, user_id=user_id)
challenge_response = auth_api.user_challenge_using_post(auth_type, user_challenge_parameters)

response = input("Enter response: ")
user_authenticate_parameters = models.UserAuthenticateParameters(application_id=APPLICATION_ID, response=response)
try:
    auth_response = auth_api.user_authenticate_using_post(auth_type, user_authenticate_parameters, challenge_response.token)
    if auth_response.authentication_completed:
        print("Authentication successful")
except execptions.ForbiddenException as e:
    print("Authentication failed: " + e.reason)

Full Example Snippet

Java
CSharp
Python

package com.entrust.idaas.userAuthenticate;

import com.entrustdatacard.intellitrust.auth.ApiClient;
import com.entrustdatacard.intellitrust.auth.api.AuthenticationApi;
import com.entrustdatacard.intellitrust.auth.model.*

public class UserAuthenticate {
    private static final String APPLICATION_ID = "YOUR_APPLICATION_ID";
    private static final String HOST_NAME = "YOUR_HOST_NAME";

    public static void main(String args[]) throws Exception {
        ApiClient apiClient = new ApiClient();
        apiClient.setBasePath(HOST_NAME);
        AuthenticationApi authApi = new AuthenticationApi(apiClient);

        if (args.length != 2) {
            System.err.println("userAuthenticate <authType> <userId>");
            System.exit(-1);
        }
        String authType = args[0];
        String userId = args[1];

        UserChallengeParameters challengeParms = new UserChallengeParameters();
        challengeParms.setApplicationId(APPLICATION_ID);
        challengeParms.setUserId(userId);

        AuthenticatedResponse challengeResponse = authApi.userChallengeUsingPOST(authType, challengeParms);

        String response = System.console().readLine("Enter response: ");
        UserAuthenticateParameters authParms = new UserAuthenticateParameters()
            .setApplicationId(APPLICATION_ID)
            .setResponse(response)
        authApi.userAuthenticateUsingPOST(authType, authParms, challengeResponse.getToken());
    }
}

using com.entrustdatacard.intellitrust.auth.api;
using com.entrustdatacard.intellitrust.auth.Client;
using com.entrustdatacard.intellitrust.auth.model;

namespace Sample
{
    internal class AuthApiSample
    {
        private static readonly string HOST_NAME = "YOUR_HOST_NAME";
        private static readonly string APPLICATION_ID = "YOUR_APPLICATION_ID";

        public static void Main()
        {
            Configuration configuration = new Configuration();
            configuration.BasePath = HOST_NAME;

            var authApi = new AuthenticationApi(configuration);

            Console.WriteLine("Authenticating user");

            String userId = null;
            do
            {
                Console.WriteLine("Enter the User ID of existing user.");
                userId = Console.ReadLine().Trim();
            } while (userId == null || userId.Length == 0);

            String authType = null;
            do
            {
                Console.WriteLine("Enter the authentication type (PASSWORD, OTP, KBA, etc.)");
                authType = Console.ReadLine().Trim();
            } while (authType == null || authType.Length == 0);

            Console.WriteLine("Authenticating user " + userId);
            var challengeParams = new UserChallengeParameters(applicationId: APPLICATION_ID, userId: userId);
            AuthenticatedResponse challengeResponse = authApi.UserChallengeUsingPOST(authType, challengeParams);

            String response = null;
            do
            {
                Console.WriteLine("Enter the response");
                response = Console.ReadLine().Trim();
            } while (response == null || response.Length == 0);

            var authParams = new UserAuthenticateParameters(applicationId: APPLICATION_ID, response: response);
            try {
                authApi.UserAuthenticateUsingPOST(authType, authParams, challengeResponse.Token);
                Console.WriteLine("Authentication successful");
            } catch (ApiException e) {
                Console.WriteLine("Authentication failed: " + e.Message);
            }
        }
    }
}

from IntelliTrust_Python_Authentication import ApiClient, Configuration
import IntelliTrust_Python_Authentication.api as apis
import IntelliTrust_Python_Authentication.models as models
import IntelliTrust_Python_Authentication.exceptions as exceptions

conf = Configuration(host="YOUR_HOST_NAME")
with ApiClient(configuration=conf) as api_client:
    auth_api = apis.AuthenticationApi(api_client)
    auth_type = input("Enter the authentication type (PASSWORD, OTP, KBA, etc.): ")
    user_id = input("Enter the User ID of existing user: ")

    user_challenge_parameters = models.UserChallengeParameters(application_id=APPLICATION_ID, user_id=user_id)
    challenge_response = auth_api.user_challenge_using_post(auth_type, user_challenge_parameters)

    response = input("Enter response: ")
    user_authenticate_parameters = models.UserAuthenticateParameters(application_id=APPLICATION_ID, response=response)
    try:
        auth_response = auth_api.user_authenticate_using_post(auth_type, user_authenticate_parameters, challenge_response.token)
        if auth_response.authentication_completed:
            print("Authentication successful")
    except execptions.ForbiddenException as e:
        print("Authentication failed: " + e.reason)

danger

The sample code above is for demonstration purposes only. It is not intended to be used in production. Make sure to properly validate the input parameters and handle any exceptions that may occur. You should also use a secure method to set the application ID and host name.

More Examples

For more examples, click here.

Create an Authentication API application in IDaaS​

Available APIs​

Available Authenticators​

Initialize the Authentication API Client​

Try some API Requests​

Full Example Snippet​

More Examples​