Symantec Access Management

  • 1.  Is there away to get details about device associated with a user through REST or Java APIs?

    Posted Aug 16, 2018 01:32 PM

    I want to give a user an option to delete a user device association. This gives Google like experience where a user can remove a trusted device and be challenged with credentials the next time. The only information available from User Device Association APIs call is association name, creation date, status and device id. This doesn't give enough information about a device for user to delete a correct association. What API can be used to retrieve associated device info, i.e. OS, Browser type?

    Please do not mix this device with a device used for a push, totally unrelated. There is an API to retrieve a push device information.

     

    Thanks,

    Vlad



  • 2.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Broadcom Employee
    Posted Aug 16, 2018 07:23 PM

    You can give your own association name while creating a user and device association.

    OOTB code doesn't do it currently but you can extend that code. When you call "PostEvaluate" method set the Association name in it based on either user choice or something generated by your business logic to identify the device uniquely.

    Now once the Association name is correctly set in the system, you can use "ListAssociations" & "DeleteAssociation" method against a specific Association name.

     

    Currently, this is the only way that product API supports for your business requirements.

     

    Let say you have to have a way to get additional information, then you need write direct SQL query against CA AA database.

    Refer following tables:

    ARRFDEVICEINFO

    ARRFDEVUSERASSO

     

     

     

     

     

     



  • 3.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Posted Aug 17, 2018 12:26 PM

    What do you mean  "PostEvaluate" method? Is there a class I need to rewrite or something on a jsp page?



  • 4.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Broadcom Employee
    Posted Aug 17, 2018 12:35 PM

    "EvaluteRisk" and "PostEvaluate" are API exposed by Risk Authentication similar to "ListAssociations" & "DeleteAssociation".



  • 5.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Posted Aug 17, 2018 12:39 PM

    I use AFM, so I assume I need to find where it calls PostEvaluate to modify it.



  • 6.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Broadcom Employee
    Posted Aug 17, 2018 01:05 PM

    Yes, it should be handled in this fashion, if you are planning to use AFM.



  • 7.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Posted Aug 20, 2018 02:12 PM

    If you would like to manage the Device Associations then you need to name those associations appropriately. OOTB, in AFM during Post Evaluation, there is no way to uniquely name the device association. However, you can modify that code to pass in a unique name so that you can manage it at later point.

     

    Thanks,

    Lakshmi.



  • 8.  Re: Is there away to get details about device associated with a user through REST or Java APIs?

    Broadcom Employee
    Posted Aug 24, 2018 03:15 PM

    Vlad,

     

    You also have Java API's to manage Associations, As Lakshmi pointed you do not have unique name by default for the device associations.

     

    If you plan to give an option to delete associations to the end users, you may need to educate them the pattern of the Device name that was generated by out of the box AFM.

     

    Thanks,

    Kiran N