Bulk update FIDO UAF sign counters

PATCH /nevisidm/api/core/v1/:clientExtId/users/:userExtId/fido-authenticators/increment-sign-counter

Since: 8.2511.0

This is an Internal Use Only Interface. Not intended for public use, may change without public statements.

Required permission(s): AccessControl.CredentialModify, AccessControl.CredentialView or SelfAdmin Role

Updates the sign counters of multiple FIDO UAF credentials in a single request. Return a list of successfully updated credentials and a list of errors for credentials that could not be updated.

Request

Path Parameters

clientExtId stringrequired

External ID of the client.

Example: client-123

userExtId stringrequired

External ID of the user.

Example: user-123

application/json

Body

required

credentials FidoUafIdentifier[]

A list of keyId and aaid pairs to select credentials to update.

Array [

keyId string

The key identifier of the authenticator registered key.

aaid string

The authenticator attestation identifier of the FIDO UAF credential.

]

Responses

Bulk FIDO UAF sign counters updated successfully

application/json

Schema
Example (from schema)

Schema

successes object[]

List of successfully updated items, not ordered.

Array [

created string

Creation date of the entity.

lastModified string

Date when the entity was last modified.

version int32

Version used for optimistic locking.

extId string

The external ID of the credential.

userExtId string

The external ID of the user to whom the credential belongs.

policyExtId string

The external ID of the used policy.

stateName string

Possible values: [initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived]

The state of the credential. Available values: initial, active, tmp-locked, fail-locked, reset-code, admin-changed, disabled, archived.

stateChangeReason string

Reason for the last state change of the password.

stateChangeDetail string

Reason detail for the last state change of the password.

lastSuccessfulLoginDate string

Timestamp of last successful login.

successfulLoginCount int32

Counts successful logins with this credential since last initialization or reset.

lastFailedLoginDate string

Date of last non-technical login failure, for example, wrong password.

failedLoginCount int32

Counts non-technical login failures since the last successful login, initialization or reset.

modificationComment string

Textual comment regarding the last modification.

type string

Possible values: [Password, Certificate, SecurID User Mapping, Ticket Authorization, Safeword User Mapping, OTP Card, Temporary Strong Password, Generic Credential, Kerberos, mTan, Vasco, PUK, URL Ticket, DevicePassword, MobileSignature, SAML Federation, Security Questions, Context Password, OATH, FIDO UAF Authenticator, Recovery Code, FIDO2 Authenticator]

Type of credential.

validity object

Describes the validity period of the password.

from string

Start date of the entity's validity in ISO format.

to string

End date of the entity's validity in ISO format.

aaid string

The authenticator attestation identifier.

keyId string

The key identifier of the authenticator registered key.

signCounter int32

Indicates how many times this authenticator has performed signatures in the past.

authenticatorVersion int32

The version of the authenticator, as $major.$minor.

appId string

The OS-specific ID of the application that uses the FIDO credential.

deviceId string

The device identifier obtained from a push service.

publicKey string

The user authentication public key generated by the FIDO Authenticator during registration.

publicKeyAlgorithm string

The public key algorithm used for the public key in the authenticator record.

dispatchTargetExtId string

Unique 1:N association between the dispatch target and the UAF credential.

dispatchTarget object

The dispatch target to which the credential is associated.

created string

Creation date of the entity.

lastModified string

Date when the entity was last modified.

version int32

Version used for optimistic locking.

extId string

The unique external ID of the dispatch target within the client. If not provided, one will be generated. It has to be unique on client

type string

Possible values: [fido-uaf]

Default value: fido-uaf

The type of the dispatch target.

deviceId string

The identifier of the device associated with this dispatch target.

target string

The target identifier of the authentication channel.

dispatcher string

The name of the dispatcher responsible for routing messages to this target.

userAgent string

User-Agent string of the FIDO UAF device.

encryptionKey string

Encryption key used for encrypting the channel data.

signingKey string

The signing key used for signing dispatch channel information.

appId string

The application ID where the device is registered.

name string

Human-readable name of the device.

state string

Possible values: [active, disabled]

Default value: active

The current state of the dispatch target.

identification string

Business identification of the dispatch target.

appAttestation object

The iOS App Attestation associated with this dispatch target, if any.

created string

Creation date of the entity.

lastModified string

Date when the entity was last modified.

version int32

Version used for optimistic locking.

name string

User friendly name of the iOS App Attestation.

counter int32

Number of times the attestation was used to successfully validate an assertion.

receipt string

Receipt data of the iOS App Attestation.

publicKey string

Public key of the iOS App Attestation.

deviceId string

Device ID associated with the iOS App Attestation.

environment string

The environment where this credential can be used.

attestationType string

Possible values: [fullBasic, fullBasicPermissive, failedFullBasicPermissive, surrogateBasic, ecdaa]

The attestation type used during registration.

]

errors ErrorMessageDTO[]

Possible values: [errors.fatalError, errors.unknownReason, errors.inconsistentData, errors.duplicateName, errors.invalidData, errors.duplicateValue, errors.duplicateEmail, errors.duplicateMobile, errors.undeletedDependencies, errors.noRecord, errors.invalidConfig, errors.missingReferenceData, errors.recordDeleted, errors.modifyReadonlyData, errors.tooManySearchResults, errors.pessimisticLockingFailure, errors.policyViolation, errors.deleteDefaultEntityFailure, errors.emailChannel, errors.noSmtpConnection, errors.SmtpNotConfigured, errors.propertyUniquenessViolated, errors.property.stringmaxlen, errors.property.stringregex, errors.property.regexinv, errors.pwdPolicyViolated, errors.certificatePolicyViolated, errors.identifierPolicyViolated, errors.passwordExists, errors.mtanFormatViolated, errors.mtanFormatE164Violated, errors.tempStrongPasswordExists, errors.safewordExists, errors.securidExists, errors.ticketExists, errors.kerberosExists, errors.tooManyOTPCards, errors.urlTicketMissingURLPrefix, errors.certificateExists, errors.vascoExists, errors.PUKExists, errors.URLTicketExists, errors.mobileSignatureExists, errors.securityQuestionsExists, errors.recoveryCodeExists, errors.securityQuestionsMaxReached, errors.qrCodeGenerationFailed, errors.oathSecretIsShared, errors.nocertcred, errors.CredTypeUnitPolicyViolated, errors.CredTypeClientPolicyViolated, errors.credentialNotActive, errors.dimensionNotMatch, errors.noTemplate, errors.pdfPrintingFailure, errors.missingMandatoryPlaceholder, errors.defaultCollectionDelete, errors.tableTypeMismatch, errors.nullRequestBody, errors.deserialization, errors.nullParameter, errors.invalidParameter, errors.invalidDate, errors.invalidDateOrDateTime, errors.invalidDateInterval, errors.invalidMobile, errors.mobileCannotBeDeleted, errors.mobileMissing, errors.userLoginIdNull, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userLoginFailed, errors.userNameNull, errors.userFirstNameNull, errors.userSexNull, errors.userCountryNull, errors.userEmailNull, errors.userMobileNull, errors.userPhoneFormat, errors.userEmailFormat, errors.msisdnFormat, errors.applicationNameNull, errors.credentialFidoUaf.invalidAuthVersionFormat, errors.credentialFidoUaf.invalidPublicKeyAlgorithm, errors.credentialFidoUaf.invalidKeyIdFormat, errors.credentialFidoUaf.invalidAaidFormat, errors.credentialFidoUaf.emptyAppId, errors.credentialFidoUaf.notUnique, errors.msspIdentifierMissing, errors.invalidTimeInterval, errors.unitInvalidValidityPeriodParent, errors.unitInvalidValidFromParameterParent, errors.unitInvalidValidUntilParameterParent, errors.unitInvalidValidityPeriodChild, errors.unitInvalidValidFromParameterChild, errors.unitInvalidValidUntilParameterChild, errors.noClientFound, errors.inconsistentClientAssignment, errors.noDefaultUnitInClient, errors.samlAttributeFormat, errors.insufficientRightsFunction, errors.maxResetCount, errors.insufficientFineGrainedRights, errors.potentialPrivilegeEscalation, errors.applDataroomDenied, errors.unitDataroomDenied, errors.eRoleDataroomDenied, errors.combinedDataroomDenied, errors.clientDataroomDenied, errors.referenceDataChangeDenied, errors.attrAccessForbidden, errors.filesystemIO, errors.reporting.tooManyRequests, errors.modifyArchivedUser, errors.modifyArchivedCredential, errors.archiveCredentialDenied, errors.modifyArchivedProfile, errors.assignDisabledUnit, errors.assignProfilelessUnit, errors.profilelessFlagCannotBeSet, errors.modifyExtId, errors.docTypeNotModifiable, errors.addIdmToApplDataroom, errors.applicationLimitsDataroomUnitsMaxExceeded, errors.assignSubunitAsParent, errors.history.norecord, errors.loginIdGeneratorFailed, errors.fileupload.vasco, errors.techUser.oneProfile, errors.urlTicket.invalidFormat, errors.passwordChangeDeadlineExceeded, errors.pcyconf.invalidParamValue, errors.pcyconf.missingParam, errors.pcyconf.missingProfilePolicy, errors.pcyconf.multipleClientPolicy, errors.pcyconf.invalidParamName, errors.userImport.fileupload.invalidTemplate, errors.enterpriseRolesDisabled, errors.queryServiceDisabled, errors.serviceDisabled, errors.invalidUri, errors.unsupportedMediaType, errors.jsonProcessingError, errors.unsupportedOperation, errors.unsupportedCredentialTypeToCreate, errors.unsupportedCredentialTypeToDelete, errors.credentialTypeWithoutProperties, errors.invalidAssignIdmroleToErole, errors.invalidJWTToken, errors.modifyProtectedFieldInvalidJWTToken, errors.optimisticLockingFailure, errors.deleteDefaultUnitCredPolicyFailure, errors.otherGenderPolicyDisabled, error.login.userState, error.job.execution.failure, errors.invalidSyntax, errors.mandatoryParameterMissing, errors.fieldIsNotIndexed, errors.fieldIsNotDirectlyIndexed, errors.entityManagerNotOpen, errors.unsuccessfulQuery, errors.queryHasTimedOut, errors.emailPolicyViolated, errors.policyInconsistency]

@Schema(description = "List of errors that occurred during the bulk update. Each error includes an identifier for the item that caused the error.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

{
  "successes": [
    {
      "created": "2023-08-18T12:34:56Z",
      "lastModified": "2023-08-18T12:34:56Z",
      "version": 1,
      "extId": "cred-123",
      "userExtId": "user-123",
      "policyExtId": "policy-123",
      "stateName": "active",
      "stateChangeReason": "Reset by admin",
      "stateChangeDetail": "Reset due to security policy",
      "lastSuccessfulLoginDate": "2023-08-18T12:34:56Z",
      "successfulLoginCount": 15,
      "lastFailedLoginDate": "2023-08-17T09:12:34Z",
      "failedLoginCount": 3,
      "modificationComment": "Updated by admin.",
      "type": "FIDO UAF Authenticator",
      "validity": {
        "from": "2023-01-01T00:00:00Z",
        "to": "2033-12-31T23:59:59Z"
      },
      "aaid": "ABCD#0001",
      "keyId": "a2V5SWRFeGFtcGxl",
      "signCounter": 42,
      "authenticatorVersion": 1,
      "appId": "appid-123",
      "deviceId": "device-123",
      "publicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE...",
      "publicKeyAlgorithm": "SHA256",
      "dispatchTargetExtId": "dt-123",
      "dispatchTarget": {
        "created": "2023-08-18T12:34:56Z",
        "lastModified": "2023-08-18T12:34:56Z",
        "version": 1,
        "extId": "fido-uaf-target-1",
        "type": "fido-uaf",
        "deviceId": "device-12345",
        "target": "https://fidoexample.com/authenticate",
        "dispatcher": "DefaultDispatcher",
        "userAgent": "Mozilla/5.0",
        "encryptionKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ...",
        "signingKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ...",
        "appId": "https://example.com",
        "name": "FIDO UAF Target",
        "state": "active",
        "identification": "string",
        "appAttestation": {
          "created": "2023-08-18T12:34:56Z",
          "lastModified": "2023-08-18T12:34:56Z",
          "version": 1,
          "name": "FIDO UAF Target App Attestation",
          "counter": 1,
          "receipt": "SampleReceiptData",
          "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQ...",
          "deviceId": "device-12345",
          "environment": "production"
        }
      },
      "attestationType": "fullBasic"
    }
  ],
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ]
}

Insufficient permissions

application/json

Schema
Example (from schema)
Permission denied
Dataroom permission denied

Schema

errors ErrorMessageDTO[]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.insufficientRightsFunction",
      "message": "Permission denied: Caller does not have the required right 'AccessControl.CredentialModify, AccessControl.CredentialView' to perform this action"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.combinedDataroomDenied",
      "message": "Permission denied: AccessControl.CredentialModify, AccessControl.CredentialView"
    }
  ]
}

Referenced resource not found

application/json

Schema
Example (from schema)
Client not found
User not found

Schema

errors ErrorMessageDTO[]

A list of error messages describing the error(s) that occurred.

Array [

identifier object

The identifier of the entity related to the error, only used in certain error cases for BULK actions.

oneOf

CredentialExtIdIdentifierDTO
FidoUafIdentifier

clientExtId string

The external identifier of the client.

userExtId string

The external identifier of the user.

credentialExtId string

The external identifier of the credential.

code string

The error code identifying the type of error.

message string

A human-readable message providing more details about the error.

]

policyViolations PolicyViolationDTO[]

A list of policy violations that caused the error.

Array [

displayName string

The display name of the policy element that was violated.

configString string

The configuration string of the policy element that was violated.

suppliedValue string

The value that was supplied and caused the policy violation.

limitValue int32

The limit value defined in the policy element that was violated.

actualValue string

The actual value that caused the policy violation.

]

policyViolation PolicyElementViolation

cause object

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

element PolicyElement

displayName string

messageTag string

infoTag string

limitValue int32

configString string

suppliedValue string

actualvalue string

description string

message string

suppressed object[]

Array [

stackTrace object[]

Array [

classLoaderName string

moduleName string

moduleVersion string

methodName string

fileName string

lineNumber int32

className string

nativeMethod boolean

]

message string

localizedMessage string

]

localizedMessage string

{
  "errors": [
    {
      "code": "errors.fatalError",
      "message": "The user with the given external ID was not found."
    }
  ],
  "policyViolations": [
    {
      "displayName": "string",
      "configString": "string",
      "suppliedValue": "4",
      "limitValue": 3,
      "actualValue": "5"
    }
  ],
  "policyViolation": {
    "cause": {
      "stackTrace": [
        {
          "classLoaderName": "string",
          "moduleName": "string",
          "moduleVersion": "string",
          "methodName": "string",
          "fileName": "string",
          "lineNumber": 0,
          "className": "string",
          "nativeMethod": true
        }
      ],
      "message": "string",
      "localizedMessage": "string"
    },
    "stackTrace": [
      {
        "classLoaderName": "string",
        "moduleName": "string",
        "moduleVersion": "string",
        "methodName": "string",
        "fileName": "string",
        "lineNumber": 0,
        "className": "string",
        "nativeMethod": true
      }
    ],
    "element": {
      "displayName": "string",
      "messageTag": "string",
      "infoTag": "string",
      "limitValue": 0,
      "configString": "string"
    },
    "suppliedValue": "string",
    "actualvalue": "string",
    "description": "string",
    "message": "string",
    "suppressed": [
      {
        "stackTrace": [
          {
            "classLoaderName": "string",
            "moduleName": "string",
            "moduleVersion": "string",
            "methodName": "string",
            "fileName": "string",
            "lineNumber": 0,
            "className": "string",
            "nativeMethod": true
          }
        ],
        "message": "string",
        "localizedMessage": "string"
      }
    ],
    "localizedMessage": "string"
  }
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "Client doesn't exist with extId 'client-123'"
    }
  ]
}

{
  "errors": [
    {
      "code": "errors.noRecord",
      "message": "A user with extId 'user-123' doesn't exist on client with name Default"
    }
  ]
}

Bulk update FIDO UAF sign counters

/nevisidm/api/core/v1/:clientExtId/users/:userExtId/fido-authenticators/increment-sign-counter

Request​

Path Parameters

Body

Responses​

Request

Responses