When making a request to the CA Advanced Authentication Web Service, the OrgName parameter (<msgs:orgName>defaultorg</msgs:orgName>) is not being correctly interpreted. This results in the BasicQnAAuthPolicy being applied instead of the intended customized qna-questions policy.

CA Advanced Authentication 9.1

The issue occurs due to improper assignment or configuration of the OrgName parameter in the request payload, causing the service to fallback to the default policy (BasicQnAAuthPolicy) instead of the custom policy.

To ensure the OrgName parameter is correctly interpreted and the appropriate policy is applied:

1. Verify Policy Assignment

   • Ensure that the qna-questions policy is correctly assigned to the defaultorg organization in the CA Advanced Authentication configuration.

   • Navigate to the Administration Console and confirm that the organizational mappings align with the intended policies.

2. Update the Request Payload

   • • Confirm that the OrgName parameter in your SOAP request matches the exact organizational name configured in CA Advanced Authentication.

     • Example payload:

       <soapenv:Envelope xmlns:soapenv="http://www.w3.org/2003/05/soap-envelope" xmlns:msgs="http://ws.arcot.com/WebFortAuthAPI/7.0/msgs" xmlns:xsd="http://ws.arcot.com/WebFortAuthAPI/7.0/xsd">
         <soapenv:Header/>
         <soapenv:Body>
           <msgs:GetQuestionsRequest>
             <msgs:userName>ABC</msgs:userName>
             <msgs:orgName>defaultorg</msgs:orgName>
             <msgs:fetchAnswers>true</msgs:fetchAnswers>
             <additionalInput>
               <pairs xmlns="http://ws.arcot.com/WebFortAuthAPI/7.0/xsd">
                 <name>AR_WF_AUTH_POLICY</name>
                 <value>qna-questions</value>
               </pairs>
             </additionalInput>
           </msgs:GetQuestionsRequest>
         </soapenv:Body>
       </soapenv:Envelope>

3. Assign Default Configurations

   • • Refer to the Assigning Default Configurations documentation.

     • Follow the steps to:

       • Assign the defaultorg organization to the qna-questions policy.

       • Ensure the policy assignment includes all necessary parameters.

4. Test and Validate

   • • Perform a test using the updated SOAP request.

     • Verify that the qna-questions policy is applied correctly by checking the response payload and logs.

Contact Support

If the issue persists, please contact Broadcom Support and provide the following details:

• Full request payload (redacted for sensitive information).

• Logs from the CA Advanced Authentication server.

• Version details of the AA environment.