Pictograph Authentication Method
Here is an example response from the server indicating that Pictograph authentication is required as the next step:
HTTP/1.1 200 OK
Content-Type: application/json
{
"type": "pictograph",
"id": "e89afb10-2e6e-11e6-b6f0-005056c00008",
"step": {
"type": "challenge",
"numToChoose": 1,
"images": [
{
"id": "_social-016_apple-64.png",
"url":"https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-016_apple-64.png"
},
{
"id": "_social-010_html5-64.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-010_html5-64.png"
},
{
"id": "_social-036_android-64.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-036_android-64.png"
},
{
"id": "_thin-0037_smiley_happy_like_face-48.png",
"url": "https://localhost:8443/idp/ws/icons/
_thin-0037_smiley_happy_like_face-48.png"
},
{
"id": "_thin-0038_smiley_neutral_face-48.png",
"url": "https://localhost:8443/idp/ws/icons/
_thin-0038_smiley_neutral_face-48.png"
}
]
}
}Note the value of the type property is pictograph and the step object has a type property value of challenge.
The numToChoose property indicates how many of the provided images the user must identify.
The images array contains a randomized subset of the total image set available to the method as defined in the Authentication Policy. It will always contain at least numToChoose images which the user previously selected during their setup step.
To successfully complete the Pictograph authentication step, the user must identify the image(s) they chose during the setup phase. The IDs of those images need to be sent to the server in the subsequent request:
POST /idp/ws/rest/authn HTTP/1.1
Content-Type: application/json
Accept: application/json
{
"type": "pictograph",
"id": "e89afb10-2e6e-11e6-b6f0-005056c00008",
"step": {
"type": "challenge",
"imageIds": [
"_social-016_apple-64.png"
]
}
}Setup
If a user needs to choose their pictures for a future challenge, the server will respond with a setup step. It will look similar to the following:
HTTP/1.1 200 OK
Content-Type: application/json
{
"type": "pictograph",
"id": "e89afb10-2e6e-11e6-b6f0-005056c00008",
"step": {
"type": "setup",
"numToChoose": 1,
"images": [
{
"id": "_social-016_apple-64.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-016_apple-64.png"
},
{
"id": "_social-010_html5-64.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-010_html5-64.png"
},
{
"id": "_social-036_android-64.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_social-036_android-64.png"
},
{
"id": "_thin-0037_smiley_happy_like_face-48.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_thin-0037_smiley_happy_like_face-48.png"
},
{
"id": "_thin-0038_smiley_neutral_face-48.png",
"url": "https://rapidIdentity.example.com:8443/idp/ws/icons/
_thin-0038_smiley_neutral_face-48.png"
}
],
"passwordRequired": true
}
}The numToChoose property indicates how many images the user must choose for future challenges.
The images array contains all of the possible images the user may choose. Each image has an id and a url.
The passwordRequired property indicates whether or not a valid password is required to complete the setup process. This will be true if there have been no previous authentication steps which have validated the user is who they claim to be. In other words requiring a password for setup ensures that someone cannot setup Pictograph authentication for someone else by simply supplying a valid username at the beginning of the process.
To successfully complete the setup step the proper number of images must be chosen and their IDs should be passed to the server.
POST /idp/ws/rest/authn HTTP/1.1
Content-Type: application/json
Accept: application/json
{
"type": "pictograph",
"id": "e89afb10-2e6e-11e6-b6f0-005056c00008",
"step": {
"type": "setup",
"imageIds": [
"_social-016_apple-64.png"
],
"password": "idAuto#123"
}
}