The query string variables that are passed to the web pages by the CGI program are mainly concerned with status and error reporting. There is also a variable that is used to pass a challenge to the pages that display one.
9.4.1 Failure/Error Handling
There are three main groups of failures that can occur, which should be handled in a different manner. In all cases there is a numeric error code, however in some cases there is an auxiliary code and message such as the return code and message from the Identikey Server. The main error codes will be assigned in three separate ranges, so that the web pages can identify which category of error is returned.
API return codes – these are returned by the VASCO API used to make the authentication request to the Server. In some cases there will be an auxiliary code and message.
CGI errors – these errors are detected by the CGI program, mainly when the web pages are not providing or enforcing the posted form fields correctly. These will not generally have an auxiliary code and message, but it is possible.
Internal errors – these are technical errors that ‘should not occur’. In some cases there will be an auxiliary code and message.
The intention of using this code-based scheme is to allow translation and customization of the messages. The main error code will be translated into a message by the web pages themselves. The pages can also translate the auxiliary code into a message, for the Identikey Server codes, but normally, the pages would not know how to translate it into a message, and should display the auxiliary message as provided.
9.4.2 Query String Variable List
The following table indicates which variables are used for the User Self Management Web Site and the required conditions:
Table 51: Query String Variable List
Variable Value Condition Used by Site
result 0 Successful authentication request Both
<API return code, numeric> Unsuccessful authentication request Both
<error code, numeric> CGI or internal error occurred Both challenge <challenge returned by API,
string>
Challenge returned by API User Self Management Web Site only
serialNo <Digipass Serial Number assigned>
auxcode <VACMAN Controller return code, numeric>
Unsuccessful authentication request due to Controller rejecting password
Both
<additional error code for CGI or internal error, numeric>
CGI or internal error occurred, where another error code is relevant
Both auxmsg <Message for VACMAN Controller
return code, string>
Unsuccessful authentication request due to Controller rejecting password
Both
<message for CGI or internal error, string>
CGI or internal error occurred, where an error message is relevant
Both
Examples:
success: /vmsite/success.html?result=0
invalid Digipass response due to code replay: /vmsite/fail.html?result=1000&auxcode=2&auxmsg=Code+Replay+Attempt challenge: /vmsite/challenge.html?challenge=738453
9.4.3 Return Code Listing
In the following tables, the Message is the one that is provided by the standard web pages that we install.
9.4.3.1 API Return Codes
The following codes are the ones that in normal cases might be returned:
Table 52: API Return Codes
Code Message Auxiliary Code/
Message? Notes
-1 Error during request to Server N We are unable to distinguish the error
from the client side of the API – the administrator would have to look at the Audit Console.
9.4.3.2 CGI Errors
Table 53: CGI Error Return Codes
Code Message Auxiliary
Code/
Message?
-100 Only the POST method is permitted N
-101 No dpcgi_operation was posted N
-102 An invalid dpcgi_operation was posted N
-103 dpcgi_challenge_page cannot be used for this operation N
-104 dpcgi_password cannot be used for this operation N
-105 dpcgi_serialno cannot be used for this operation N
-106 dpcgi_currentpin cannot be used for this operation N
-107 dpcgi_newpin cannot be used for this operation N
-108 dpcgi_confirmpin cannot be used for this operation N
-109 dpcgi_challenge cannot be used for this operation N
-110 dpcgi_success_page must be entered for this operation N
-111 dpcgi_fail_page must be entered for this operation N
-112 dpcgi_userid must be entered for this operation N
-113 dpcgi_password must be entered for this operation N
-114 dpcgi_response must be entered for this operation N
-115 dpcgi_newpin must be entered for this operation N
Code Message Auxiliary Code/
Message?
-116 dpcgi_confirmpin must be entered for this operation N
-117 A Digipass Response is required to assign a Digipass N
-118 A New PIN can only be set when assigning a Digipass N
-119 Enter the new PIN in the New PIN and Confirm New PIN fields N
-120 The New PIN and Confirm New PIN fields have different values N
-121 A challenge was returned, but there is no dpcgi_challenge_page N
-122 Unknown parameter N
-123 The Content-Length passed in was invalid N
-124 dpcgi_serialno must be entered for this operation N
-131 Wrong token page is forbidden N
9.4.3.3 Internal Errors
Table 54: Internal Error Codes
Code Message Auxiliary
Code/
Message?
-1000 Cannot read Trace-Mask configuration setting Y
-1001 Cannot read Trace-File configuration setting Y
-1002 Cannot open Trace-File Y
-1003 Cannot read Source-IP-Address configuration setting Y
-1004 Cannot read Server1-IP-Address configuration setting Y
-1005 Cannot read Server1-Port configuration setting Y
-1006 Cannot read Server2-IP-Address configuration setting Y
-1007 Cannot read Server2-Port configuration setting Y
-1008 Invalid configuration setting Source-IP-Address Y
-1009 Invalid configuration setting Server1-IP-Address Y
-1010 Invalid configuration setting Server1-Port Y
-1011 Invalid configuration setting Server2-IP-Address Y
-1012 Invalid configuration setting Server2-Port Y
-1014 Cannot read HTTP request data N
-1015 Request to Server not completed Y
-1016 Cannot read Self-Management Site registry key Y
Code Message Auxiliary Code/
Message?
-1017 The specified Source-IP-Address is not on this machine N
-1018 Cannot read Trace-Header configuration setting Y
-1019 Invalid configuration setting Trace-Header Y
-1020 The Trace file name must not contains quotes ' or ". N
-1021 No File found in the trace file <trace file name> N
-1030 Error reading Server 1 Secret - return code was <return code> N -1031 Error reading Server 2 Secret - return code was <return code> N -1032 Error reading No of Retries - return code was <return code> N
-1033 Error reading Timeout - return code was <return code> N
-1034 Error writing Protocol - return code was <return code> N
-1040 The Shared Secret and Confirm Shared Secret do not match. N