Application to Application (A2A) Token Authentication Log-in Updates
Introduction of a Token for A2A authentication
As part of our continuing program to improve security, Claims Portal have introduced an Application to Application (A2A) token for access effective from the 24 January.
The token applies an additional layer of security to verify the identity of the user, along with current credentials.
In addition, we have introduced updated Password validation rules, for the acceptable password for logging in to the Claims Portal.
Frequently Asked Questions
We have created a set of Frequently Asked Questions and Answers for the A2A Token Implementation and the Password validation rules
A2A Token Workshop - Presentation slides and recording of live event
Claims Portal ran a dedicated virtual workshop on Tuesday 18th October which covered the following:
- An overview of the A2A token messaging
- Technical details on the system changes required
- Use of the integration site for testing
- Details of the support available to implement the changes ahead of the agreed go live date
- Q&A session
The workshop presentation slides are available here:
Our Technical Partners CRIF have created a section called recommended approach. This will assist developers on the changes required:
This virtual workshop was recorded and the recording is available here:
Here are the Questions & Answers from the Virtual Workshop
Technical Specifications Documentation and WSDL and Schema
The final RTA and ELPL Technical Specifications and WSDL and Schema which can be accessed here:
These documents provide an oversight of the changes that software developers and suppliers will need to make for A2A Token implementation.
Summary of updates within documentation include:
- A2A Token Implementation
- New Methods added: GetToken, RefreshToken and changePassword.
- Updates to the “Instruction for developers” section.
- Modification to all of the call methods to reflect the changes in the authentication process.
- Hints on error handling.
- New specifications on how to retrieve and delete A2A notifications.
- Password change rules
Test Plan for A2A Token and password change rules
We have created an RTA and an EL/PL Test Plan for you to use as part of testing the changes required for the A2A Token and Password Change Rules. The Test Plan can be accessed here:
Testing A2A Token in Integration
Ahead of testing system updates, please ensure that A2A users check that they have access to the integration site to complete testing.
If you do not have credentials for A2A test (integration)
Administrators will need complete the smart form on the Claims Portal website and select Request A2A credentials for Test (Integration).
If you have credentials for A2A test (integration)
Please use your current credentials and check that users, including the Administrators are enabled.
- The A2A password does not currently have an expiry date, the credentials will only fail if the password is entered incorrectly several times. Whilst the users including the AsUser are subject to the same security controls as web users.
- If you receive a login failed message – login with your Administrator credentials and check that your users are all active and enabled and that the expiry and password dates are in the future. For guidance, please review the user guide on the website. https://www.claimsportal.org.uk/administrator/claims-portal-user-maintenance/edit-users/
- If you cannot login as an Administrator use the Cannot Access Your Administrators Account function to change your password. https://www.claimsportal.org.uk/administrator/managing-the-account/resetting-your-administrator-password/.
- If you receive the error message - Your account has expired because it has not been extended by the Administrator, please complete the A2A user contact us form on the website https://www.claimsportal.org.uk/contact-us/. You must provide all information requested in the form including Full details of the credentials you are using, excluding the password. Once you have completed the fields in the form, attach this form to an e-mail and send it to the Helpdesk at firstname.lastname@example.org. If you have the email you received from Support detailing your credentials, attach this to the email and add A2A test credentials disabled in the Subject header as this will speed up the process.
New Password Validation Rules
The following password validation rules will be required for a new password
- The minimum length for a password will be 12 characters.
- The password must contain at least one special character.
- The acceptable special characters are: |!"£$€%&/=?^'*+@°#,;:.-_()
- The password must contain at least one number.
- The password must contain at least one uppercase letter and at least one lowercase letter.
- Any abbreviation of the word password including pwd or pswd will not be accepted and your password will not save.
- It is not possible to use your name as a password.
- It is not possible to use your organisation ID as a password.
- It is not possible to use your user ID as a password.
- It is not possible to reuse any of your previous passwords.