Pseudo code to handle ISIS Web Service response

Please note this is just a template illustrating how to parse ISIS Web Service response. If you want to learn how to integrate a web application with ISIS please visit ISIS Developer Guide

After successful login, ISIS redirects the browser to a designated application handler (This handler is configured in ISIS Admin Tool). The handler must verify that user session is active by making ISIS Web Service call, before forwarding to application.

If you want to see sample SOAP response log in to diagnostic utility at

You have to collect a few details before calling IWS verifySession.

ISIS_WS_NS is a constant ""
ISIS_CLIENT_APPL_ID is the application id assigned to your application. You may register this in ISIS Admin Tool
ISIS_CLIENT_APPL_PSWD is the application password. You may register this in ISIS Admin Tool
IP_ADDRESS is the browser IP address. Collect this from user browser
ISIS_TICKET is the ISIS cookie string from the browser saved with a cookie name "edu.ucla.isis4.ticket" and domain "". Collect this from user browser
RETURN_USER_ATTRIBUTES  true/false (true if you need additional attributes about the user like name, uid, email)

STEP 1: Call verifySession WebService and Parse SOAP response

	call IWS verifyIsisSession passing above parameters. We assume you already have a SOAP library to do this.
	//Parse XML SOAP response
        SoapXmlResponse iwsResponse = get Isis VerifySession SoapResponse();

        //Check if ISIS returned an error response. Check if its a Warning or Error
        if (iwsResponse.isHasErrors()) {
	        IwsError[] iwsError = iwsResponse.getErrorInfo().getErrors().getError();
    		Save IwsError collection

        //SessionInfo and ErrorInfo are separate. They may exist independent of each other. You have to
        //parse both to verify the validity of user session

        SessionStatus = iws.getSessionInfo().getStatus().getValue());
        Save SessionStatus

        //ISIS returns account information in the response. ISIS supports multiple logon                                                                                   
        //(accounts). Traverse thru the array and find the account user logged in with.
        //Please note accounts may be empty for non-active sessions.
       	IwsAccount[] accounts = iws.getSessionInfo().getAccounts().getAccount();
        Save accounts

        //If RETURN_USER_ATTRIBUTES is 'true' ISIS returns additional attributes like name, uid, email. 
        //Please note attributes may be empty for non-active sessions.
	IwsUserAttribute[] attributes = iws.getSessionInfo().getUserAttributes().getAttribute();
        Save attributes 

       	Go to STEP2

STEP 2: Check session status & error code and decide the next course of action

        //For a list of all possible error codes consult ISIS Developer guide.
        //The below is just a sample. You may want to handle these error codes differently

        Retrieve Session Status
        if (Session Status = "Expired" or "Uninitialized")
	        retrieve and traverse thru error collection 
	        if (no error) {
                     Display 'Session expired' message and link to ISIS Login page

	        else {
	        switch error code
	        when 604010
	            //IP address changed within session. This page has user instructions to overcome 604010
	            Redirect to
	        when 700001
	            //Some serious error. Go to application error page
	            Go to error page
	        when some other error
	            Go to error page

        if (Session Status = "Active" || "ActiveWithCachedCredential" || "ActiveWithMultipleCachedCredentials")
	        //ISIS session validated. session is active. Check the error codes
	        retrieve and traverse thru error collection 
	        if (no error) {

	        if (error) {
	        switch error code
	        when 904099
        	     //904099 is non fatal warning. Log and move on
	             Log the code and Continue
	        when 700001
	            //This is unlikely i.e Session status is active and there is a fatal error code.
	            //Applications should handle appropriately.
	            Go to error page ?
	        when some other error
	            Go to error page ?

	// Execute this code when Session Status is active and No fatal errors
        Retrieve accounts
       	for each account in IwsAccount array {
               		get account LoginId
               		get account idType Authenticated
               		pass this data to application
               		//If an account has a status of Authenticated, it means user logged in with this account
               		if (account status == "Authenticated")
               		     Do some processing


        Retrieve attributes
	for each attribute in IwsUserAttribute array {
       		get attribute name
       		get attribute value
       		pass this data to application

       	Let the user thru to application

Unknown macro: {builder-hide}

Some sample code is avaliable:

  • No labels