OneSpan Auth Validate Event (Node)
  • 25 Oct 2024
  • 2 Minutes to read
  • Dark
    Light

OneSpan Auth Validate Event (Node)

  • Dark
    Light

Article summary

Availability: OneSpan Authentication for ForgeRock 1.1.0 and later

This node invokes the Event Validation API (/users/{userID@domain}/events/validate), which validates a non-monetary event against the risk analysis service and the authentication service. It then returns the validation result.

If risk analysis requires an extra challenge, a multi-factor authentication flow has to be designed to continue along the Step Up outcome path.

Outcome paths:

  • Accept

  • Decline

  • Step Up

  • Error

Properties

OneSpan Auth Validate Event properties

Property name

Data type

Description

Event Type

Enum

Specifies the event type.

Possible values:

  • SpecifyBelow. Use this value to set a specific event type in the Specify Event Type property.

  • ReadFromSharedState. Use this value to determine the event type at runtime by pre-store the event type in the sharedState object. The name of the key can be specified with the Event Type In SharedState property.

Default value: SpecifyBelow

Specify Event Type

String

Only required if Event Type is set to SpecifyBelow. Used to specify the event type. For a list of possible event types, see /users/{userID@domain}/events/validate.

Default value: <empty>

Event Type In SharedState

String

Only required if Event Type is set to ReadFromSharedState. Specifies the key name key in the sharedState object to use as the event validation type.

Default value: <empty>

Credentials Type

Enum

Only required for OCA use cases.

Possible values:

  • fidoAuthenticator

  • authenticator

  • passkey

  • none

Default value: none

User Name In SharedState

String

Specifies the key name in the sharedState object to use as the IAA/OCA user name.

Default value: username

Password In TransientState

String

Specifies the key name in the transientState object to use as the IAA/OCA user password.

Default value: password

Optional Attributes

Map<String,String>

Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload.

For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload.

Default value: <empty>

Orchestration Delivery

Enum

Specifies whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.

Possible values:

  • pushNotification

  • requestMessage

  • both

  • none

Default value: both

Event Validation Timeout

int

Specify the event validation timeout in seconds. The priority is as follows:

  1. ForgeRock session expiry

  2. OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authenticationsession expiry

  3. Event validation expiry

Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here.

Default value: 60

Visual Code Message

Enum

Specifies which visual code message will be used to render the visual code.

For more information about using your own customized message format, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties).

Possible values:

  • sessionID

  • requestID

  • none

Default value: sessionID

Data flow

OneSpan Auth Validate Event inbound data

Attribute name

Source

Description

As specified in property

Configuration, shared state

The event type.

As specified in property

Shared state

User name

As specified in property

Transient state

Optional. Password

As specified in property

Shared state

Optional. Other attributes.

ostid_cddc_json

Shared state

CDDC JSON

ostid_cddc_hash

Shared state

CDDC hash value

ostid_cddc_ip

Shared state

CDDC client IP address

ostid_session_id

Shared state

Optional. The session ID.

OneSpan Auth Validate Event outbound data

Attribute name

Storage

Description

ostid_cronto_msg

Shared state

Visual code message

ostid_session_id

Shared state

The session ID

ostid_request_id

Shared state

The request ID

ostid_irm_response

Shared state

The OneSpan Risk Analytics response.

ostid_command

Shared state

The command

ostid_event_expiry_date

Shared state

The event expiration date.

OneSpan Auth Validate Event outbound data (Error case)

Attribute name

Storage

Description

ostid_error_message

Shared state

The error message

API references


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant