Login
    Contents x
    OneSpan Auth User Login (Node)
    • 25 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    Contents

    OneSpan Auth User Login (Node)

    • Updated on 25 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    Article summary

    Availability: OneSpan Authentication for ForgeRock 1.1.0 and later

    This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

    It invokes the User Login API (/users/{userID@domain}/login) to validate the end user’s login request. It then returns the result of the authentication attempt.

    For Intelligent Adaptive Authentication use cases, the request will further be validated by the risk analysis system. If the risk analysis requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

    Outcome paths:

    • Accept

    • Decline

    • Step Up

    • Error

    Properties

    OneSpan Auth User Login properties

    Property name

    Data type

    Description

    Object Type

    Enum

    Specifies the use case type.

    Possible values:

    • AdaptiveLoginInput. Use this value for Intelligent Adaptive Authentication use cases.

    • LoginInput. Use this value for OneSpan Cloud Authentication use cases.

    Default value: AdaptiveLoginInput

    Credentials Type

    Enum

    Only required if Object Type is set to LoginInput.

    Possible values:

    • fidoAuthenticator

    • authenticator

    • passkey

    • none

    Default value: none

    User Name In SharedState

    String

    Specifies the key name in the sharedState object to use as the IAA/OCA user name.

    Default value: username

    Password In TransientState

    String

    Specifies the key name in the transientState object to use as the IAA/OCA user password.

    Default value: password

    Optional Attributes

    Map<String,String>

    Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload.

    For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload.

    Default value: <empty>

    Orchestration Delivery

    Enum

    Specifies whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.

    Possible values:

    • pushNotification

    • requestMessage

    • both

    • none

    Default value: both

    Login Timeout

    int

    Specify the event expiration timeout in seconds. The priority is as follows:

    1. ForgeRock session expiry

    2. OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry

    3. Event expiry

    Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here.

    Default value: 60

    Visual Code Message

    Enum

    Specifies which visual code message will be used to render the visual code.

    For more information about using your own customized message format, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties).

    Possible values:

    • sessionID

    • requestID

    • none

    Default value: sessionID

    Data flow

    OneSpan Auth User Login inbound data

    Attribute name

    Source

    Description

    As specified in property

    Shared state

    User name

    As specified in property

    Shared state

    Optional. Other attributes.

    ostid_cddc_json

    Shared state

    CDDC JSON

    ostid_cddc_hash

    Shared state

    CDDC hash value

    ostid_cddc_ip

    Shared state

    CDDC client IP address

    ostid_session_id

    Shared state

    Optional. The IAA session ID.

    authenticationResponse

    Shared state

    Optional. The authentication response from the respective FIDO protocol.

    fidoProtocol

    Shared state

    Optional. The FIDO protocol used in the operation.

    OTP

    Shared state

    Optional. The one-time password (OTP) generated by the authenticator.

    As specified in property

    Transient state

    Password

    OneSpan Auth User Login outbound data

    Attribute name

    Storage

    Description

    ostid_cronto_msg

    Shared state

    Visual code message

    ostid_session_id

    Shared state

    The session ID

    ostid_request_id

    Shared state

    The request ID

    ostid_irm_response

    Shared state

    The OneSpan Risk Analytics response.

    ostid_command

    Shared state

    The command

    ostid_event_expiry_date

    Shared state

    The event expiration date.

    OneSpan Auth User Login outbound data (Error case)

    Attribute name

    Storage

    Description

    ostid_error_message

    Shared state

    The error message

    API references

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant