OneSpan Auth Validate Transaction (Node)
  • 25 Oct 2024
  • 3 Minutes à lire
  • Sombre
    Lumière

OneSpan Auth Validate Transaction (Node)

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Availability: OneSpan Authentication for ForgeRock 1.1.0 and later

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the Transaction Service API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Authentication service and returns the result.

For Intelligent Adaptive Authentication use cases, it further validates the request against the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

Outcome paths:

  • Accept

  • Decline

  • Step Up

  • Error

Properties

OneSpan Auth Validate Transaction properties

Property name

Data type

Description

Object Type

Enum

Specifies the event type.

Possible values:

  • AdaptiveTransactionValidationInput. Use this value for Intelligent Adaptive Authentication use cases.

  • TransactionValidationInput. Use this value for OneSpan Cloud Authentication use cases.

Default value: AdaptiveTransactionValidationInput

User Name In SharedState

String

Specifies the key name in the sharedState object to use as the IAA/OCA user name.

Default value: username

Data To Sign

Enum

Specifies the kind of data to validate and sign.

Possible values:

  • fido. Use this value for OneSpan Cloud Authentication use cases.

  • standard. Use this value for OneSpan Cloud Authentication use cases.

  • secureChannel. Use this value for OneSpan Cloud Authentication use cases.

  • transactionMessage. Use this value for Intelligent Adaptive Authentication use cases.

Default value: transactionMessage

Standard Data Fields

List<String>

If Data To Sign is set to standard, the signature is generated for a sorted list of data fields stored in the sharedState object. This list specifies the key names.

Default value: ["sourceAccount","destinationAccount","amountToTransfer"]

Signature In SharedState

String

If Data To Sign is set to standard or secureChannel, the users are prompted for a signature generated by their authenticators. You need to store the generated signature in the sharedState object. This property specifies the key name.

Default value: signature

Fido Attributes

Map<String,String>

If Data To Sign is set to fido, users are prompted for the FIDO protocol (fidoProtocol), i.e. UAF11 or FIDO2, and the authenticator response (authenticationResponse).

You need to store these values in the sharedState object. This map contains key/value pairs, where the key specifies the JSON attribute name and the value specifies the shared state attribute name.

Default value:

{

"fidoProtocol": "fidoProtocol" ,

"authenticationResponse": "authenticationResponse"

}

Adaptive Attributes

Map<String,String>

If Data To Sign is set to transactionMessage, this map contains additional mandatory attributes, e.g. accountRef, amount, currency, transactionType, etc.

This map contains key/value pairs, where the key specifies the API field names and the value specifies the shared state attribute names used to store the actual values.

Default value:

{

"accountRef": "accountRef" ,

"amount": "amount",

"currency": "currency",

"transactionType": "transactionType",

"creditorBank": "creditorBank",

"creditorIBAN": "creditorIBAN",

"creditorName": "creditorName",

"debtorIBAN": "debtorIBAN",

}

Adaptive Data Fields

Map<String,String>

If Data To Sign is set to transactionMessage, you can pass additional data to be displayed in the mobile app.

This map contains key/value pairs, where the key specifies the API field names and the value specifies the shared state attribute names used to store the actual values.

Default value: <empty>

Optional Attributes

Map<String,String>

Specifies a key/value map to keep additional optional attributes like user email, user phone number, etc. The key represents the key name in the sharedState object. The value represents the key that will be additionally added to the API payload.

For example, for a key/value pair "emailAddressInSharedState":"emailAddress", the node will look for the emailAddressInSharedState key in the sharedState object and add "emailAddress":"valueInSharedState" to the API payload.

Default value: <empty>

Orchestration Delivery

Enum

Specifies whether a push notification should be sent, and/or if the orchestration command should be included in the response requestMessage.

Possible values:

  • pushNotification

  • requestMessage

  • both

  • none

Default value: both

Validation Timeout

int

Specify the event validation timeout in seconds. The priority is as follows:

  1. ForgeRock session expiry

  2. OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry

  3. Event validation expiry

Make sure the ForgeRock session expiry and the OneSpan Intelligent Adaptive Authentication/OneSpan Cloud Authentication session expiry are not shorter than the value specified here.

Default value: 60

Visual Code Message

Enum

Specifies which visual code message will be used to render the visual code.

For more information about using your own customized message format, refer to the Message Options property of the OneSpan Auth Visual Code node (see OneSpan Auth Visual Code properties).

Possible values:

  • sessionID

  • requestID

  • none

Default value: sessionID

Data flow

OneSpan Auth Validate Transaction inbound data

Attribute name

Source

Description

As specified in property

Shared state

User name

ostid_cddc_json

Shared state

CDDC JSON

ostid_cddc_hash

Shared state

CDDC hash value

ostid_cddc_ip

Shared state

CDDC client IP address

As specified in property

Shared state

Optional. Standard data fields.

As specified in property

Shared state

Optional. Generated signature.

As specified in property

Shared state

Optional. FIDO attributes.

As specified in property

Shared state

Optional. Adaptive attributes.

As specified in property

Shared state

Optional. Adaptive data fields.

As specified in property

Shared state

Optional. Other attributes.

ostid_session_id

Shared state

Optional. The IAA session ID.

OneSpan Auth Validate Transaction outbound data

Attribute name

Storage

Description

ostid_cronto_msg

Shared state

Visual code message

ostid_session_id

Shared state

The session ID

ostid_request_id

Shared state

The request ID

ostid_irm_response

Shared state

The OneSpan Risk Analytics response.

ostid_command

Shared state

The command

ostid_event_expiry_date

Shared state

The validation expiration date.

OneSpan Auth Validate Transaction outbound data (Error case)

Attribute name

Storage

Description

ostid_error_message

Shared state

The error message

API references


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle